Trick or Treat on Specter Street: Ghost of the SOC

maybe I was too radical, i've deleted everything which was not by windows :)

Get-ScheduledTask | Where-Object { $_.TaskPath -notlike '\Microsoft\*' } | ForEach-Object {
  try {
    Disable-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath -ErrorAction Stop | Out-Null
    Unregister-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath -Confirm:$false -ErrorAction Stop
    Write-Host "Removed: $($_.TaskPath)$($_.TaskName)"
  } catch {
    Write-Warning "Failed: $($_.TaskPath)$($_.TaskName) — $($_.Exception.Message)"
  }
}

solved the lab and removed some services too much, but hey, .. to be on the safe side :)