AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2440kKAu9cP3NNRIkrC.exe "C:\Users\test22\AppData\Local\Temp\kKAu9cP3NNRIkrC.exe"
3512cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\kKAu9cP3NNRIkrC.exe" /tn "\WindowsAppPool\kKAu9cP3NNRIkrC"
3892schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\kKAu9cP3NNRIkrC.exe" /tn "\WindowsAppPool\kKAu9cP3NNRIkrC"
2104AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
4136ESPCid2h8QyYJ9b.exe "C:\Users\test22\AppData\Local\Temp\ESPCid2h8QyYJ9b.exe"
4168cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\ujtOIdrpHPHQwyp.exe" /tn "\WindowsAppPool\ujtOIdrpHPHQwyp"
3456schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\ujtOIdrpHPHQwyp.exe" /tn "\WindowsAppPool\ujtOIdrpHPHQwyp"
4460cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\ESPCid2h8QyYJ9b.exe" /tn "\WindowsAppPool\ESPCid2h8QyYJ9b"
4256schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\ESPCid2h8QyYJ9b.exe" /tn "\WindowsAppPool\ESPCid2h8QyYJ9b"
4676HJrKFxe4WGaGi18.exe "C:\Users\test22\AppData\Local\Temp\HJrKFxe4WGaGi18.exe"
4504cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\HJrKFxe4WGaGi18.exe" /tn "\WindowsAppPool\HJrKFxe4WGaGi18"
4636schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\HJrKFxe4WGaGi18.exe" /tn "\WindowsAppPool\HJrKFxe4WGaGi18"
4848Rik3e2Qqnc0PuCo.exe "C:\Users\test22\AppData\Local\Temp\Rik3e2Qqnc0PuCo.exe"
4724cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\Rik3e2Qqnc0PuCo.exe" /tn "\WindowsAppPool\Rik3e2Qqnc0PuCo"
4804schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\Rik3e2Qqnc0PuCo.exe" /tn "\WindowsAppPool\Rik3e2Qqnc0PuCo"
4996AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
4152AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
1800cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\1RGRO2VMheQXHJb.exe" /tn "\WindowsAppPool\1RGRO2VMheQXHJb"
5020schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\1RGRO2VMheQXHJb.exe" /tn "\WindowsAppPool\1RGRO2VMheQXHJb"
4276cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\4eOZbn8zB4sFM67.exe" /tn "\WindowsAppPool\4eOZbn8zB4sFM67"
160schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\4eOZbn8zB4sFM67.exe" /tn "\WindowsAppPool\4eOZbn8zB4sFM67"
47043sR15gk.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\3sR15gk.exe
2616AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2820schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
2152cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
2388powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\test22\AppData\Local\Temp\1000062041\2.ps1"
2168iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://accounts.google.com/
3120iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3120 CREDAT:145409
3348chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://accounts.google.com/
3228chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x7fef3046e00,0x7fef3046e10,0x7fef3046e20
3468AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
3160AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
16642VB535Hz.exe C:\Users\test22\AppData\Local\Temp\IXP007.TMP\2VB535Hz.exe
43083Sw6MV84.exe C:\Users\test22\AppData\Local\Temp\IXP006.TMP\3Sw6MV84.exe
3660AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
34965EA47Tb.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\5EA47Tb.exe
4696cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\F65C.tmp\F65D.tmp\F65E.bat C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6RE44dd.exe"
2900AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
3264rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
43406JR6gF0.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6JR6gF0.exe
3000cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\D4CF.tmp\D4E0.tmp\D4E1.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\7YD3dv41.exe"
2264iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:145409
2548iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:79877
3816iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:210945
3212iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3048 CREDAT:79894
5024explorer.exe C:\Windows\Explorer.EXE
1236