661a3f864b0e93b9c4c7ab4d738a26dc57dff42638ed2290137b607219c767d6

Analysis

max time kernel
138s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de050ed23a21217305f1c09752e700ed.exe
Size

78KB
MD5

de050ed23a21217305f1c09752e700ed
SHA1

df468913ad3fb624a0bd02545cc876f76ae18858
SHA256

661a3f864b0e93b9c4c7ab4d738a26dc57dff42638ed2290137b607219c767d6
SHA512

cc2bbe6e587e36b9df4f9c261fa681798dc9c44bd9e4043f699743a9dc7c379d326713587a4a8256c888fd351956f7f72a7969e227352549d7b2ff620121384d
SSDEEP

1536:JKp7DBQbdpYgJH/kxfHzXYdrDpgiuVb9hQG5B2hJo6G5wn68/R:JKNDBMPHJfkxX+rt0hDP2hSRSnN

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	de050ed23a21217305f1c09752e700ed.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	wificonfigs.exe

Executes dropped EXE 64 IoCs

pid	Process
1512	wificonfigs.exe
3852	wificonfigs.exe
3784	wificonfigs.exe
2980	wificonfigs.exe
1172	wificonfigs.exe
4288	wificonfigs.exe
872	wificonfigs.exe
3144	wificonfigs.exe
1384	wificonfigs.exe
1908	wificonfigs.exe
3424	wificonfigs.exe
3548	wificonfigs.exe
264	wificonfigs.exe
4360	wificonfigs.exe
3572	wificonfigs.exe
4936	wificonfigs.exe
3852	wificonfigs.exe
3240	wificonfigs.exe
4368	wificonfigs.exe
2252	wificonfigs.exe
872	wificonfigs.exe
2036	wificonfigs.exe
3932	wificonfigs.exe
3380	wificonfigs.exe
1156	wificonfigs.exe
2252	wificonfigs.exe
3268	wificonfigs.exe
32	wificonfigs.exe
3708	wificonfigs.exe
1308	wificonfigs.exe
3936	wificonfigs.exe
1988	wificonfigs.exe
2980	wificonfigs.exe
3024	wificonfigs.exe
4920	wificonfigs.exe
4876	wificonfigs.exe
3268	wificonfigs.exe
348	wificonfigs.exe
3752	wificonfigs.exe
2968	wificonfigs.exe
3304	wificonfigs.exe
2036	wificonfigs.exe
1684	wificonfigs.exe
3240	wificonfigs.exe
4860	wificonfigs.exe
4824	wificonfigs.exe
4296	wificonfigs.exe
2828	wificonfigs.exe
1844	wificonfigs.exe
2768	wificonfigs.exe
3740	wificonfigs.exe
1896	wificonfigs.exe
3304	wificonfigs.exe
2200	wificonfigs.exe
3364	wificonfigs.exe
2320	wificonfigs.exe
1732	wificonfigs.exe
1880	wificonfigs.exe
4924	wificonfigs.exe
3696	wificonfigs.exe
1844	wificonfigs.exe
1336	wificonfigs.exe
3740	wificonfigs.exe
4604	wificonfigs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3584-0-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3584-1-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3584-2-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-7.dat	upx
behavioral2/memory/3584-37-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1512-38-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1512-41-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3852-44-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3784-45-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3784-48-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2980-51-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1172-52-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1172-55-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4288-56-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4288-59-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/872-60-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/872-63-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3144-64-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3144-67-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1384-68-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1384-71-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1908-72-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1908-75-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3424-76-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3424-79-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3548-80-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3548-83-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/264-86-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4360-87-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4360-88-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3572-91-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3572-94-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4936-95-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4936-98-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3852-99-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3852-102-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3240-103-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3240-106-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4368-107-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/4368-110-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2252-111-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2252-114-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/872-115-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/872-118-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2036-121-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3932-122-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3932-125-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3380-126-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3380-129-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1156-130-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1156-132-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2252-134-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/2252-137-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3268-138-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3268-141-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/32-142-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/32-145-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3708-146-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3708-149-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1308-150-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1308-153-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3936-154-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/1988-159-0x0000000000400000-0x0000000000430000-memory.dmp	upx
behavioral2/memory/3936-158-0x0000000000400000-0x0000000000430000-memory.dmp	upx

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Wifi Configuration! = "wificonfigs.exe"	wificonfigs.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File opened for modification	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe
File created	C:\Windows\SysWOW64\wificonfigs.exe	wificonfigs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wificonfigs.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	3584	de050ed23a21217305f1c09752e700ed.exe
Token: SeIncBasePriorityPrivilege	1512	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3852	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3784	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2980	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1172	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4288	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	872	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3144	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1384	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1908	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3424	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3548	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	264	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4360	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3572	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4936	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3852	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3240	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4368	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2252	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	872	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2036	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3932	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3380	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1156	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2252	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3268	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	32	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3708	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1308	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3936	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1988	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2980	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3024	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4920	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4876	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3268	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	348	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3752	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2968	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3304	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2036	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1684	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3240	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4860	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4824	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4296	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2828	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1844	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2768	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3740	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1896	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3304	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2200	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3364	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	2320	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1732	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1880	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	4924	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3696	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1844	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	1336	wificonfigs.exe
Token: SeIncBasePriorityPrivilege	3740	wificonfigs.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 1512	3584	de050ed23a21217305f1c09752e700ed.exe	89
PID 3584 wrote to memory of 1512	3584	de050ed23a21217305f1c09752e700ed.exe	89
PID 3584 wrote to memory of 1512	3584	de050ed23a21217305f1c09752e700ed.exe	89
PID 3584 wrote to memory of 3740	3584	de050ed23a21217305f1c09752e700ed.exe	90
PID 3584 wrote to memory of 3740	3584	de050ed23a21217305f1c09752e700ed.exe	90
PID 3584 wrote to memory of 3740	3584	de050ed23a21217305f1c09752e700ed.exe	90
PID 1512 wrote to memory of 3852	1512	wificonfigs.exe	93
PID 1512 wrote to memory of 3852	1512	wificonfigs.exe	93
PID 1512 wrote to memory of 3852	1512	wificonfigs.exe	93
PID 1512 wrote to memory of 1756	1512	wificonfigs.exe	94
PID 1512 wrote to memory of 1756	1512	wificonfigs.exe	94
PID 1512 wrote to memory of 1756	1512	wificonfigs.exe	94
PID 3852 wrote to memory of 3784	3852	wificonfigs.exe	98
PID 3852 wrote to memory of 3784	3852	wificonfigs.exe	98
PID 3852 wrote to memory of 3784	3852	wificonfigs.exe	98
PID 3852 wrote to memory of 3532	3852	wificonfigs.exe	99
PID 3852 wrote to memory of 3532	3852	wificonfigs.exe	99
PID 3852 wrote to memory of 3532	3852	wificonfigs.exe	99
PID 3784 wrote to memory of 2980	3784	wificonfigs.exe	101
PID 3784 wrote to memory of 2980	3784	wificonfigs.exe	101
PID 3784 wrote to memory of 2980	3784	wificonfigs.exe	101
PID 3784 wrote to memory of 4892	3784	wificonfigs.exe	102
PID 3784 wrote to memory of 4892	3784	wificonfigs.exe	102
PID 3784 wrote to memory of 4892	3784	wificonfigs.exe	102
PID 2980 wrote to memory of 1172	2980	wificonfigs.exe	104
PID 2980 wrote to memory of 1172	2980	wificonfigs.exe	104
PID 2980 wrote to memory of 1172	2980	wificonfigs.exe	104
PID 2980 wrote to memory of 1312	2980	wificonfigs.exe	105
PID 2980 wrote to memory of 1312	2980	wificonfigs.exe	105
PID 2980 wrote to memory of 1312	2980	wificonfigs.exe	105
PID 1172 wrote to memory of 4288	1172	wificonfigs.exe	107
PID 1172 wrote to memory of 4288	1172	wificonfigs.exe	107
PID 1172 wrote to memory of 4288	1172	wificonfigs.exe	107
PID 1172 wrote to memory of 1440	1172	wificonfigs.exe	108
PID 1172 wrote to memory of 1440	1172	wificonfigs.exe	108
PID 1172 wrote to memory of 1440	1172	wificonfigs.exe	108
PID 4288 wrote to memory of 872	4288	wificonfigs.exe	110
PID 4288 wrote to memory of 872	4288	wificonfigs.exe	110
PID 4288 wrote to memory of 872	4288	wificonfigs.exe	110
PID 4288 wrote to memory of 4460	4288	wificonfigs.exe	111
PID 4288 wrote to memory of 4460	4288	wificonfigs.exe	111
PID 4288 wrote to memory of 4460	4288	wificonfigs.exe	111
PID 872 wrote to memory of 3144	872	wificonfigs.exe	113
PID 872 wrote to memory of 3144	872	wificonfigs.exe	113
PID 872 wrote to memory of 3144	872	wificonfigs.exe	113
PID 872 wrote to memory of 2092	872	wificonfigs.exe	114
PID 872 wrote to memory of 2092	872	wificonfigs.exe	114
PID 872 wrote to memory of 2092	872	wificonfigs.exe	114
PID 3144 wrote to memory of 1384	3144	wificonfigs.exe	116
PID 3144 wrote to memory of 1384	3144	wificonfigs.exe	116
PID 3144 wrote to memory of 1384	3144	wificonfigs.exe	116
PID 3144 wrote to memory of 4052	3144	wificonfigs.exe	117
PID 3144 wrote to memory of 4052	3144	wificonfigs.exe	117
PID 3144 wrote to memory of 4052	3144	wificonfigs.exe	117
PID 1384 wrote to memory of 1908	1384	wificonfigs.exe	119
PID 1384 wrote to memory of 1908	1384	wificonfigs.exe	119
PID 1384 wrote to memory of 1908	1384	wificonfigs.exe	119
PID 1384 wrote to memory of 4384	1384	wificonfigs.exe	120
PID 1384 wrote to memory of 4384	1384	wificonfigs.exe	120
PID 1384 wrote to memory of 4384	1384	wificonfigs.exe	120
PID 1908 wrote to memory of 3424	1908	wificonfigs.exe	122
PID 1908 wrote to memory of 3424	1908	wificonfigs.exe	122
PID 1908 wrote to memory of 3424	1908	wificonfigs.exe	122
PID 1908 wrote to memory of 3544	1908	wificonfigs.exe	123

C:\Users\Admin\AppData\Local\Temp\de050ed23a21217305f1c09752e700ed.exe
"C:\Users\Admin\AppData\Local\Temp\de050ed23a21217305f1c09752e700ed.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Windows\SysWOW64\wificonfigs.exe
  "C:\Windows\system32\wificonfigs.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Windows\SysWOW64\wificonfigs.exe
    "C:\Windows\system32\wificonfigs.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3852
  - - C:\Windows\SysWOW64\wificonfigs.exe
      "C:\Windows\system32\wificonfigs.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3784
    - - C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2980
      - C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1172
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        8⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:872
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3144
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1384
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3424
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3548
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:264
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4360
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3572
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        17⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4936
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3852
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3240
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4368
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2252
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:872
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3380
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:1156
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2252
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3268
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:32
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3708
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1308
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3936
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        33⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1988
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2980
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4920
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4876
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3268
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:348
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3752
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2968
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        42⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3304
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1684
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        45⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3240
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        46⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4860
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4824
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        48⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4296
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        49⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2828
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        51⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:2768
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        52⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3740
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        53⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1896
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3304
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        55⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2200
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3364
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2320
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        58⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:1732
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1880
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4924
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3696
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        63⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1336
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        64⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3740
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4604
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        66⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        67⤵
        Adds Run key to start application
        
        PID:2464
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        68⤵
        Checks computer location settings
        
        PID:2768
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        69⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        70⤵
        
        PID:228
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        71⤵
        Adds Run key to start application
        
        PID:3304
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        72⤵
        Checks computer location settings
        
        PID:1868
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        73⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        74⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:1348
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        75⤵
        Checks computer location settings
        
        PID:4324
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        76⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4636
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        77⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3480
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        78⤵
        Checks computer location settings
        
        PID:2932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        79⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        80⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        81⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        82⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:3280
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        83⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4660
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        84⤵
        Adds Run key to start application
        
        PID:1008
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        85⤵
        Adds Run key to start application
        
        PID:2032
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        86⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2020
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        87⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4836
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        88⤵
        Drops file in System32 directory
        
        PID:2300
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        89⤵
        Adds Run key to start application
        
        PID:264
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        90⤵
        Drops file in System32 directory
        
        PID:4720
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        91⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:4716
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        92⤵
        Adds Run key to start application
        
        PID:4912
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        93⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        94⤵
        Checks computer location settings
        
        PID:2336
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        95⤵
        Drops file in System32 directory
        
        PID:4464
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        96⤵
        Checks computer location settings
        
        PID:3128
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        97⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:2912
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        98⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:3364
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        99⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        100⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        101⤵
        
        PID:748
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        102⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        103⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        104⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        105⤵
        Adds Run key to start application
        
        PID:4996
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        106⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2468
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        107⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        108⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        109⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:2868
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        110⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2860
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        111⤵
        Modifies registry class
        
        PID:1448
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        112⤵
        Modifies registry class
        
        PID:3480
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        113⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1008
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        114⤵
        Adds Run key to start application
        
        PID:4824
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        115⤵
        Checks computer location settings
        
        PID:4544
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        116⤵
        Modifies registry class
        
        PID:3792
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        117⤵
        Drops file in System32 directory
        
        PID:3572
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        118⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        119⤵
        Drops file in System32 directory
        
        PID:1592
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        120⤵
        Checks computer location settings
        Modifies registry class
        
        PID:2592
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        121⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        122⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        123⤵
        Drops file in System32 directory
        
        PID:4636
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        124⤵
        Modifies registry class
        
        PID:2452
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        125⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        126⤵
        Drops file in System32 directory
        
        PID:4756
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        127⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3744
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        128⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:4136
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        129⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        130⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        131⤵
        Adds Run key to start application
        
        PID:3876
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        132⤵
        Checks computer location settings
        
        PID:4680
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        133⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        134⤵
        Drops file in System32 directory
        
        PID:3788
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        135⤵
        Adds Run key to start application
        
        PID:4932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        136⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:3812
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        137⤵
        Modifies registry class
        
        PID:3224
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        138⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        139⤵
        Checks computer location settings
        
        PID:216
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        140⤵
        Drops file in System32 directory
        
        PID:3424
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        141⤵
        
        PID:264
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        142⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2360
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        143⤵
        Checks computer location settings
        
        PID:3176
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        144⤵
        Modifies registry class
        
        PID:1880
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        145⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        146⤵
        Checks computer location settings
        
        PID:2352
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        147⤵
        Adds Run key to start application
        
        PID:4324
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        148⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4032
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        149⤵
        Checks computer location settings
        
        PID:100
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        150⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        151⤵
        Adds Run key to start application
        
        PID:1684
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        152⤵
        
        PID:656
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        153⤵
        Checks computer location settings
        
        PID:1932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        154⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:3880
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        155⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:3096
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        156⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2400
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        157⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        158⤵
        Checks computer location settings
        
        PID:3628
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        159⤵
        Modifies registry class
        
        PID:4740
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        160⤵
        
        PID:656
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        161⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        162⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        163⤵
        Checks computer location settings
        
        PID:3096
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        164⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:2400
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        165⤵
        Checks computer location settings
        
        PID:1436
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        166⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        167⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        168⤵
        Adds Run key to start application
        
        PID:724
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        169⤵
        Modifies registry class
        
        PID:348
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        170⤵
        Drops file in System32 directory
        
        PID:228
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        171⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4384
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        172⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        173⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4424
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        174⤵
        Drops file in System32 directory
        
        PID:1288
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        175⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        176⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3568
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        177⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:2868
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        178⤵
        Checks computer location settings
        Modifies registry class
        
        PID:556
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        179⤵
        Checks computer location settings
        
        PID:324
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        180⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:4884
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        181⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2468
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        182⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        183⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        184⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:348
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        185⤵
        Modifies registry class
        
        PID:4288
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        186⤵
        Adds Run key to start application
        
        PID:3152
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        187⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        188⤵
        Adds Run key to start application
        
        PID:3424
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        189⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3820
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        190⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:336
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        191⤵
        Adds Run key to start application
        
        PID:3104
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        192⤵
        Modifies registry class
        
        PID:3040
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        193⤵
        Modifies registry class
        
        PID:760
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        194⤵
        Checks computer location settings
        
        PID:4704
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        195⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3740
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        196⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:916
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        197⤵
        Checks computer location settings
        
        PID:3024
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        198⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        199⤵
        Modifies registry class
        
        PID:1352
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        200⤵
        Adds Run key to start application
        
        PID:1932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        201⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:3592
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        202⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:768
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        203⤵
        Adds Run key to start application
        
        PID:2780
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        204⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        205⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        206⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        207⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:3752
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        208⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:220
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        209⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:2904
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        210⤵
        Modifies registry class
        
        PID:2628
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        211⤵
        Modifies registry class
        
        PID:5084
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        212⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1344
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        213⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:3540
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        214⤵
        Drops file in System32 directory
        
        PID:4636
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        215⤵
        Drops file in System32 directory
        
        PID:3784
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        216⤵
        Checks computer location settings
        
        PID:4620
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        217⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3196
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        218⤵
        Adds Run key to start application
        
        PID:4416
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        219⤵
        Modifies registry class
        
        PID:1684
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        220⤵
        Modifies registry class
        
        PID:2392
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        221⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3104
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        222⤵
        Modifies registry class
        
        PID:220
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        223⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        224⤵
        
        PID:932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        225⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        226⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        227⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        228⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        229⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        230⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        231⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        232⤵
        
        PID:932
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        233⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        234⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        235⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        236⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        237⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        238⤵
        
        PID:552
        
        C:\Windows\SysWOW64\wificonfigs.exe
        
        "C:\Windows\system32\wificonfigs.exe"
        239⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        239⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        238⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        237⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        236⤵
        
        PID:3468
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        237⤵
        
        PID:372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        235⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        234⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        233⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        232⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        231⤵
        
        PID:556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        230⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        229⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        228⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        227⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        226⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        225⤵
        
        PID:184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        224⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        223⤵
        
        PID:348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        222⤵
        
        PID:372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        221⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        220⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        219⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        218⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        217⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        216⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        215⤵
        
        PID:620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        214⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        213⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        212⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        211⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        210⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        209⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        208⤵
        
        PID:1920
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        209⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        207⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        206⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        205⤵
        
        PID:556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        204⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        203⤵
        
        PID:116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        202⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        201⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        200⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        199⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        198⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        197⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        196⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        195⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        194⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        193⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        192⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        191⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        190⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        189⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        188⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        187⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        186⤵
        
        PID:776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        185⤵
        
        PID:620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        184⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        183⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        182⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        181⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        180⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        179⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        178⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        177⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        176⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        175⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        174⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        173⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        172⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        171⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        170⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        169⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        168⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        167⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        166⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        165⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        164⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        163⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        162⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        161⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        160⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        159⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        158⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        157⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        156⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        155⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        154⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        153⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        152⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        151⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        150⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        149⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        148⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        147⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        146⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        145⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        144⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        143⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        142⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        141⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        140⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        139⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        138⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        137⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        136⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        135⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        134⤵
        
        PID:448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        133⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        132⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        131⤵
        
        PID:244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        130⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        129⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        128⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        127⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        126⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        125⤵
        
        PID:228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        124⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        123⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        122⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        121⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        120⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        119⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        118⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        117⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        116⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        115⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        114⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        113⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        112⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        111⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        110⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        109⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        108⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        107⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        106⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        105⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        104⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        103⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        102⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        101⤵
        
        PID:184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        100⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        99⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        98⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        97⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        96⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        95⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        94⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        93⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        92⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        91⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        90⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        89⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        88⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        87⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        86⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        85⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        84⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        83⤵
        
        PID:216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        82⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        81⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        80⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        79⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        78⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        77⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        76⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        75⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        74⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        73⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        72⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        71⤵
        
        PID:116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        70⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        69⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        68⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        67⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        66⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        65⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        64⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        63⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        62⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        61⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        60⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        59⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        58⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        57⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        56⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        55⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        54⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        53⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        52⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        51⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        50⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        49⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        48⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        47⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        46⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        45⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        44⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        43⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        42⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        41⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        40⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        39⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        38⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        37⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        36⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        35⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        34⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        33⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        32⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        31⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        30⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        29⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        28⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        27⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        26⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        25⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        24⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        23⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        22⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        21⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        20⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        19⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        18⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        17⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        16⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        15⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        14⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        13⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        12⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        11⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        10⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        9⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        8⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        7⤵
        
        PID:1440
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        6⤵
        
        PID:1312
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
        5⤵
        
        PID:4892
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
      4⤵
      PID:3532
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" "/c del "C:\Windows\SysWOW64\WIFICO~1.EXE > nul
    3⤵
    PID:1756
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" "/c del "C:\Users\Admin\AppData\Local\Temp\DE050E~1.EXE > nul
  2⤵
  PID:3740

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wificonfigs.exe

Filesize
78KB

MD5
de050ed23a21217305f1c09752e700ed

SHA1
df468913ad3fb624a0bd02545cc876f76ae18858

SHA256
661a3f864b0e93b9c4c7ab4d738a26dc57dff42638ed2290137b607219c767d6

SHA512
cc2bbe6e587e36b9df4f9c261fa681798dc9c44bd9e4043f699743a9dc7c379d326713587a4a8256c888fd351956f7f72a7969e227352549d7b2ff620121384d

Download Submit
memory/32-145-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/32-142-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/264-86-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/348-189-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/348-186-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/872-63-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/872-60-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/872-118-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/872-115-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1156-132-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1156-130-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1172-55-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1172-52-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1308-153-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1308-150-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1384-68-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1384-71-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1512-41-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1512-38-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1684-206-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1684-209-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1908-72-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1908-75-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1988-159-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1988-163-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2036-202-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2036-121-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2036-205-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2252-137-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2252-134-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2252-114-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2252-111-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2828-226-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2968-194-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2968-197-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-168-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-164-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-51-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3024-169-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3024-172-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3144-64-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3144-67-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3240-210-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3240-106-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3240-103-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3240-213-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3268-182-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3268-185-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3268-138-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3268-141-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3304-201-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3304-198-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3380-126-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3380-129-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3424-79-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3424-76-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3548-80-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3548-83-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3572-91-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3572-94-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3584-37-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3584-2-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3584-0-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3584-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3708-146-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3708-149-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3752-190-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3752-193-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3784-45-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3784-48-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3852-99-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3852-44-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3852-102-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3932-122-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3932-125-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3936-154-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3936-158-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4288-59-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4288-56-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4296-225-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4296-222-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4360-87-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4360-88-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4368-110-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4368-107-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4824-221-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4824-218-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4860-214-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4860-217-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4876-177-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4876-178-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4876-181-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4920-173-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4920-176-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4936-95-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4936-98-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads