231.tmp "C:\Users\test22\AppData\Local\Temp\is-NDD40.tmp\231.tmp" /SL5="$80178,10740751,812544,C:\Users\test22\AppData\Local\Temp\231.exe"
2660231.tmp "C:\Users\test22\AppData\Local\Temp\is-H496T.tmp\231.tmp" /SL5="$90178,10740751,812544,C:\Users\test22\AppData\Local\Temp\231.exe" /VERYSILENT /NORESTART
2792tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
2904find.exe find /I "wrsa.exe"
2940tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
2076find.exe find /I "opssvc.exe"
2104cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
2176tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
2248find.exe find /I "avastui.exe"
2380tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
2620find.exe find /I "avgui.exe"
2744cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
2644tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
2860find.exe find /I "nswscsvc.exe"
2932cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
3068tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
2712find.exe find /I "sophoshealth.exe"
2112AutoIt3.exe "C:\Users\test22\AppData\Local\acetiam\\AutoIt3.exe" "C:\Users\test22\AppData\Local\acetiam\\grayhound1..a3x"
2308cmd.exe "C:\Windows\System32\cmd.exe" /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
2316PING.EXE ping -n 5 127.0.0.1
2836MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
1376