f1857800.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\f1857800.exe
2756g6373295.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g6373295.exe
2984schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN metado.exe /TR "C:\Users\test22\AppData\Local\Temp\a9e2a16078\metado.exe" /F
2236cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "test22:N"&&CACLS "metado.exe" /P "test22:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "test22:N"&&CACLS "..\a9e2a16078" /P "test22:R" /E&&Exit
2380cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2568cacls.exe CACLS "metado.exe" /P "test22:N"
2648cacls.exe CACLS "metado.exe" /P "test22:R" /E
2708cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2704cacls.exe CACLS "..\a9e2a16078" /P "test22:N"
2872cacls.exe CACLS "..\a9e2a16078" /P "test22:R" /E
504rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
2384i2952885.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i2952885.exe
2064explorer.exe C:\Windows\Explorer.EXE
1452