powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\attack.jpeg.ps1
3036wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Systray.vbs"
2160powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\test22\AppData\Roaming\Systray.ps1"
2416csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\test22\AppData\Local\Temp\0fpj26uf.cmdline"
2524cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\test22\AppData\Local\Temp\RES7923.tmp" "c:\Users\test22\AppData\Local\Temp\CSC7913.tmp"
1720