taskkill.exe taskkill /f /im tftp.exe
2716tftp.exe "C:\Users\test22\AppData\Local\Temp\tftp.exe"
2864taskkill.exe taskkill /f /im tftp.exe
940tftp.exe "C:\Users\test22\AppData\Local\Temp\tftp.exe"
152cmd.exe "C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
2212reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
2688cmd.exe "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe"
2240schtasks.exe schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe"
2732cmd.exe "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe"
2448schtasks.exe schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\test22\AppData\Roaming\NsMiner\IMG001.exe"
2704cmd.exe "C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
2548powercfg.exe powercfg /CHANGE -standby-timeout-ac 0
1080powercfg.exe powercfg /CHANGE -hibernate-timeout-ac 0
504powercfg.exe Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
1456explorer.exe C:\Windows\Explorer.EXE
1452