AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\a2ad8163-11d5-4f89-89e5-fc093bda31ef\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\a2ad8163-11d5-4f89-89e5-fc093bda31ef\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
2244powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\ao.exe" -Force
2448timeout.exe timeout 1
584AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\6124f2a7-8a2c-4783-89ce-0314c0f4a84f\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\6124f2a7-8a2c-4783-89ce-0314c0f4a84f\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
1292timeout.exe timeout 1
1976powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\9be4a78dfb\blfte.exe" -Force
2656cmd.exe "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\test22\AppData\Local\Temp\9be4a78dfb\
3052reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\test22\AppData\Local\Temp\9be4a78dfb\
1596schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN blfte.exe /TR "C:\Users\test22\AppData\Local\Temp\9be4a78dfb\blfte.exe" /F
1788rundll32.exe "C:\Windows\System32\rundll32.exe" C:\ProgramData\1428cad52d922f\cred.dll, Main
1120rundll32.exe "C:\Windows\System32\rundll32.exe" C:\ProgramData\1428cad52d922f\scr.dll, Main
2704