Powershell.exe "Powershell" Copy-Item 'C:\Users\test22\AppData\Local\Temp\BCBCBDHDHD.exe' 'C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Systshdem.exe'
2832RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
2936