cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "XlbEBpLSkcrGBoyr" C:\Users\test22\AppData\Local\Temp\ClickMe.lnk
2556powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -ExecutionPolicy Bypass -nologo -noprofile -File "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dd.ps1"
2644