API tools faq
paste
Guest User

Untitled

a guest
Dec 2nd, 2023
736
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.63 KB | None | 0 0
raw download clone embed print report
  1. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: appvlp.exe" -Program "%programfiles%\Microsoft Office\root\client\AppVLP.exe" -Direction Outbound -Action Block
  2. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: appvlp.exe" -Program "%programfiles(x86)%\Microsoft Office\root\client\AppVLP.exe" -Direction Outbound -Action Block
  3. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: At.exe" -Program "%SystemRoot%\System32\At.exe" -Direction Outbound -Action Block
  4. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: At.exe" -Program "%SystemRoot%\SysWOW64\At.exe" -Direction Outbound -Action Block
  5. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Attrib.exe" -Program "%SystemRoot%\System32\Attrib.exe" -Direction Outbound -Action Block
  6. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Attrib.exe" -Program "%SystemRoot%\SysWOW64\Attrib.exe" -Direction Outbound -Action Block
  7. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Atbroker.exe" -Program "%SystemRoot%\System32\Atbroker.exe" -Direction Outbound -Action Block
  8. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Atbroker.exe" -Program "%SystemRoot%\SysWOW64\Atbroker.exe" -Direction Outbound -Action Block
  9. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bash.exe" -Program "%SystemRoot%\System32\bash.exe" -Direction Outbound -Action Block
  10. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bash.exe" -Program "%SystemRoot%\SysWOW64\bash.exe" -Direction Outbound -Action Block
  11. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bitsadmin.exe" -Program "%SystemRoot%\System32\bitsadmin.exe" -Direction Outbound -Action Block
  12. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: bitsadmin.exe" -Program "%SystemRoot%\SysWOW64\bitsadmin.exe" -Direction Outbound -Action Block
  13. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: calc.exe" -Program "%SystemRoot%\System32\calc.exe" -Direction Outbound -Action Block
  14. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: calc.exe" -Program "%SystemRoot%\SysWOW64\calc.exe" -Direction Outbound -Action Block
  15. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certreq.exe" -Program "%SystemRoot%\System32\certreq.exe" -Direction Outbound -Action Block
  16. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certreq.exe" -Program "%SystemRoot%\SysWOW64\certreq.exe" -Direction Outbound -Action Block
  17. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certutil.exe" -Program "%SystemRoot%\System32\certutil.exe" -Direction Outbound -Action Block
  18. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: certutil.exe" -Program "%SystemRoot%\SysWOW64\certutil.exe" -Direction Outbound -Action Block
  19. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmdkey.exe" -Program "%SystemRoot%\System32\cmdkey.exe" -Direction Outbound -Action Block
  20. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmdkey.exe" -Program "%SystemRoot%\SysWOW64\cmdkey.exe" -Direction Outbound -Action Block
  21. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmstp.exe" -Program "%SystemRoot%\System32\cmstp.exe" -Direction Outbound -Action Block
  22. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cmstp.exe" -Program "%SystemRoot%\SysWOW64\cmstp.exe" -Direction Outbound -Action Block
  23. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: CompatTelRunner.exe" -Program "%SystemRoot%\System32\CompatTelRunner.exe" -Direction Outbound -Action Block
  24. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: CompatTelRunner.exe" -Program "%SystemRoot%\SysWOW64\CompatTelRunner.exe" -Direction Outbound -Action Block
  25. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: control.exe" -Program "%SystemRoot%\System32\control.exe" -Direction Outbound -Action Block
  26. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: control.exe" -Program "%SystemRoot%\SysWOW64\control.exe" -Direction Outbound -Action Block
  27. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Csc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Csc.exe" -Direction Outbound -Action Block
  28. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Csc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Csc.exe" -Direction Outbound -Action Block
  29. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cscript.exe" -Program "%SystemRoot%\System32\cscript.exe" -Direction Outbound -Action Block
  30. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: cscript.exe" -Program "%SystemRoot%\SysWOW64\cscript.exe" -Direction Outbound -Action Block
  31. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ctfmon.exe" -Program "%SystemRoot%\System32\ctfmon.exe" -Direction Outbound -Action Block
  32. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ctfmon.exe" -Program "%SystemRoot%\SysWOW64\ctfmon.exe" -Direction Outbound -Action Block
  33. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: curl.exe" -Program "%SystemRoot%\System32\curl.exe" -Direction Outbound -Action Block
  34. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: curl.exe" -Program "%SystemRoot%\SysWOW64\curl.exe" -Direction Outbound -Action Block
  35. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: desktopimgdownldr.exe" -Program "%SystemRoot%\System32\desktopimgdownldr.exe" -Direction Outbound -Action Block
  36. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: DeviceDisplayObjectProvider.exe" -Program "%SystemRoot%\System32\DeviceDisplayObjectProvider.exe" -Direction Outbound -Action Block
  37. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: DeviceDisplayObjectProvider.exe" -Program "%SystemRoot%\SysWOW64\DeviceDisplayObjectProvider.exe" -Direction Outbound -Action Block
  38. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dfsvc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Dfsvc.exe" -Direction Outbound -Action Block
  39. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dfsvc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Dfsvc.exe" -Direction Outbound -Action Block
  40. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: diskshadow.exe" -Program "%SystemRoot%\SysWOW64\diskshadow.exe" -Direction Outbound -Action Block
  41. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: diskshadow.exe" -Program "%SystemRoot%\System32\diskshadow.exe" -Direction Outbound -Action Block
  42. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dnscmd.exe" -Program "%SystemRoot%\SysWOW64\Dnscmd.exe" -Direction Outbound -Action Block
  43. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Dnscmd.exe" -Program "%SystemRoot%\System32\Dnscmd.exe" -Direction Outbound -Action Block
  44. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: dwm.exe" -Program "%SystemRoot%\SysWOW64\dwm.exe" -Direction Outbound -Action Block
  45. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: dwm.exe" -Program "%SystemRoot%\System32\dwm.exe" -Direction Outbound -Action Block
  46. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
  47. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\System32\eventvwr.exe" -Direction Outbound -Action Block
  48. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: esentutl.exe" -Program "%SystemRoot%\SysWOW64\esentutl.exe" -Direction Outbound -Action Block
  49. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: esentutl.exe" -Program "%SystemRoot%\System32\esentutl.exe" -Direction Outbound -Action Block
  50. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
  51. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: eventvwr.exe" -Program "%SystemRoot%\SysWOW64\eventvwr.exe" -Direction Outbound -Action Block
  52. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Expand.exe" -Program "%SystemRoot%\System32\Expand.exe" -Direction Outbound -Action Block
  53. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Expand.exe" -Program "%SystemRoot%\SysWOW64\Expand.exe" -Direction Outbound -Action Block
  54. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: explorer.exe" -Program "%SystemRoot%\System32\explorer.exe" -Direction Outbound -Action Block
  55. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: explorer.exe" -Program "%SystemRoot%\SysWOW64\explorer.exe" -Direction Outbound -Action Block
  56. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Extexport.exe" -Program "%programfiles%\Internet Explorer\Extexport.exe" -Direction Outbound -Action Block
  57. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Extexport.exe" -Program "%programfiles(x86)%\Internet Explorer\Extexport.exe" -Direction Outbound -Action Block
  58. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: extrac32.exe" -Program "%SystemRoot%\System32\extrac32.exe" -Direction Outbound -Action Block
  59. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: extrac32.exe" -Program "%SystemRoot%\SysWOW64\extrac32.exe" -Direction Outbound -Action Block
  60. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: findstr.exe" -Program "%SystemRoot%\System32\findstr.exe" -Direction Outbound -Action Block
  61. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: findstr.exe" -Program "%SystemRoot%\SysWOW64\findstr.exe" -Direction Outbound -Action Block
  62. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: forfiles.exe" -Program "%SystemRoot%\System32\forfiles.exe" -Direction Outbound -Action Block
  63. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: forfiles.exe" -Program "%SystemRoot%\SysWOW64\forfiles.exe" -Direction Outbound -Action Block
  64. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ftp.exe" -Program "%SystemRoot%\System32\ftp.exe" -Direction Outbound -Action Block
  65. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ftp.exe" -Program "%SystemRoot%\SysWOW64\ftp.exe" -Direction Outbound -Action Block
  66. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: gpscript.exe" -Program "%SystemRoot%\System32\gpscript.exe" -Direction Outbound -Action Block
  67. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: gpscript.exe" -Program "%SystemRoot%\SysWOW64\gpscript.exe" -Direction Outbound -Action Block
  68. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: hh.exe" -Program "%SystemRoot%\System32\hh.exe" -Direction Outbound -Action Block
  69. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: hh.exe" -Program "%SystemRoot%\SysWOW64\hh.exe" -Direction Outbound -Action Block
  70. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ie4uinit.exe" -Program "%SystemRoot%\System32\ie4uinit.exe" -Direction Outbound -Action Block
  71. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ie4uinit.exe" -Program "%SystemRoot%\SysWOW64\ie4uinit.exe" -Direction Outbound -Action Block
  72. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ieexec.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\ieexec.exe" -Direction Outbound -Action Block
  73. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ieexec.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe" -Direction Outbound -Action Block
  74. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ilasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" -Direction Outbound -Action Block
  75. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ilasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" -Direction Outbound -Action Block
  76. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Infdefaultinstall.exe" -Program "%SystemRoot%\System32\Infdefaultinstall.exe" -Direction Outbound -Action Block
  77. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Infdefaultinstall.exe" -Program "%SystemRoot%\SysWOW64\Infdefaultinstall.exe" -Direction Outbound -Action Block
  78. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" -Direction Outbound -Action Block
  79. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" -Direction Outbound -Action Block
  80. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" -Direction Outbound -Action Block
  81. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: InstallUtil.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" -Direction Outbound -Action Block
  82. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Jsc.exe" -Direction Outbound -Action Block
  83. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Jsc.exe" -Direction Outbound -Action Block
  84. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Jsc.exe" -Direction Outbound -Action Block
  85. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Jsc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Jsc.exe" -Direction Outbound -Action Block
  86. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: lsass.exe" -Program "%SystemRoot%\System32\lsass.exe" -Direction Outbound -Action Block
  87. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: lsass.exe" -Program "%SystemRoot%\SysWOW64\lsass.exe" -Direction Outbound -Action Block
  88. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: makecab.exe" -Program "%SystemRoot%\System32\makecab.exe" -Direction Outbound -Action Block
  89. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: makecab.exe" -Program "%SystemRoot%\SysWOW64\makecab.exe" -Direction Outbound -Action Block
  90. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mavinject.exe" -Program "%SystemRoot%\System32\mavinject.exe" -Direction Outbound -Action Block
  91. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mavinject.exe" -Program "%SystemRoot%\SysWOW64\mavinject.exe" -Direction Outbound -Action Block
  92. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Microsoft.Workflow.Compiler.exe" -Program "%SystemRoot%\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" -Direction Outbound -Action Block
  93. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mmc.exe" -Program "%SystemRoot%\SysWOW64\mmc.exe" -Direction Outbound -Action Block
  94. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mmc.exe" -Program "%SystemRoot%\System32\mmc.exe" -Direction Outbound -Action Block
  95. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Msbuild.exe" -Direction Outbound -Action Block
  96. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Msbuild.exe" -Direction Outbound -Action Block
  97. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v3.5\Msbuild.exe" -Direction Outbound -Action Block
  98. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v3.5\Msbuild.exe" -Direction Outbound -Action Block
  99. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe" -Direction Outbound -Action Block
  100. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msbuild.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Msbuild.exe" -Direction Outbound -Action Block
  101. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msconfig.exe" -Program "%SystemRoot%\System32\msconfig.exe" -Direction Outbound -Action Block
  102. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msdt.exe" -Program "%SystemRoot%\System32\Msdt.exe" -Direction Outbound -Action Block
  103. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Msdt.exe" -Program "%SystemRoot%\SysWOW64\Msdt.exe" -Direction Outbound -Action Block
  104. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mshta.exe" -Program "%SystemRoot%\System32\mshta.exe" -Direction Outbound -Action Block
  105. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: mshta.exe" -Program "%SystemRoot%\SysWOW64\mshta.exe" -Direction Outbound -Action Block
  106. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msiexec.exe" -Program "%SystemRoot%\System32\msiexec.exe" -Direction Outbound -Action Block
  107. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: msiexec.exe" -Program "%SystemRoot%\SysWOW64\msiexec.exe" -Direction Outbound -Action Block
  108. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Netsh.exe" -Program "%SystemRoot%\System32\Netsh.exe" -Direction Outbound -Action Block
  109. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Netsh.exe" -Program "%SystemRoot%\SysWOW64\Netsh.exe" -Direction Outbound -Action Block
  110. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: notepad.exe" -Program "%SystemRoot%\system32\notepad.exe" -Direction Outbound -Action Block
  111. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: notepad.exe " -Program "%SystemRoot%\SysWOW64\notepad.exe" -Direction Outbound -Action Block
  112. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: odbcconf.exe" -Program "%SystemRoot%\System32\odbcconf.exe" -Direction Outbound -Action Block
  113. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: odbcconf.exe" -Program "%SystemRoot%\SysWOW64\odbcconf.exe" -Direction Outbound -Action Block
  114. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcalua.exe" -Program "%SystemRoot%\System32\pcalua.exe" -Direction Outbound -Action Block
  115. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcalua.exe" -Program "%SystemRoot%\SysWOW64\pcalua.exe" -Direction Outbound -Action Block
  116. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcwrun.exe" -Program "%SystemRoot%\System32\pcwrun.exe" -Direction Outbound -Action Block
  117. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pcwrun.exe" -Program "%SystemRoot%\SysWOW64\pcwrun.exe" -Direction Outbound -Action Block
  118. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pktmon.exe" -Program "%SystemRoot%\System32\pktmon.exe" -Direction Outbound -Action Block
  119. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: pktmon.exe" -Program "%SystemRoot%\SysWOW64\pktmon.exe" -Direction Outbound -Action Block
  120. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell.exe" -Program "%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -Direction Outbound -Action Block
  121. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell.exe" -Program "%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Direction Outbound -Action Block
  122. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell_ise.exe" -Program "%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe" -Direction Outbound -Action Block
  123. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: powershell_ise.exe" -Program "%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe" -Direction Outbound -Action Block
  124. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Presentationhost.exe" -Program "%SystemRoot%\System32\Presentationhost.exe" -Direction Outbound -Action Block
  125. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Presentationhost.exe" -Program "%SystemRoot%\SysWOW64\Presentationhost.exe" -Direction Outbound -Action Block
  126. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: psr.exe" -Program "%SystemRoot%\System32\psr.exe" -Direction Outbound -Action Block
  127. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: psr.exe" -Program "%SystemRoot%\SysWOW64\psr.exe" -Direction Outbound -Action Block
  128. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rasautou.exe" -Program "%SystemRoot%\System32\rasautou.exe" -Direction Outbound -Action Block
  129. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rasautou.exe" -Program "%SystemRoot%\SysWOW64\rasautou.exe" -Direction Outbound -Action Block
  130. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: reg.exe" -Program "%SystemRoot%\System32\reg.exe" -Direction Outbound -Action Block
  131. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: reg.exe" -Program "%SystemRoot%\SysWOW64\reg.exe" -Direction Outbound -Action Block
  132. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\regasm.exe" -Direction Outbound -Action Block
  133. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\regasm.exe" -Direction Outbound -Action Block
  134. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\regasm.exe" -Direction Outbound -Action Block
  135. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regasm.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\regasm.exe" -Direction Outbound -Action Block
  136. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regedit.exe" -Program "%SystemRoot%\System32\regedit.exe" -Direction Outbound -Action Block
  137. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regedit.exe" -Program "%SystemRoot%\SysWOW64\regedit.exe" -Direction Outbound -Action Block
  138. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regini.exe" -Program "%SystemRoot%\System32\regini.exe" -Direction Outbound -Action Block
  139. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regini.exe" -Program "%SystemRoot%\SysWOW64\regini.exe" -Direction Outbound -Action Block
  140. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Register-cimprovider.exe" -Program "%SystemRoot%\System32\Register-cimprovider.exe" -Direction Outbound -Action Block
  141. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: Register-cimprovider.exe" -Program "%SystemRoot%\SysWOW64\Register-cimprovider.exe" -Direction Outbound -Action Block
  142. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvcs.exe" -Program "%SystemRoot%\System32\regsvcs.exe" -Direction Outbound -Action Block
  143. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvcs.exe" -Program "%SystemRoot%\SysWOW64\regsvcs.exe" -Direction Outbound -Action Block
  144. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvr32.exe" -Program "%SystemRoot%\System32\regsvr32.exe" -Direction Outbound -Action Block
  145. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: regsvr32.exe" -Program "%SystemRoot%\SysWOW64\regsvr32.exe" -Direction Outbound -Action Block
  146. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: replace.exe" -Program "%SystemRoot%\System32\replace.exe" -Direction Outbound -Action Block
  147. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: replace.exe" -Program "%SystemRoot%\SysWOW64\replace.exe" -Direction Outbound -Action Block
  148. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rpcping.exe" -Program "%SystemRoot%\System32\rpcping.exe" -Direction Outbound -Action Block
  149. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rpcping.exe" -Program "%SystemRoot%\SysWOW64\rpcping.exe" -Direction Outbound -Action Block
  150. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rundll32.exe" -Program "%SystemRoot%\System32\rundll32.exe" -Direction Outbound -Action Block
  151. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: rundll32.exe" -Program "%SystemRoot%\SysWOW64\rundll32.exe" -Direction Outbound -Action Block
  152. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: runonce.exe" -Program "%SystemRoot%\System32\runonce.exe" -Direction Outbound -Action Block
  153. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: runonce.exe" -Program "%SystemRoot%\SysWOW64\runonce.exe" -Direction Outbound -Action Block
  154. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: services.exe" -Program "%SystemRoot%\System32\services.exe" -Direction Outbound -Action Block
  155. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: services.exe" -Program "%SystemRoot%\SysWOW64\services.exe" -Direction Outbound -Action Block
  156. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: sc.exe" -Program "%SystemRoot%\System32\sc.exe" -Direction Outbound -Action Block
  157. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: sc.exe" -Program "%SystemRoot%\SysWOW64\sc.exe" -Direction Outbound -Action Block
  158. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: schtasks.exe" -Program "%SystemRoot%\System32\schtasks.exe" -Direction Outbound -Action Block
  159. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: schtasks.exe" -Program "%SystemRoot%\SysWOW64\schtasks.exe" -Direction Outbound -Action Block
  160. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: scriptrunner.exe" -Program "%SystemRoot%\System32\scriptrunner.exe" -Direction Outbound -Action Block
  161. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: scriptrunner.exe" -Program "%SystemRoot%\SysWOW64\scriptrunner.exe" -Direction Outbound -Action Block
  162. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: SyncAppvPublishingServer.exe" -Program "%SystemRoot%\System32\SyncAppvPublishingServer.exe" -Direction Outbound -Action Block
  163. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: SyncAppvPublishingServer.exe" -Program "%SystemRoot%\SysWOW64\SyncAppvPublishingServer.exe" -Direction Outbound -Action Block
  164. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: telnet.exe" -Program "%SystemRoot%\System32\telnet.exe" -Direction Outbound -Action Block
  165. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: telnet.exe" -Program "%SystemRoot%\SysWOW64\telnet.exe" -Direction Outbound -Action Block
  166. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tftp.exe" -Program "%SystemRoot%\System32\tftp.exe" -Direction Outbound -Action Block
  167. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tftp.exe" -Program "%SystemRoot%\SysWOW64\tftp.exe" -Direction Outbound -Action Block
  168. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ttdinject.exe" -Program "%SystemRoot%\System32\ttdinject.exe" -Direction Outbound -Action Block
  169. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: ttdinject.exe" -Program "%SystemRoot%\SysWOW64\ttdinject.exe" -Direction Outbound -Action Block
  170. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tttracer.exe" -Program "%SystemRoot%\System32\tttracer.exe" -Direction Outbound -Action Block
  171. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: tttracer.exe" -Program "%SystemRoot%\SysWOW64\tttracer.exe" -Direction Outbound -Action Block
  172. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: vbc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" -Direction Outbound -Action Block
  173. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: vbc.exe" -Program "%SystemRoot%\Microsoft.NET\Framework64\v3.5\vbc.exe" -Direction Outbound -Action Block
  174. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: verclsid.exe" -Program "%SystemRoot%\System32\verclsid.exe" -Direction Outbound -Action Block
  175. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: verclsid.exe" -Program "%SystemRoot%\SysWOW64\verclsid.exe" -Direction Outbound -Action Block
  176. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wab.exe" -Program "%programfiles%\Windows Mail\wab.exe" -Direction Outbound -Action Block
  177. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wab.exe" -Program "%programfiles(x86)%\Windows Mail\wab.exe" -Direction Outbound -Action Block
  178. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\System32\WerFault.exe" -Direction Outbound -Action Block
  179. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\System32\WerFault.exe" -Direction Outbound -Action Block
  180. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\SysWOW64\WerFault.exe" -Direction Outbound -Action Block
  181. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: WerFault.exe" -Program "%SystemRoot%\SysWOW64\WerFault.exe" -Direction Outbound -Action Block
  182. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wininit.exe" -Program "%SystemRoot%\System32\wininit.exe" -Direction Outbound -Action Block
  183. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wininit.exe" -Program "%SystemRoot%\SysWOW64\wininit.exe" -Direction Outbound -Action Block
  184. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: winlogon.exe" -Program "%SystemRoot%\System32\winlogon.exe" -Direction Outbound -Action Block
  185. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: winlogon.exe" -Program "%SystemRoot%\SysWOW64\winlogon.exe" -Direction Outbound -Action Block
  186. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wmic.exe" -Program "%SystemRoot%\System32\wbem\wmic.exe" -Direction Outbound -Action Block
  187. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wmic.exe" -Program "%SystemRoot%\SysWOW64\wbem\wmic.exe" -Direction Outbound -Action Block
  188. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wordpad.exe" -Program "%programfiles%\windows nt\accessories\wordpad.exe" -Direction Outbound -Action Block
  189. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wordpad.exe" -Program "%programfiles(x86)%\windows nt\accessories\wordpad.exe" -Direction Outbound -Action Block
  190. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wscript.exe" -Program "%SystemRoot%\System32\wscript.exe" -Direction Outbound -Action Block
  191. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wscript.exe" -Program "%SystemRoot%\SysWOW64\wscript.exe" -Direction Outbound -Action Block
  192. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wsreset.exe" -Program "%SystemRoot%\System32\wsreset.exe" -Direction Outbound -Action Block
  193. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: wsreset.exe" -Program "%SystemRoot%\SysWOW64\wsreset.exe" -Direction Outbound -Action Block
  194. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: xwizard.exe" -Program "%SystemRoot%\System32\xwizard.exe" -Direction Outbound -Action Block
  195. New-NetFirewallRule -Group "LOLBAS" -DisplayName "LOLBAS rule for: xwizard.exe" -Program "%SystemRoot%\SysWOW64\xwizard.exe" -Direction Outbound -Action Block
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!