WMIC.exe wmic process get processid,parentprocessid,name,executablepath /format:csv
2268cmd.exe cmd.exe /c dir C:\
2784cacls.exe cacls.exe C:\ProgramData\DNTException /t /e /c /g Everyone:F
2832icacls.exe icacls.exe C:\ProgramData\DNTException /t /c /grant *S-1-1-0:(f)
2880attrib.exe attrib.exe +H C:\ProgramData\DNTException
2928attrib.exe attrib.exe +H C:\ProgramData\DNTException\node.exe
2972cacls.exe cacls.exe C:\ProgramData\Intel /t /e /c /g Everyone:F
2156icacls.exe icacls.exe C:\ProgramData\Intel /t /c /grant *S-1-1-0:(f)
2108attrib.exe attrib.exe +H C:\ProgramData\Intel
2296attrib.exe attrib.exe +H "C:\ProgramData\Intel\Intel(R) Management Engine Components"
2392attrib.exe attrib.exe +H "C:\ProgramData\Intel\Intel(R) Management Engine Components\Intel MEC 4206229241"
2232attrib.exe attrib.exe +H "C:\ProgramData\Intel\Intel(R) Management Engine Components\Intel MEC 3095983164"
2508reg.exe reg.exe query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2760reg.exe reg.exe add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Intel Management Engine Components 1150041058" /t REG_SZ /d "wscript.exe /t:30 /nologo /e:jscript \"C:\ProgramData\Intel\Intel(R) Management Engine Components\Intel MEC 3095983164\" \"C:\ProgramData\Intel\Intel(R) Management Engine Components\" 1581449722" /f
2056tasklist.exe tasklist /fo csv /nh
1228WMIC.exe wmic process get processid,parentprocessid,name,executablepath /format:csv
2900ipconfig.exe ipconfig.exe /all
3004ROUTE.EXE route.exe print
3032NETSTAT.EXE netstat.exe -ano
904systeminfo.exe systeminfo.exe /fo csv
2264reg.exe reg.exe query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}
1820reg.exe reg.exe query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
2896