154100x8000000000000000180403Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:47.955{5ab40fd1-c5e3-68ef-6f4e-000000003a02}7968C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c5e3-68ef-6d4e-000000003a02}6164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $trueAR-WIN-1\Administrator 154100x8000000000000000180402Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:47.881{5ab40fd1-c5e3-68ef-6e4e-000000003a02}6336C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c5e3-68ef-6d4e-000000003a02}6164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $trueAR-WIN-1\Administrator 154100x8000000000000000180400Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:47.408{5ab40fd1-c5e3-68ef-6d4e-000000003a02}6164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $trueC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c5e3-68ef-6c4e-000000003a02}4420C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true"AR-WIN-1\Administrator 154100x8000000000000000180399Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:47.396{5ab40fd1-c5e3-68ef-6c4e-000000003a02}4420C:\Windows\System32\cmd.exe10.0.20348.3932 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8903A3381FBB033A45F5C2C50C175C54,SHA256=F7C237A49B96FD77C047910E13F24AAC4678A0F94BABDB06643DBA63F38D48E5,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 154100x8000000000000000180398Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:39.722{5ab40fd1-c5db-68ef-6b4e-000000003a02}4476C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c5db-68ef-6a4e-000000003a02}8496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring TrueAR-WIN-1\Administrator 154100x8000000000000000180396Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:39.272{5ab40fd1-c5db-68ef-6a4e-000000003a02}8496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring TrueC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c5db-68ef-694e-000000003a02}2584C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True " exitAR-WIN-1\Administrator 154100x8000000000000000180395Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:03:39.261{5ab40fd1-c5db-68ef-694e-000000003a02}2584C:\Windows\System32\cmd.exe10.0.20348.3932 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True " exitC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8903A3381FBB033A45F5C2C50C175C54,SHA256=F7C237A49B96FD77C047910E13F24AAC4678A0F94BABDB06643DBA63F38D48E5,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{5ab40fd1-c3bb-68ef-1f4e-000000003a02}4028C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -noprofileAR-WIN-1\Administrator 154100x8000000000000000180387Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:02:25.636{5ab40fd1-c591-68ef-624e-000000003a02}1416C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c591-68ef-604e-000000003a02}8212C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring TrueAR-WIN-1\Administrator 154100x8000000000000000180386Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:02:25.563{5ab40fd1-c591-68ef-614e-000000003a02}2744C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c591-68ef-604e-000000003a02}8212C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring TrueAR-WIN-1\Administrator 154100x8000000000000000180384Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:02:25.107{5ab40fd1-c591-68ef-604e-000000003a02}8212C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring TrueC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c591-68ef-5f4e-000000003a02}3572C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True "AR-WIN-1\Administrator 154100x8000000000000000180383Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:02:25.094{5ab40fd1-c591-68ef-5f4e-000000003a02}3572C:\Windows\System32\cmd.exe10.0.20348.3932 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True "C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8903A3381FBB033A45F5C2C50C175C54,SHA256=F7C237A49B96FD77C047910E13F24AAC4678A0F94BABDB06643DBA63F38D48E5,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{5ab40fd1-c3bb-68ef-1f4e-000000003a02}4028C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -noprofileAR-WIN-1\Administrator 154100x8000000000000000180351Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:59.654{5ab40fd1-c4c3-68ef-434e-000000003a02}2744C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -command Set-MpPreference" -ExclusionExtension .exe " C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c4c0-68ef-394e-000000003a02}7972C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "%USERPROFILE%\AppData & powershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "%USERPROFILE%\Local & powershell.exe -command Set-MpPreference" -ExclusionExtension .exe " "AR-WIN-1\Administrator 154100x8000000000000000180347Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:58.558{5ab40fd1-c4c2-68ef-404e-000000003a02}8084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "C:\Users\Administrator\Local C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c4c0-68ef-394e-000000003a02}7972C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "%USERPROFILE%\AppData & powershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "%USERPROFILE%\Local & powershell.exe -command Set-MpPreference" -ExclusionExtension .exe " "AR-WIN-1\Administrator 154100x8000000000000000180343Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:57.387{5ab40fd1-c4c1-68ef-3d4e-000000003a02}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "C:\Users\Administrator\AppData C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c4c0-68ef-394e-000000003a02}7972C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "%USERPROFILE%\AppData & powershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "%USERPROFILE%\Local & powershell.exe -command Set-MpPreference" -ExclusionExtension .exe " "AR-WIN-1\Administrator 154100x8000000000000000180342Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:56.717{5ab40fd1-c4c0-68ef-3c4e-000000003a02}2840C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c4c0-68ef-3a4e-000000003a02}7344C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend AR-WIN-1\Administrator 154100x8000000000000000180341Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:56.616{5ab40fd1-c4c0-68ef-3b4e-000000003a02}6140C:\Windows\System32\HOSTNAME.EXE10.0.20348.3451 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8E617A326FACE0B6A0986466210A93A8,SHA256=AD65BB9066F65DD694085161E40B4212955C364A689613DF19438FFF41CBED51,IMPHASH=23013EDF627646AB5226D15AC880BAD8{5ab40fd1-c4c0-68ef-3a4e-000000003a02}7344C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend AR-WIN-1\Administrator 154100x8000000000000000180339Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:56.114{5ab40fd1-c4c0-68ef-3a4e-000000003a02}7344C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-c4c0-68ef-394e-000000003a02}7972C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "%USERPROFILE%\AppData & powershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "%USERPROFILE%\Local & powershell.exe -command Set-MpPreference" -ExclusionExtension .exe " "AR-WIN-1\Administrator 154100x8000000000000000180338Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:58:56.101{5ab40fd1-c4c0-68ef-394e-000000003a02}7972C:\Windows\System32\cmd.exe10.0.20348.3932 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem True -DisableIOAVProtection True -DisableRealtimeMonitoring True -DisableScriptScanning True -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command " Add-MpPreference -ExclusionPath "%%USERPROFILE%%\AppData & powershell.exe -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference" -ExclusionPath "%%USERPROFILE%%\Local & powershell.exe -command Set-MpPreference" -ExclusionExtension .exe " "C:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=8903A3381FBB033A45F5C2C50C175C54,SHA256=F7C237A49B96FD77C047910E13F24AAC4678A0F94BABDB06643DBA63F38D48E5,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{5ab40fd1-c3bb-68ef-1f4e-000000003a02}4028C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -noprofileAR-WIN-1\Administrator