asyncrat | dc0ac276ec83d53e1c05b0f88a47515871f19df0686530258d6ce7184b0596c5

Analysis

max time kernel
2s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 17:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

cnchecker3.exe
Size

6.8MB
MD5

0c49a3be203b3c6394e67fa131e3c300
SHA1

cafa1d4725e078ec7ea78a108b49593d6c29198d
SHA256

dc0ac276ec83d53e1c05b0f88a47515871f19df0686530258d6ce7184b0596c5
SHA512

b664c9ac541aadce54140e7da2c58ae940571501fedb9ea67f48cbfec12873547ea5e9b75b9204553c068fb9de8164eaebdab4083e6594ef31bd34f3ecda79b8
SSDEEP

98304:IwgyO11Iy1eydWy7HSENCW5VVJW6M87w:INPIy1ey1Nzs

Score

10^/10

asyncrat stormkitty default discovery rat stealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7289188591:AAFXBqcWy9p_LgUKTwd-Pcl7lvzedUGWL1E/sendMessage?chat_id=8079461533

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023cb9-4.dat	family_stormkitty
behavioral2/memory/2980-13-0x0000000000140000-0x0000000000180000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/files/0x0008000000023cb9-4.dat	family_asyncrat

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	cnchecker3.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	CNCHECKER3.EXE

Executes dropped EXE 15 IoCs

pid	Process
468	SVCHOST.EXE
2980	SVCHOST.EXE
3140	SVCHOST.EXE
1060	SVCHOST.EXE
2248	SVCHOST.EXE
4752	SVCHOST.EXE
3568	SVCHOST.EXE
4512	SVCHOST.EXE
1588	SVCHOST.EXE
4076	SVCHOST.EXE
3472	SVCHOST.EXE
3868	SVCHOST.EXE
684	SVCHOST.EXE
1116	SVCHOST.EXE
3912	SVCHOST.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
13416	10596	WerFault.exe	404
14264	10084	WerFault.exe	340
10368	5468	WerFault.exe	168
15100	10716	WerFault.exe	377
6016	12484	WerFault.exe	494

System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CNCHECKER3.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cnchecker3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOST.EXE

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 64 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
8900	netsh.exe
14348	cmd.exe
14512	cmd.exe
13348	cmd.exe
8540	cmd.exe
220	cmd.exe
10496	netsh.exe
14832	cmd.exe
14432	cmd.exe
13360	cmd.exe
14848	cmd.exe
14800	cmd.exe
14360	cmd.exe
7376	cmd.exe
13964	cmd.exe
7804	cmd.exe
7228	cmd.exe
13512	cmd.exe
13996	cmd.exe
14168	cmd.exe
14308	cmd.exe
13460	cmd.exe
12832	netsh.exe
11548	cmd.exe
14180	cmd.exe
15012	cmd.exe
11480	cmd.exe
14520	cmd.exe
14172	cmd.exe
9676	cmd.exe
10220	netsh.exe
10296	cmd.exe
14148	cmd.exe
14628	cmd.exe
15244	cmd.exe
7348	netsh.exe
11560	netsh.exe
13980	cmd.exe
14276	cmd.exe
6464	cmd.exe
14908	cmd.exe
14768	cmd.exe
13104	cmd.exe
6376	netsh.exe
13572	cmd.exe
14664	netsh.exe
5036	cmd.exe
13552	cmd.exe
13976	cmd.exe
13944	cmd.exe
14292	cmd.exe
14920	cmd.exe
15152	cmd.exe
10724	cmd.exe
14012	cmd.exe
14160	cmd.exe
14252	cmd.exe
14456	cmd.exe
13920	netsh.exe
10028	cmd.exe
13240	cmd.exe
13060	cmd.exe
13940	cmd.exe
14896	cmd.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 5 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
15336	schtasks.exe
13652	schtasks.exe
9932	schtasks.exe
14884	schtasks.exe
9368	schtasks.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3604	5004	cnchecker3.exe	84
PID 5004 wrote to memory of 3604	5004	cnchecker3.exe	84
PID 5004 wrote to memory of 3604	5004	cnchecker3.exe	84
PID 5004 wrote to memory of 468	5004	cnchecker3.exe	85
PID 5004 wrote to memory of 468	5004	cnchecker3.exe	85
PID 5004 wrote to memory of 468	5004	cnchecker3.exe	85
PID 3604 wrote to memory of 940	3604	CNCHECKER3.EXE	86
PID 3604 wrote to memory of 940	3604	CNCHECKER3.EXE	86
PID 3604 wrote to memory of 940	3604	CNCHECKER3.EXE	86
PID 3604 wrote to memory of 2980	3604	CNCHECKER3.EXE	87
PID 3604 wrote to memory of 2980	3604	CNCHECKER3.EXE	87
PID 3604 wrote to memory of 2980	3604	CNCHECKER3.EXE	87
PID 940 wrote to memory of 1436	940	CNCHECKER3.EXE	88
PID 940 wrote to memory of 1436	940	CNCHECKER3.EXE	88
PID 940 wrote to memory of 1436	940	CNCHECKER3.EXE	88
PID 940 wrote to memory of 3140	940	CNCHECKER3.EXE	89
PID 940 wrote to memory of 3140	940	CNCHECKER3.EXE	89
PID 940 wrote to memory of 3140	940	CNCHECKER3.EXE	89
PID 1436 wrote to memory of 3680	1436	CNCHECKER3.EXE	90
PID 1436 wrote to memory of 3680	1436	CNCHECKER3.EXE	90
PID 1436 wrote to memory of 3680	1436	CNCHECKER3.EXE	90
PID 1436 wrote to memory of 1060	1436	CNCHECKER3.EXE	91
PID 1436 wrote to memory of 1060	1436	CNCHECKER3.EXE	91
PID 1436 wrote to memory of 1060	1436	CNCHECKER3.EXE	91
PID 3680 wrote to memory of 4520	3680	CNCHECKER3.EXE	93
PID 3680 wrote to memory of 4520	3680	CNCHECKER3.EXE	93
PID 3680 wrote to memory of 4520	3680	CNCHECKER3.EXE	93
PID 3680 wrote to memory of 2248	3680	CNCHECKER3.EXE	94
PID 3680 wrote to memory of 2248	3680	CNCHECKER3.EXE	94
PID 3680 wrote to memory of 2248	3680	CNCHECKER3.EXE	94
PID 4520 wrote to memory of 3640	4520	CNCHECKER3.EXE	132
PID 4520 wrote to memory of 3640	4520	CNCHECKER3.EXE	132
PID 4520 wrote to memory of 3640	4520	CNCHECKER3.EXE	132
PID 4520 wrote to memory of 4752	4520	CNCHECKER3.EXE	96
PID 4520 wrote to memory of 4752	4520	CNCHECKER3.EXE	96
PID 4520 wrote to memory of 4752	4520	CNCHECKER3.EXE	96
PID 3640 wrote to memory of 2356	3640	CNCHECKER3.EXE	97
PID 3640 wrote to memory of 2356	3640	CNCHECKER3.EXE	97
PID 3640 wrote to memory of 2356	3640	CNCHECKER3.EXE	97
PID 3640 wrote to memory of 3568	3640	CNCHECKER3.EXE	98
PID 3640 wrote to memory of 3568	3640	CNCHECKER3.EXE	98
PID 3640 wrote to memory of 3568	3640	CNCHECKER3.EXE	98
PID 2356 wrote to memory of 3552	2356	CNCHECKER3.EXE	99
PID 2356 wrote to memory of 3552	2356	CNCHECKER3.EXE	99
PID 2356 wrote to memory of 3552	2356	CNCHECKER3.EXE	99
PID 2356 wrote to memory of 4512	2356	CNCHECKER3.EXE	100
PID 2356 wrote to memory of 4512	2356	CNCHECKER3.EXE	100
PID 2356 wrote to memory of 4512	2356	CNCHECKER3.EXE	100
PID 3552 wrote to memory of 1840	3552	CNCHECKER3.EXE	101
PID 3552 wrote to memory of 1840	3552	CNCHECKER3.EXE	101
PID 3552 wrote to memory of 1840	3552	CNCHECKER3.EXE	101
PID 3552 wrote to memory of 1588	3552	CNCHECKER3.EXE	102
PID 3552 wrote to memory of 1588	3552	CNCHECKER3.EXE	102
PID 3552 wrote to memory of 1588	3552	CNCHECKER3.EXE	102
PID 1840 wrote to memory of 1312	1840	CNCHECKER3.EXE	103
PID 1840 wrote to memory of 1312	1840	CNCHECKER3.EXE	103
PID 1840 wrote to memory of 1312	1840	CNCHECKER3.EXE	103
PID 1840 wrote to memory of 4076	1840	CNCHECKER3.EXE	104
PID 1840 wrote to memory of 4076	1840	CNCHECKER3.EXE	104
PID 1840 wrote to memory of 4076	1840	CNCHECKER3.EXE	104
PID 1312 wrote to memory of 3644	1312	CNCHECKER3.EXE	266
PID 1312 wrote to memory of 3644	1312	CNCHECKER3.EXE	266
PID 1312 wrote to memory of 3644	1312	CNCHECKER3.EXE	266
PID 1312 wrote to memory of 3472	1312	CNCHECKER3.EXE	106

C:\Users\Admin\AppData\Local\Temp\cnchecker3.exe
"C:\Users\Admin\AppData\Local\Temp\cnchecker3.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
  "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
    "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
      "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        6⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        7⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        8⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        9⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        10⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        11⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        12⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        13⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        14⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        15⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        16⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        17⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        18⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        19⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        20⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        21⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        22⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        23⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        24⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        25⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        26⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        27⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        28⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        29⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        30⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        31⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        32⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        33⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        34⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        35⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        36⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        37⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        38⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        39⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        40⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        41⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        42⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        43⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        44⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        45⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        46⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        47⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        48⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        49⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        50⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        51⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        52⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        53⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        54⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        55⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        56⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        57⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        58⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        59⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        60⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        61⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        62⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        63⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        64⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        65⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        66⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        67⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        68⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        69⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        70⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        71⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        72⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        73⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        74⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        75⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        76⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        77⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        78⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        79⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        80⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        81⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        82⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        83⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        84⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        85⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        86⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        87⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        88⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        89⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        90⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        91⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        92⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        93⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        94⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        95⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        96⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        97⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        98⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        99⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        100⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        101⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        102⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        103⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        104⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        105⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        106⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        107⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        108⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        109⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        110⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        111⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        112⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        113⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        114⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        115⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        116⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        117⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        118⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        119⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        120⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        121⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        122⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        123⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        124⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        125⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        126⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        127⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        128⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        129⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        130⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        131⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        132⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        133⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        134⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        135⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        136⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        137⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        138⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        139⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        140⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        141⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        142⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        143⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        144⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        145⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        146⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        147⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        148⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        149⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        150⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        151⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        152⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        153⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        154⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        155⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        156⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        157⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        158⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        159⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        160⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        161⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        162⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        163⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        164⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        165⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        166⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        167⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        168⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        169⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        170⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        171⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        172⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        173⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        174⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        175⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        176⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        177⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        178⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        179⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        180⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        181⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\CNCHECKER3.EXE"
        182⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        182⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        181⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        180⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        179⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        178⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        177⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        176⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        175⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        174⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        173⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        172⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12484 -s 1276
        173⤵
        Program crash
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        171⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        170⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        169⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        168⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        167⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        166⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        165⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        164⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        163⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        162⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        161⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        160⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        159⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        160⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        158⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        157⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        156⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        155⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        154⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        153⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        152⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        151⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        150⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        149⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        148⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        147⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        146⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        145⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        144⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        143⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        142⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        141⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        140⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        139⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        138⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        137⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        136⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 1352
        137⤵
        Program crash
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        135⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        134⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        133⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        132⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        131⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        130⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        129⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        128⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        127⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 1380
        128⤵
        Program crash
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        126⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        125⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        124⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        123⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        122⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        121⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        120⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        119⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        118⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        117⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        116⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        115⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        114⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        113⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        114⤵
        
        PID:15316
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        115⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        112⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 1336
        113⤵
        Program crash
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        111⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        110⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        109⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        108⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        107⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        106⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        107⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14512
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        108⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        105⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        106⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        104⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        105⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        103⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        104⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        102⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        101⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        102⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        100⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        99⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        98⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        99⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        97⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        98⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        96⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        95⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        94⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        93⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        92⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        93⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        91⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        92⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13980
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        93⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        90⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        91⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        91⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        89⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        88⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        89⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        87⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        88⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        86⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        87⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13964
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        88⤵
        
        PID:14820
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        88⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13920
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        88⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        85⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        86⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        84⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        85⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        83⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        84⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        84⤵
        
        PID:14472
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        85⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        82⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        83⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        81⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        82⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        80⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        81⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14252
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        82⤵
        
        PID:876
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        82⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14664
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        82⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        81⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        79⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        80⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        78⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        79⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        77⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        78⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        76⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        77⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        75⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        74⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        75⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        73⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        74⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        72⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        73⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        71⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        72⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        70⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        71⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        69⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        70⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        68⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        69⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        67⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        66⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        65⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        64⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        63⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        64⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        62⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        63⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        61⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        62⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14180
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        63⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        62⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        60⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        61⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        61⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        59⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        60⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        58⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        59⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        57⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        58⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        56⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        57⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        55⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        54⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        55⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        53⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        52⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        53⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:10724
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        54⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        54⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:10496
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        54⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        53⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        54⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        54⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        53⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        51⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        52⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        50⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        51⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        49⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        50⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        48⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        47⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        48⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        46⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        45⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        44⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        43⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        44⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:15336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 1320
        44⤵
        Program crash
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        42⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        43⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        41⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        42⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        40⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        41⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        39⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        40⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:11548
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        41⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        41⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:11560
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        41⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        40⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        41⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        41⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        38⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        37⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        36⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        35⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        36⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:7376
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        37⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        37⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:7348
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        37⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        36⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        37⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        37⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        34⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        35⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        33⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        34⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        34⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        35⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        35⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        32⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        33⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        31⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        30⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        31⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        31⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        29⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        30⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        28⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        29⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        27⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        28⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        29⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        29⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:8900
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        29⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        28⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        29⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        29⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        26⤵
        
        PID:864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        27⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        25⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        24⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        23⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        22⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        23⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        21⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        22⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        20⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        21⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        19⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        18⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        17⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        18⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        19⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        17⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:9676
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        18⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        18⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:10220
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        18⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        17⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        18⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        18⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        15⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        11⤵
        
        PID:15236
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        11⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        9⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        8⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        9⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        9⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:12832
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        9⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1060
      - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        6⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:220
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        7⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        7⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:6376
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        7⤵
        
        PID:6724
      - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        6⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        7⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        7⤵
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
      "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3140
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:10296
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:10472
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        6⤵
        
        PID:11228
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        6⤵
        
        PID:9072
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        5⤵
        
        PID:2540
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:11632
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        6⤵
        
        PID:11440
- - C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
    "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2980
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      4⤵
      PID:14400
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
      4⤵
      PID:8076
- C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE
  "C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:468
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:14168

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:15216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 12732 -ip 12732
1⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 12276 -ip 12276
1⤵
PID:3152

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 9044 -ip 9044
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 10596 -ip 10596
1⤵
PID:1184

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:15136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 10084 -ip 10084
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 10716 -ip 10716
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 9372 -ip 9372
1⤵
PID:14384

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:13380

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2276 -ip 2276
1⤵
PID:15000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10736 -ip 10736
1⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1528 -ip 1528
1⤵
PID:9316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\08d88b1e7924064d96196f85512feda3\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
234B

MD5
ec80d4223c51883abc689f143529abc3

SHA1
62fbfceeffa282a0df92b2bbce10eea670c827a0

SHA256
a3c41d9a1364a4b175a5cdc97b77dce017106e1403dcffc6c89b300a4a4e8cdc

SHA512
e7d3c05b2b3fe28c0aa9311fb77b2b856bfa37e8c618adfc9ae4ae7029584fdc0fb5843f337decef9f45e89d77bae9db903dd36bfa691730cf0fc651e7d0f48e

Download Submit
C:\Users\Admin\AppData\Local\08d88b1e7924064d96196f85512feda3\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
862B

MD5
f942c2066730805fe19b5c39fd5c2fbb

SHA1
548d72410418d7a0e46d9f552d24587e988357d8

SHA256
3139bdd3e3f6cded6b6f11672aaa3f82dd83cffa1f023bd5c5c3554495e5e02b

SHA512
5f3351d3ed4753b561fa00d4e6f02a4f5d7898714669858e8fe8102e36ed3e2a5736f8810e6a05a0cb48594cabcadb0e19c8310b1319c54865687db2109ac697

Download Submit
C:\Users\Admin\AppData\Local\0e4ee70d89575d257d7ab2a752a7290f\Admin@GYHASOLS_en-US\System\Desktop.jpg

Filesize
88KB

MD5
f5246656096f1cfd7df966e98b51d097

SHA1
6db1d7f15d51e845cf10e5db7f6ccedf64ae28bf

SHA256
d2c0a954207c92a3906e41eb71d3a2f72587888843d9ac6105de6dd409e0bb24

SHA512
7f36d1ca9e95aeab4c97174c4845738c903c274e3fceb64d92f7d297045ee7f545d8ff3190995b7a444d03df2d49ebf4cbbc2e382a64f4565ca703f538bac991

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Desktop.txt

Filesize
649B

MD5
1a60a257834f4db4b7f8342d506c6921

SHA1
4552ced42ee64d159e459915bab763ec870e1941

SHA256
24a6bc9fc63ea148f35aa99fc24b13810e87a5f6abab34533666c009e8e58bab

SHA512
93b415043ff45980c5eb2d8ea18900fc3e240b7b3c2090085c6b94caf6060937a65a1fbe36825b0def0489b693b3657ffa7947445345dbf43974660cd599bb06

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Documents.txt

Filesize
895B

MD5
f9d9e7c2d7cc185ffed450c9a5927822

SHA1
fb20809b1f237296b4084592254f69ae1848c946

SHA256
b8bacdcb1c9dde3366523d08998a51cfdc14983a46ebc9868cd0b54b06f279e8

SHA512
31908b6348e7236e3aee556664602882b7cd2aa9e22f7153027d45257e45238915acf5748b5e8fede96a15a4c7f8bf8438d6d550a32b58f7109ce32b10c0eb70

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Pictures.txt

Filesize
709B

MD5
11a02eec470e768977a95faea42aca8e

SHA1
0e233af19fa3b95bb38991257c362343f6b12a36

SHA256
7aff6483ba5f7b2f7025442bd825243ea627a95daccef2eaf84dd5a13889b04f

SHA512
fcdcd71f935e7ef1de30e7d41dc63cbba9db43c786ddeb464f1a18281fb7bce55f64424d4498e8c5561f198eaefffb13c9df4d1e0699f92c6db77ac9d741589e

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Startup.txt

Filesize
24B

MD5
68c93da4981d591704cea7b71cebfb97

SHA1
fd0f8d97463cd33892cc828b4ad04e03fc014fa6

SHA256
889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483

SHA512
63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Temp.txt

Filesize
4KB

MD5
a49e65836e61b6581a4852774ed30139

SHA1
24b6ecb8228dc9862d3a3c6c478b7823ccd39f41

SHA256
1aa5a93c15d03aca029964894af189122afcc599dadd80452aeabf3dc2e68684

SHA512
da11e8ce327f406225e6028fa177c11cb327727c262273e05b51eded273939929ead087efffe6ee640acacbdbb74a2ce57490ff471bf40c1d7ef88eeb88ac274

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Temp.txt

Filesize
20KB

MD5
e274917e5f2784c179be60a9ea8e24c0

SHA1
04d7b0e3e70c1b230885fc375c4c5ca78d8b19ad

SHA256
5faa2a80f4ec24e7339e34625a1be471c3a8d5c8d6db9d36f391045407cb4361

SHA512
4922297299aa70a0b5d6e460468b9e86a84ec443dc8fcbc4b6e9c1092e8d54d9f78df2038a24e70b1dd77941199d4b74db360d1de14f74a32b6b03166bb67696

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Temp.txt

Filesize
4KB

MD5
442ab3157fc021aac1beba0f46e3f620

SHA1
7e72a83f105365e543d9f6ea96551ce7d517c94e

SHA256
03b1b25a5e10565b311c27111b3002ba6d2125c038e9e1afe6fd8c2dc0c79bc1

SHA512
c9b3926de8d6cb2b380786e46405a3aee61f7b137b6085caa3e48d32c4b86c43f48242c817d846e63f40c30b13b642fe44a633f9b4bc0b76c289371d5cefed76

Download Submit
C:\Users\Admin\AppData\Local\1d9db3c2a73d8bdac24747a947fd4f64\Admin@GYHASOLS_en-US\Directories\Videos.txt

Filesize
23B

MD5
1fddbf1169b6c75898b86e7e24bc7c1f

SHA1
d2091060cb5191ff70eb99c0088c182e80c20f8c

SHA256
a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733

SHA512
20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini

Filesize
282B

MD5
9e36cc3537ee9ee1e3b10fa4e761045b

SHA1
7726f55012e1e26cc762c9982e7c6c54ca7bb303

SHA256
4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

SHA512
5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini

Filesize
402B

MD5
ecf88f261853fe08d58e2e903220da14

SHA1
f72807a9e081906654ae196605e681d5938a2e6c

SHA256
cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

SHA512
82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini

Filesize
282B

MD5
3a37312509712d4e12d27240137ff377

SHA1
30ced927e23b584725cf16351394175a6d2a9577

SHA256
b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

SHA512
dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini

Filesize
190B

MD5
d48fce44e0f298e5db52fd5894502727

SHA1
fce1e65756138a3ca4eaaf8f7642867205b44897

SHA256
231a08caba1f9ba9f14bd3e46834288f3c351079fcedda15e391b724ac0c7ea8

SHA512
a1c0378db4e6dac9a8638586f6797bad877769d76334b976779cd90324029d755fb466260ef27bd1e7f9fdf97696cd8cd1318377970a1b5bf340efb12a4feb4a

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini

Filesize
190B

MD5
87a524a2f34307c674dba10708585a5e

SHA1
e0508c3f1496073b9f6f9ecb2fb01cb91f9e8201

SHA256
d01a7ef6233ef4ab3ea7210c0f2837931d334a20ae4d2a05ed03291e59e576c9

SHA512
7cfa6d47190075e1209fb081e36ed7e50e735c9682bfb482dbf5a36746abdad0dccfdb8803ef5042e155e8c1f326770f3c8f7aa32ce66cf3b47cd13781884c38

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini

Filesize
504B

MD5
29eae335b77f438e05594d86a6ca22ff

SHA1
d62ccc830c249de6b6532381b4c16a5f17f95d89

SHA256
88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

SHA512
5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\System\Desktop.jpg

Filesize
10KB

MD5
26e172d28fc5a42cbbc442aea0dca305

SHA1
4b49ca8bf3bac7edb80be2deb3839ef7c3d07ae8

SHA256
cd4587cee3b8b86125aa99ed0074c7aa1a7ab4b0f274e82dc3580dd78a11a2bb

SHA512
790e0ed7569b1d9f358476fa6a215dcce722b980d7d45df72bad90ed80ab49e4ff6f70ac0237797ab48eebc78f663ee1668cc86fd722b9ccbf077f02468ab925

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
312B

MD5
54e21b98ddace7c4900ed75ea1f4f0c8

SHA1
48e2955b1686ba78ad9984d86382f0cec68c3a22

SHA256
688f01df3b809221127e01f9650955d424e80eaa9daadd5147a1c51707bc0d19

SHA512
1ff0ef4092009bd735c236881b971f2189ce66dca6b33636eb664092458c43e6958b1fda8cad2a79faa034a62d2c34a8344ecbdba1a70f5a0820724beee803fd

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
546B

MD5
6533407f5d38ae2d39b85c635bf58952

SHA1
1bdbb9e980d7d3b10a600860a74e8ad868458866

SHA256
4d3a6ea76d99239b78a778d571480e80a30d8e1a51a5ba1c39dc3c18226c92e9

SHA512
664a0adca0ef9d9cf97486fb0047c6ff5efb0918499a7a8b7da8838e4a676de25b2cf1eb2b76f218fff7c29c7fd3539ce49a093879f9234358e80804a1f66562

Download Submit
C:\Users\Admin\AppData\Local\1fa751ba57257cbb1f4bc5f53950fad7\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
603B

MD5
fd46213ef4bd738f57259d00bcacdb3c

SHA1
89274148759ce1fdd50679f4596ddb230d20ff62

SHA256
aae90fc5344a5194c70cea5337e161c20a3f63f30d3646f6d3538bdb0812f161

SHA512
67130a29ee7d04619acf6d1f265d271a7b577b59e89623df7cca7b59edfea42db12bcb061da06822e7b23173a4dd25edbf30c7aac8f5fb5ec32b8489f39a5175

Download Submit
C:\Users\Admin\AppData\Local\2351dab626e18fc454f0abb55fc42ab4\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
156B

MD5
71c4cdae9266d4cfee875f370e88a264

SHA1
705f6bb38dfeaf49c5cf8505f366d42d95deb52b

SHA256
446b508dac6ae4e9f9c3c004fd55921694b63447f3775467f78b858675584b10

SHA512
fe27149ccce17494bcb306364322ac78a79f8d4652964969b2aaf434808215dec2a37f517c117a27489f633b6f6ecf4dcfc1ca90f091a60b852ae76bc1036350

Download Submit
C:\Users\Admin\AppData\Local\73e664de3dcf9d4c2ac41070c40da89c\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
128B

MD5
ed97a6f1547cfe74abc1e1ea0c90dcb8

SHA1
4e55aa49a8f42680e783390202b59a2fce3a733d

SHA256
481639aecfba30ea6dcd7624bd525b5d37f51fe291e50c9b6ec97a2fc8048df8

SHA512
fb4a6e63418f3cb7098d81c1852634b6a3c208193b51f00e7a485941531aa28a11b8efb85057d4e97e711f1cb55a6293be5f28a64586d76da620a4d419cc3bc4

Download Submit
C:\Users\Admin\AppData\Local\73e664de3dcf9d4c2ac41070c40da89c\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
390B

MD5
b4d78a592ee061493ba5a0c850c9552e

SHA1
47b2bab4bfb5ae9bb3280bc5e3c26039f4046dea

SHA256
acb31b4f4010898da5fb8db19b5dae76de1ed4f1e04eee9c9b6ad28f0a133ea2

SHA512
3751227556b98939dc746ff7a32847babe8e4be0311c58074995d6d0b95f2ea9f7afbc1efbb3820a17f82511969ac518e3a29ee9d3aa19748424c0f900fd65f9

Download Submit
C:\Users\Admin\AppData\Local\73e664de3dcf9d4c2ac41070c40da89c\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
64B

MD5
d1a50aec4fe6b5ea3b1c8b90cf020bea

SHA1
93d808d8e541ea9eb9eb162d4b1fcd713908a136

SHA256
202bb5fc297c79b690d0e73b44bbaddc6052dd5a20bfbecdc7ec074bb3ecb05f

SHA512
ea83e406dc28a6ea28c8679ab6d7fd1e8bb17740fd0b433de54dc1d219c739d0ce978a3e4c6b5326a70e178c6adc20470848f2475b5495b7c86ee330e622cc78

Download Submit
C:\Users\Admin\AppData\Local\73e664de3dcf9d4c2ac41070c40da89c\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
940B

MD5
ca4ed8940eeb40fd366b0255e99b7928

SHA1
9489ab70965da73c12f5d8043631c72b52c75618

SHA256
8193621b3862df9acfd07cff0136620f3be9e5bd6006fcd081203f644a514d88

SHA512
82d7db755ae1d7603c8bd7e8b0680244b826a2d6ee24518073ebc9bdffcf3691f18b509ef9f5fb4e648cd1e0dc1f83fa28a0e87a4a74d167ca21abda5bc961fa

Download Submit
C:\Users\Admin\AppData\Local\73e664de3dcf9d4c2ac41070c40da89c\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
1KB

MD5
472543c9f5e13c5f387e798420248f8b

SHA1
98d260475002527cefe400a4c448d7c8166a9944

SHA256
94408e56d3a89d71c3755972b0d61687987ff806f6001a4f20fc02cd820214d6

SHA512
208e0864a2de557bf194523277cca7ee521ece9b281a35c6be730b2a4f05c78d66682e0591e06297379f071f535df2154097239852fb709be7e54a6a2213121e

Download Submit
C:\Users\Admin\AppData\Local\77757401f880293d5eaccc71372ea46e\Admin@GYHASOLS_en-US\Directories\Temp.txt

Filesize
19KB

MD5
3046ab73627a55e2dda27a0aff4f3c57

SHA1
0af334a7ae15cb866d91de5a63314d29ec72dfa7

SHA256
c4b18feb590e92fe0eda754300cfde9ad5592a93d9282e7b08ea1a5856dda7f6

SHA512
9f1a528aa610835de7055efa074c8e04a7a0813d97ab71f53790f340ed05b3b9314d4d77bf663bf8f595d3578430fa4503385d45aecef2c01fb67fb2f147581c

Download Submit
C:\Users\Admin\AppData\Local\77757401f880293d5eaccc71372ea46e\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
630B

MD5
2d9cba8649cad4bee648b20a850aa330

SHA1
11efd67df99612b4e4dab4b2634beb3a710df658

SHA256
91a9b1ee2e97dd7eaf55062b15a84dfe9b7057a51e4c125abd02d979d398c696

SHA512
0f0065e7cfd0cf64bc63ff38392118267a0db8a31144d1beb69f10cc387a107ceb2ebb9a06d7a57c9393b155f22b466b3161b6c2ff4c4fe3c80886977df58a6c

Download Submit
C:\Users\Admin\AppData\Local\77757401f880293d5eaccc71372ea46e\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
1019B

MD5
7a095e36264e0a4b839a09f615c8806a

SHA1
8170a201c94c391b2afbf3e0b243254a48137364

SHA256
7f16bff50c50c3fd42d188ebb545dba438ba626b97b42c356be259c390d14c7c

SHA512
f56885dbef7a2a91d297680494a2a1c9f3bff2135f388b5e3a1b855b6fd9639b06bc5aeca16cd82553d2ac9ce9fa1c907a59bfc305c41214528980bf6d1dc428

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVCHOST.EXE

Filesize
232KB

MD5
905d8f8b1d16ce5c63f6a806e1efeb98

SHA1
75c8c39c0bb5e48f53f1585a9cefa03a997dc680

SHA256
78dcc1bbf29a5d6e5cb57506f273d41e8629232bc733bb4126955f40f60f63f4

SHA512
f0c00f773909bc0b04e638196f902f314d75000e04ed7bc72b3d9b35c4278de3f18d7e02aaf85e70207860aa3d920d167c62e14bbdf9289481bcf516ebf87a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\places.raw

Filesize
5.0MB

MD5
19d479796748c78743fef23c303cc9c6

SHA1
f28c8d0a906458b49ff8fc04011e42dc73d0fc73

SHA256
897b6e3d9528c26af5bc685e4446b749d9230ed6f3ec0e2e058ca5dde736594b

SHA512
7e3d7bf707601ec6825f061a167102c2fed817a5a879f0a513d8892e9868c3490e1d13909f921afecb294b9e8c181922098a7daeebd9b507ea87921f59bfa7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB9FB.tmp.dat

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB9FD.tmp.dat

Filesize
114KB

MD5
d0150bee5e917cfd7a7152d6c1988919

SHA1
fbcb54efb2fc75f72eaea9605b1a2cae557a121b

SHA256
ea86bc11680540f71d4740429e19804ad5c375e5ceee098981f6aebe691b71c1

SHA512
a3c542917de3538c0a10445f3fd96395cac0f2c572fccc948ed755864d5800af16957d7deb5973a469cde52582d3e3ee6f4d3e87acd7b1084d64441268b2504d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA04.tmp.dat

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA39.tmp.dat

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA3F.tmp.dat

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA40.tmp.dat

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA41.tmp.dat

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA61.tmp.dat

Filesize
96KB

MD5
40f3eb83cc9d4cdb0ad82bd5ff2fb824

SHA1
d6582ba879235049134fa9a351ca8f0f785d8835

SHA256
cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

SHA512
cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

Download Submit
C:\Users\Admin\AppData\Local\c6ed46d29c5ac1be065e7eb6266671e2\Admin@GYHASOLS_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
210B

MD5
1267f4be35fbe5510886cf08ddee9fdd

SHA1
04e714a1c8a9d76e860c7cbbe7ebf62c71dea6b9

SHA256
ab038447adbfd1faf46f0d3bf6dc387621dc8435ab552696ec8d9bbe7a6a9ab3

SHA512
6f1bc0ad9eb850f37cddc2422e738f0cbbfe8a7a7e064c0c989cafbf0f7d5ae5bdfced4b3f93952688de3bfa338ff5a8c7258aff8397cdaccb36b23b5d16686b

Download Submit
C:\Users\Admin\AppData\Local\c6ed46d29c5ac1be065e7eb6266671e2\Admin@GYHASOLS_en-US\Directories\Temp.txt

Filesize
10KB

MD5
4ca613df64006815d24b22c862f54bfe

SHA1
37c17edfc73c19bbb7e2a8c4afd53700b28840d0

SHA256
8de158b643b08f95e27cafced08265352579764445721c828f27467c16543d86

SHA512
33517b3b71e2a78e8ed2b5822ca7d6f5ef4c7c819a8d2afd9c259a9be0a2f54c6087ba2169f32d3f0606c30c7f337cca3782ab1636fb565be2bb34d9da45056d

Download Submit
C:\Users\Admin\AppData\Local\c6ed46d29c5ac1be065e7eb6266671e2\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
396B

MD5
0aa561b1bf689e502183be561820c00f

SHA1
49d79beb02897ee599151bb56f923fb1256762ba

SHA256
e27e36601bae07356d9306f15a2f4039915557450f03f98dc07b6ccec7bc9c31

SHA512
5223bf01d4467f1e9fb3f72d711e2551fd12d83fdc94b3a804074cf16df5a03e1d01b1362987bdd697a02f859514b8094222e28bf99363674359f370515793b1

Download Submit
C:\Users\Admin\AppData\Local\c6ed46d29c5ac1be065e7eb6266671e2\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
630B

MD5
8d102bf4d598997246f9e69fd6124d9d

SHA1
630a6a3e6bab355cdb96a36b71ab28d71e1c3f45

SHA256
7fab58a8a0716d3f673397d8f116bbf99f0f8d3f431181b175ed005193f9d621

SHA512
870e6ab9d3ef7c9e506942aca34ed0f6928cd0de895c618900b1cebbc328eb804b4ed1c5bab1e267f2cca4ba694d880688cc601b14ec93359596962a58f36bfb

Download Submit
C:\Users\Admin\AppData\Local\c6ed46d29c5ac1be065e7eb6266671e2\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
936B

MD5
d6690f39f188e1441173c7cc3b559f93

SHA1
d6a0290be6caae8520376547af09e39b9d056942

SHA256
12773c4d9ee7f5157ce47c780b9d33b489e65d64a6241c1a393604bb7b565f52

SHA512
67f8d9c03fbf1be8bbc5420ac624bc65e64e76adfd8c85b84f4469a75c7ee8f78487d559028d95b81e3ba8c4a3178ddda85f5bccafe05b8c51fc881e2e7ae828

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
460B

MD5
07e32410e9bd1709de057f6f0203b771

SHA1
315dcb5860104b3f62d8afb0b10b2e828645d4c7

SHA256
a2d5d213281cfc556d805b5ea83c2c6e9fc8f8b0b9f72d0f615990c8293e299d

SHA512
0b48079342ce2e3b0fee0d579ab6489d66903c538d79aeff555ae7305971db54ed1da94791611757a13cf5a18b1f96096558f7f05145537b05a8ba4680bb9552

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
544B

MD5
f01e5bb28ffbab6886bff88a8b400483

SHA1
06a9a1e938780a4600f2d824ee55edb037e39f89

SHA256
8f10390005c3223f6a5e2370f7e8427b043ec6497e7009b66171523b970c1f49

SHA512
05bea118dfdab732db99a9a91150dbff82f714b49f62125836242c7a93a2022c42d01735fec7682621c5ee1dbeb4b3630eb54cea4510497ea267d429c6313fe4

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
764B

MD5
ce7a9589eb114dbcf7f042c5e1bd673f

SHA1
9989483df4dc9c2f1de495cc7d45420805e8208f

SHA256
ddef154f282876314f2cdb130b520a0c028ddbe0cf9a86269e3454c3b1b51d05

SHA512
c355b1f97d4b637ddd359d5e659050a710501e7f99705ed7814cdfd6d85e9adc017dc7f717f92b3eb7135ffa66f4abd81956e4a67c75ae6d0c3ceb6277bcfae0

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
704B

MD5
0a0fd4bf0590429ccea50e7b8f760777

SHA1
8ae0a2a114de1f47fa25175c1b2b6ee37111c567

SHA256
d7bf873ec37bbdbd73253974072c0fe1612795d160e6539d1e95b2e479da3072

SHA512
d957ca1cf65f0c5eab3cbb8c3e05063d805b5ef732cd303cc12dc6124e93d3bfe012da0ffe72ab4416754861bb8c139dac553cec643d7d68b8369381fcec7031

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
1KB

MD5
dd669d9ab6ba8796f63ffa47dd37acf8

SHA1
d75569a897e211131d4e7aa470142cad343e06b6

SHA256
966d2b8ab64b24c6ef58077b4df59af012391255d0d91a031e40bb9d8ce491ec

SHA512
7404ca6362ae4a1c241cc8a79cb0a892481ada2349dff64852f1706db628b4b42b8d2ffc6423e19e4c7633155e69009d7eec1a9183ca890905d28a1b36ceedb0

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\ProductKey.txt

Filesize
29B

MD5
71eb5479298c7afc6d126fa04d2a9bde

SHA1
a9b3d5505cf9f84bb6c2be2acece53cb40075113

SHA256
f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3

SHA512
7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd

Download Submit
C:\Users\Admin\AppData\Local\e7051baf0b95eaa751fe6c3195791978\Admin@GYHASOLS_en-US\System\ScanningNetworks.txt

Filesize
84B

MD5
58cd2334cfc77db470202487d5034610

SHA1
61fa242465f53c9e64b3752fe76b2adcceb1f237

SHA256
59b3120c5ce1a7d1819510272a927e1c8f1c95385213fccbcdd429ff3492040d

SHA512
c8f52d85ec99177c722527c306a64ba61adc3ad3a5fec6d87749fbad12da424ba6b34880ab9da627fb183412875f241e1c1864d723e62130281e44c14ad1481e

Download Submit
C:\Users\Admin\AppData\Local\f84b08a7374ddd2f57075ebb9c0b405b\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
625B

MD5
fd6e673bfad6306503348a4b1f1e4398

SHA1
5784c7836b045f4c2d7dfa9e6565cb0f7987cd1f

SHA256
5010274ff57d51d76624955bb4dae03cf55f106dbe951894fd987f00cb5be356

SHA512
04fdf470dd9eb8d994f8cb872783c1074c3d8f6ddd8fbe4d7a8d4c8ae67cc6a230dd42ac545d6e3be49fe244809c8ca847833d601cab33f90dac7d714fa64919

Download Submit
C:\Users\Admin\AppData\Local\f84b08a7374ddd2f57075ebb9c0b405b\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
783B

MD5
cbbbd1c0a3a42186e75c9a915248bf5a

SHA1
6a83bd4e2b9b25aa8287650c90245b9a601e2f37

SHA256
e922c3d35a733e62336cdecf4f56a4ad0fbb8a62e32727130878753f91cfce8f

SHA512
d2d173c6085a430fc23e87a591f0ecac125b83ec0e817410e0adfa58eb9f8b2073f84c6c8f478258381f47a946361f7b4620dd6aafff30521ff2f868a86d7dd3

Download Submit
C:\Users\Admin\AppData\Local\fe4dbb43f91eb75b6c2ae040b8704fb9\Admin@GYHASOLS_en-US\Directories\Downloads.txt

Filesize
717B

MD5
97ff15deec89f0fd2e159b7fd00a6c66

SHA1
211b86ea9e4aebac0d68c17d8ca172889b754a05

SHA256
95b6a72fa4afe8ce62d510365f27055e9c088650932d27479553838397c0303e

SHA512
2be6586f26cc74b4a77b3ff619c938eb66b0715f415d36002f27a2d7b8c8092ed6118c4c40316863eaa63f95934aab1ea75cc39bf8ad6f4fb99e6ca13b7996b6

Download Submit
C:\Users\Admin\AppData\Local\fe4dbb43f91eb75b6c2ae040b8704fb9\Admin@GYHASOLS_en-US\Directories\OneDrive.txt

Filesize
25B

MD5
966247eb3ee749e21597d73c4176bd52

SHA1
1e9e63c2872cef8f015d4b888eb9f81b00a35c79

SHA256
8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

SHA512
bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

Download Submit
C:\Users\Admin\AppData\Local\fe4dbb43f91eb75b6c2ae040b8704fb9\Admin@GYHASOLS_en-US\System\Process.txt

Filesize
192B

MD5
cc7daf7e2174edb825d8fc79ec1490ed

SHA1
ecb2e8adb6ff0c37a071b952c311d0fafb01c058

SHA256
8c6cc15b9c873f5a6626a4a8bad790004eda7b50dd713aded05d9a64db891ffd

SHA512
f7750a11a8afba7d541ae5670b379ae9d6626b77b5a21726bbab3cc068445e0696f80378198514f09509908269569ac9391f5854ca2c46603b59171754439fa6

Download Submit
memory/468-11-0x0000000073E4E000-0x0000000073E4F000-memory.dmp

Filesize
4KB

Download
memory/468-392-0x0000000073E4E000-0x0000000073E4F000-memory.dmp

Filesize
4KB

Download
memory/1060-2459-0x00000000067D0000-0x00000000067DA000-memory.dmp

Filesize
40KB

Download
memory/2980-14-0x0000000004F10000-0x0000000004F76000-memory.dmp

Filesize
408KB

Download
memory/2980-13-0x0000000000140000-0x0000000000180000-memory.dmp

Filesize
256KB

Download
memory/3568-37-0x00000000064A0000-0x0000000006532000-memory.dmp

Filesize
584KB

Download
memory/4752-36-0x0000000006BB0000-0x0000000007154000-memory.dmp

Filesize
5.6MB

Download
memory/5468-7059-0x00000000069E0000-0x00000000069EA000-memory.dmp

Filesize
40KB

Download
memory/9372-7119-0x0000000075B20000-0x0000000075B45000-memory.dmp

Filesize
148KB

Download
memory/10084-7058-0x00007FFBE31B0000-0x00007FFBE33A5000-memory.dmp

Filesize
2.0MB

Download
memory/10976-7066-0x00000000748A0000-0x00000000748C4000-memory.dmp

Filesize
144KB

Download
memory/14168-6864-0x0000000000110000-0x000000000016A000-memory.dmp

Filesize
360KB

Download
memory/14180-7057-0x0000000000110000-0x000000000016A000-memory.dmp

Filesize
360KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads