schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
2432schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
2540KUrJTQEsIHMvAcabBVxa.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\KUrJTQEsIHMvAcabBVxa.exe"
2708iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2760 CREDAT:145409
2840EOhQhAkcbWTB_T1v1y_S.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\EOhQhAkcbWTB_T1v1y_S.exe"
804schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
2460stan.exe "C:\Users\test22\AppData\Local\Temp\1000609001\stan.exe"
1664installs.exe "C:\Users\test22\AppData\Local\Temp\1000629001\installs.exe"
2976fsdfsfsfs.exe "C:\Users\test22\AppData\Local\Temp\1000630001\fsdfsfsfs.exe"
2108MRK.exe "C:\Users\test22\AppData\Local\Temp\1000631001\MRK.exe"
2060sadsadsadsa.exe "C:\Users\test22\AppData\Local\Temp\1000632001\sadsadsadsa.exe"
2992Atqumy.exe "C:\Users\test22\AppData\Local\Temp\1000634001\Atqumy.exe"
2660rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
3128chcp.com chcp 1251
3684schtasks.exe schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\test22\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
3756nshDAD7.tmp C:\Users\test22\AppData\Local\Temp\nshDAD7.tmp
2368toolspub1.exe "C:\Users\test22\AppData\Local\Temp\toolspub1.exe"
3312moto.exe "C:\Users\test22\AppData\Local\Temp\1000639001\moto.exe"
3824crypted.exe "C:\Users\test22\AppData\Local\Temp\1000640001\crypted.exe"
14642024.exe "C:\Users\test22\AppData\Local\Temp\1000641001\2024.exe"
3212alex.exe "C:\Users\test22\AppData\Local\Temp\1000642001\alex.exe"
3372RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2620txBA3rlC1VaXg6uHQQD1.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\txBA3rlC1VaXg6uHQQD1.exe"
2028Q2lP3WOPFRddpU6U21z0.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\Q2lP3WOPFRddpU6U21z0.exe"
2868K5hUVnj3aMwtC3i_NpaY.exe "C:\Users\test22\AppData\Local\Temp\jobA4M1jhwiskHEa_E\K5hUVnj3aMwtC3i_NpaY.exe"
2524explorer.exe C:\Windows\Explorer.EXE
1236