((OriginalFileName:net.exe OR OriginalFileName:net1.exe OR OriginalFileName:PowerShell_ISE.EXE OR OriginalFileName:PowerShell.EXE OR OriginalFileName:psservice.exe OR OriginalFileName:pwsh.dll OR OriginalFileName:sc.exe OR OriginalFileName:wmic.exe) OR (Image:\\net.exe OR Image:\\net1.exe OR Image:\\PowerShell_ISE.EXE OR Image:\\powershell.exe OR Image:\\PsService.exe OR Image:\\PsService64.exe OR Image:\\pwsh.exe OR Image:\\sc.exe OR Image:\\wmic.exe)) ((CommandLine:\ delete\ * OR CommandLine:.delete\(\)* OR CommandLine:\ pause\ * OR CommandLine:\ stop\ * OR CommandLine:Stop\-Service\ * OR CommandLine:Remove\-Service\ *) OR (CommandLine:config* CommandLine:start=disabled*)) (CommandLine:143Svc* OR CommandLine:Acronis\ VSS\ Provider* OR CommandLine:AcronisAgent* OR CommandLine:AcrSch2Svc* OR CommandLine:AdobeARMservice* OR CommandLine:AHS\ Service* OR CommandLine:Antivirus* OR CommandLine:Apache4* OR CommandLine:ARSM* OR CommandLine:aswBcc* OR CommandLine:AteraAgent* OR CommandLine:Avast\ Business\ Console\ Client\ Antivirus\ Service* OR CommandLine:avast\!\ Antivirus* OR CommandLine:AVG\ Antivirus* OR CommandLine:avgAdminClient* OR CommandLine:AvgAdminServer* OR CommandLine:AVP1* OR CommandLine:BackupExec* OR CommandLine:bedbg* OR CommandLine:BITS* OR CommandLine:BrokerInfrastructure* OR CommandLine:CASLicenceServer* OR CommandLine:CASWebServer* OR CommandLine:Client\ Agent\ 7.60* OR CommandLine:Core\ Browsing\ Protection* OR CommandLine:Core\ Mail\ Protection* OR CommandLine:Core\ Scanning\ Server* OR CommandLine:DCAgent* OR CommandLine:dwmrcs* OR CommandLine:EhttpSr* OR CommandLine:ekrn* OR CommandLine:Enterprise\ Client\ Service* OR CommandLine:epag* OR CommandLine:EPIntegrationService* OR CommandLine:EPProtectedService* OR CommandLine:EPRedline* OR CommandLine:EPSecurityService* OR CommandLine:EPUpdateService* OR CommandLine:EraserSvc11710* OR CommandLine:EsgShKernel* OR CommandLine:ESHASRV* OR CommandLine:FA_Scheduler* OR CommandLine:FirebirdGuardianDefaultInstance* OR CommandLine:FirebirdServerDefaultInstance* OR CommandLine:FontCache3.0.0.0* OR CommandLine:HealthTLService* OR CommandLine:hmpalertsvc* OR CommandLine:HMS* OR CommandLine:HostControllerService* OR CommandLine:hvdsvc* OR CommandLine:IAStorDataMgrSvc* OR CommandLine:IBMHPS* OR CommandLine:ibmspsvc* OR CommandLine:IISAdmin* OR CommandLine:IMANSVC* OR CommandLine:IMAP4Svc* OR CommandLine:instance2* OR CommandLine:KAVFS* OR CommandLine:KAVFSGT* OR CommandLine:kavfsslp* OR CommandLine:KeyIso* OR CommandLine:klbackupdisk* OR CommandLine:klbackupflt* OR CommandLine:klflt* OR CommandLine:klhk* OR CommandLine:KLIF* OR CommandLine:klim6* OR CommandLine:klkbdflt* OR CommandLine:klmouflt* OR CommandLine:klnagent* OR CommandLine:klpd* OR CommandLine:kltap* OR CommandLine:KSDE1.0.0* OR CommandLine:LogProcessorService* OR CommandLine:M8EndpointAgent* OR CommandLine:macmnsvc* OR CommandLine:masvc* OR CommandLine:MBAMService* OR CommandLine:MBCloudEA* OR CommandLine:MBEndpointAgent* OR CommandLine:McAfeeDLPAgentService* OR CommandLine:McAfeeEngineService* OR CommandLine:MCAFEEEVENTPARSERSRV* OR CommandLine:McAfeeFramework* OR CommandLine:MCAFEETOMCATSRV530* OR CommandLine:McShield* OR CommandLine:McTaskManager* OR CommandLine:mfefire* OR CommandLine:mfemms* OR CommandLine:mfevto* OR CommandLine:mfevtp* OR CommandLine:mfewc* OR CommandLine:MMS* OR CommandLine:mozyprobackup* OR CommandLine:mpssvc* OR CommandLine:MSComplianceAudit* OR CommandLine:MSDTC* OR CommandLine:MsDtsServer* OR CommandLine:MSExchange* OR CommandLine:msftesq1SPROO* OR CommandLine:msftesql$PROD* OR CommandLine:msftesql$SQLEXPRESS* OR CommandLine:MSOLAP$SQL_2008* OR CommandLine:MSOLAP$SYSTEM_BGC* OR CommandLine:MSOLAP$TPS* OR CommandLine:MSOLAP$TPSAMA* OR CommandLine:MSOLAPSTPS* OR CommandLine:MSOLAPSTPSAMA* OR CommandLine:mssecflt* OR CommandLine:MSSQ\!I.SPROFXENGAGEMEHT* OR CommandLine:MSSQ0SHAREPOINT* OR CommandLine:MSSQ0SOPHOS* OR CommandLine:MSSQL* OR CommandLine:MSSQLFDLauncher$* OR CommandLine:MySQL* OR CommandLine:NanoServiceMain* OR CommandLine:NetMsmqActivator* OR CommandLine:NetPipeActivator* OR CommandLine:netprofm* OR CommandLine:NetTcpActivator* OR CommandLine:NetTcpPortSharing* OR CommandLine:ntrtscan* OR CommandLine:nvspwmi* OR CommandLine:ofcservice* OR CommandLine:Online\ Protection\ System* OR CommandLine:OracleClientCache80* OR CommandLine:OracleDBConsole* OR CommandLine:OracleMTSRecoveryService* OR CommandLine:OracleOraDb11g_home1* OR CommandLine:OracleService* OR CommandLine:OracleVssWriter* OR CommandLine:osppsvc* OR CommandLine:PandaAetherAgent* OR CommandLine:PccNTUpd* OR CommandLine:PDVFSService* OR CommandLine:POP3Svc* OR CommandLine:postgresql\-x64\-9.4* OR CommandLine:POVFSService* OR CommandLine:PSUAService* OR CommandLine:Quick\ Update\ Service* OR CommandLine:RepairService* OR CommandLine:ReportServer* OR CommandLine:ReportServer$* OR CommandLine:RESvc* OR CommandLine:RpcEptMapper* OR CommandLine:sacsvr* OR CommandLine:SamSs* OR CommandLine:SAVAdminService* OR CommandLine:SAVService* OR CommandLine:ScSecSvc* OR CommandLine:SDRSVC* OR CommandLine:SearchExchangeTracing* OR CommandLine:sense* OR CommandLine:SentinelAgent* OR CommandLine:SentinelHelperService* OR CommandLine:SepMasterService* OR CommandLine:ShMonitor* OR CommandLine:Smcinst* OR CommandLine:SmcService* OR CommandLine:SMTPSvc* OR CommandLine:SNAC* OR CommandLine:SntpService* OR CommandLine:Sophos* OR CommandLine:SQ1SafeOLRService* OR CommandLine:SQL\ Backups* OR CommandLine:SQL\ Server* OR CommandLine:SQLAgent* OR CommandLine:SQLANYs_Sage_FAS_Fixed_Assets* OR CommandLine:SQLBrowser* OR CommandLine:SQLsafe* OR CommandLine:SQLSERVERAGENT* OR CommandLine:SQLTELEMETRY* OR CommandLine:SQLWriter* OR CommandLine:SSISTELEMETRY130* OR CommandLine:SstpSvc* OR CommandLine:storflt* OR CommandLine:svcGenericHost* OR CommandLine:swc_service* OR CommandLine:swi_filter* OR CommandLine:swi_service* OR CommandLine:swi_update* OR CommandLine:Symantec* OR CommandLine:sysmon* OR CommandLine:TeamViewer* OR CommandLine:Telemetryserver* OR CommandLine:ThreatLockerService* OR CommandLine:TMBMServer* OR CommandLine:TmCCSF* OR CommandLine:TmFilter* OR CommandLine:TMiCRCScanService* OR CommandLine:tmlisten* OR CommandLine:TMLWCSService* OR CommandLine:TmPfw* OR CommandLine:TmPreFilter* OR CommandLine:TmProxy* OR CommandLine:TMSmartRelayService* OR CommandLine:tmusa* OR CommandLine:Tomcat* OR CommandLine:Trend\ Micro\ Deep\ Security\ Manager* OR CommandLine:TrueKey* OR CommandLine:UFNet* OR CommandLine:UI0Detect* OR CommandLine:UniFi* OR CommandLine:UTODetect* OR CommandLine:vds* OR CommandLine:Veeam* OR CommandLine:VeeamDeploySvc* OR CommandLine:Veritas\ System\ Recovery* OR CommandLine:vmic* OR CommandLine:VMTools* OR CommandLine:vmvss* OR CommandLine:VSApiNt* OR CommandLine:VSS* OR CommandLine:W3Svc* OR CommandLine:wbengine* OR CommandLine:WdNisSvc* OR CommandLine:WeanClOudSve* OR CommandLine:Weems\ JY* OR CommandLine:WinDefend* OR CommandLine:wmms* OR CommandLine:wozyprobackup* OR CommandLine:WPFFontCache_v0400* OR CommandLine:WRSVC* OR CommandLine:wsbexchange* OR CommandLine:WSearch* OR CommandLine:wscsvc* OR CommandLine:Zoolz\ 2\ Service*)