cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "puWJNPHefC" C:\Users\test22\AppData\Local\Temp\Cmstp.bat
2552cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Cmstp.bat
2628csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\gy236rcb.cmdline"
2852cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RESFE37.tmp" "c:\Users\test22\AppData\Local\Temp\CSCFE36.tmp"
2900csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\lo-2clp1.cmdline"
2972winlogin.exe "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe"
3056