154100x80000000000000004373Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-04-15 12:36:05.564{0267E025-52B5-67FE-8808-00000000DA03}712C:\ProgramData\RelTekAudio.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\ProgramData\RelTekAudio.exe" C:\ProgramData\AR-WIN-DC-2\Administrator{0267E025-1564-67FE-6CEE-050000000000}0x5ee6c2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0267E025-1565-67FE-A000-00000000DA03}4076C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-DC-2\Administrator 154100x80000000000000004280Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-04-15 12:25:22.107{0267E025-5032-67FE-3808-00000000DA03}4468C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RelTekAudio.exe'C:\Users\malware\AR-WIN-DC-2\Administrator{0267E025-1564-67FE-6CEE-050000000000}0x5ee6c2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0267E025-502A-67FE-2908-00000000DA03}6796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"AR-WIN-DC-2\Administrator 154100x80000000000000004276Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-04-15 12:25:21.078{0267E025-5031-67FE-3408-00000000DA03}1784C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\RelTekAudio.exe'C:\Users\malware\AR-WIN-DC-2\Administrator{0267E025-1564-67FE-6CEE-050000000000}0x5ee6c2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0267E025-502A-67FE-2908-00000000DA03}6796C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"AR-WIN-DC-2\Administrator