Virustotal: C:\WINDOWS\SysWOW64\Cgey.exe
Virustotal: C:\Users\James\OOijLea.exe
Task: {7B632840-2D0F-4551-AD99-B52373A886C8} - System32\Tasks\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C} => C:\WINDOWS\SysWOW64\Cgey.exe [2018-04-12] (Microsoft Corporation)
Task: {9616E418-9021-4FA4-9E05-B7609AF02525} - System32\Tasks\{13D519CB-2588-9DA6-6E1A-ABB8D1113305} => C:\Users\James\OOijLea.exe [2018-04-12] (Microsoft Corporation)
CMD: rd /s %systemdrive%\$Recycle.bin
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"