warzonerat | 3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95

Analysis

max time kernel
130s
max time network
97s
platform
windows10_x64
resource
win10
submitted
25-06-2020 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
Size

1.8MB
MD5

eb7aa7c1460bcdef08b202e20cc8c474
SHA1

2826e616df002bd1c3b114c864482f2e30a115d0
SHA256

3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95
SHA512

d11dbbd1147bc6f96614eab2ca2654eaec4fb967e60fa68b9734086d30c6b3da15e4ec377ee63c4bbce2438b37ff865e631d420ddb5345152de6820b70e38682

Score

10^/10

rat infostealer warzonerat persistence evasion

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs
evasion

Hidden Files and Directories
T1158

Modify Registry
T1112
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT Payload 173 IoCs

rat

resource	yara_rule
behavioral2/files/0x000200000001adb0-12.dat	warzonerat
behavioral2/files/0x000200000001adb0-13.dat	warzonerat
behavioral2/files/0x000200000001adb0-16.dat	warzonerat
behavioral2/files/0x000200000001ada8-17.dat	warzonerat
behavioral2/files/0x000100000001adae-19.dat	warzonerat
behavioral2/files/0x000500000001adaf-27.dat	warzonerat
behavioral2/files/0x000500000001adaf-28.dat	warzonerat
behavioral2/files/0x000500000001adaf-34.dat	warzonerat
behavioral2/files/0x000500000001adaf-38.dat	warzonerat
behavioral2/files/0x000500000001adaf-42.dat	warzonerat
behavioral2/files/0x000500000001adaf-46.dat	warzonerat
behavioral2/files/0x000500000001adaf-50.dat	warzonerat
behavioral2/files/0x000500000001adaf-54.dat	warzonerat
behavioral2/files/0x000500000001adaf-58.dat	warzonerat
behavioral2/files/0x000500000001adaf-62.dat	warzonerat
behavioral2/files/0x000500000001adaf-66.dat	warzonerat
behavioral2/files/0x000500000001adaf-70.dat	warzonerat
behavioral2/files/0x000500000001adaf-74.dat	warzonerat
behavioral2/files/0x000500000001adaf-78.dat	warzonerat
behavioral2/files/0x000500000001adaf-82.dat	warzonerat
behavioral2/files/0x000500000001adaf-86.dat	warzonerat
behavioral2/files/0x000500000001adaf-90.dat	warzonerat
behavioral2/files/0x000500000001adaf-94.dat	warzonerat
behavioral2/files/0x000500000001adaf-98.dat	warzonerat
behavioral2/files/0x000500000001adaf-102.dat	warzonerat
behavioral2/files/0x000500000001adaf-106.dat	warzonerat
behavioral2/files/0x000500000001adaf-110.dat	warzonerat
behavioral2/files/0x000500000001adaf-114.dat	warzonerat
behavioral2/files/0x000500000001adaf-118.dat	warzonerat
behavioral2/files/0x000500000001adaf-122.dat	warzonerat
behavioral2/files/0x000500000001adaf-126.dat	warzonerat
behavioral2/files/0x000500000001adaf-130.dat	warzonerat
behavioral2/files/0x000500000001adaf-134.dat	warzonerat
behavioral2/files/0x000500000001adaf-138.dat	warzonerat
behavioral2/files/0x000500000001adaf-142.dat	warzonerat
behavioral2/files/0x000500000001adaf-146.dat	warzonerat
behavioral2/files/0x000500000001adaf-150.dat	warzonerat
behavioral2/files/0x000500000001adaf-154.dat	warzonerat
behavioral2/files/0x000500000001adaf-158.dat	warzonerat
behavioral2/files/0x000500000001adaf-162.dat	warzonerat
behavioral2/files/0x000500000001adaf-166.dat	warzonerat
behavioral2/files/0x000500000001adaf-170.dat	warzonerat
behavioral2/files/0x000500000001adaf-174.dat	warzonerat
behavioral2/files/0x000500000001adaf-178.dat	warzonerat
behavioral2/files/0x000500000001adaf-182.dat	warzonerat
behavioral2/files/0x000500000001adaf-186.dat	warzonerat
behavioral2/files/0x000500000001adaf-190.dat	warzonerat
behavioral2/files/0x000500000001adaf-194.dat	warzonerat
behavioral2/files/0x000500000001adaf-198.dat	warzonerat
behavioral2/files/0x000500000001adaf-202.dat	warzonerat
behavioral2/files/0x000500000001adaf-206.dat	warzonerat
behavioral2/files/0x000500000001adaf-210.dat	warzonerat
behavioral2/files/0x000500000001adaf-214.dat	warzonerat
behavioral2/files/0x000500000001adaf-218.dat	warzonerat
behavioral2/files/0x000500000001adaf-222.dat	warzonerat
behavioral2/files/0x000500000001adaf-226.dat	warzonerat
behavioral2/files/0x000500000001adaf-230.dat	warzonerat
behavioral2/files/0x000500000001adaf-234.dat	warzonerat
behavioral2/files/0x000500000001adaf-238.dat	warzonerat
behavioral2/files/0x000500000001adaf-242.dat	warzonerat
behavioral2/files/0x000500000001adaf-246.dat	warzonerat
behavioral2/files/0x000500000001adaf-250.dat	warzonerat
behavioral2/files/0x000500000001adaf-254.dat	warzonerat
behavioral2/files/0x000500000001adaf-258.dat	warzonerat
behavioral2/files/0x000500000001adaf-262.dat	warzonerat
behavioral2/files/0x000500000001adaf-266.dat	warzonerat
behavioral2/files/0x000500000001adaf-270.dat	warzonerat
behavioral2/files/0x000500000001adaf-274.dat	warzonerat
behavioral2/files/0x000500000001adaf-278.dat	warzonerat
behavioral2/files/0x000500000001adaf-282.dat	warzonerat
behavioral2/files/0x000500000001adaf-286.dat	warzonerat
behavioral2/files/0x000500000001adaf-290.dat	warzonerat
behavioral2/files/0x000500000001adaf-294.dat	warzonerat
behavioral2/files/0x000500000001adaf-298.dat	warzonerat
behavioral2/files/0x000500000001adaf-302.dat	warzonerat
behavioral2/files/0x000500000001adaf-306.dat	warzonerat
behavioral2/files/0x000500000001adaf-310.dat	warzonerat
behavioral2/files/0x000500000001adaf-314.dat	warzonerat
behavioral2/files/0x000500000001adaf-318.dat	warzonerat
behavioral2/files/0x000500000001adaf-322.dat	warzonerat
behavioral2/files/0x000500000001adaf-326.dat	warzonerat
behavioral2/files/0x000500000001adaf-330.dat	warzonerat
behavioral2/files/0x000500000001adaf-334.dat	warzonerat
behavioral2/files/0x000500000001adaf-338.dat	warzonerat
behavioral2/files/0x000500000001adaf-342.dat	warzonerat
behavioral2/files/0x000500000001adaf-346.dat	warzonerat
behavioral2/files/0x000500000001adaf-350.dat	warzonerat
behavioral2/files/0x000500000001adaf-354.dat	warzonerat
behavioral2/files/0x000500000001adaf-358.dat	warzonerat
behavioral2/files/0x000500000001adaf-362.dat	warzonerat
behavioral2/files/0x000500000001adaf-366.dat	warzonerat
behavioral2/files/0x000500000001adaf-370.dat	warzonerat
behavioral2/files/0x000500000001adaf-374.dat	warzonerat
behavioral2/files/0x000500000001adaf-378.dat	warzonerat
behavioral2/files/0x000500000001adaf-382.dat	warzonerat
behavioral2/files/0x000500000001adaf-386.dat	warzonerat
behavioral2/files/0x000500000001adaf-390.dat	warzonerat
behavioral2/files/0x000500000001adaf-394.dat	warzonerat
behavioral2/files/0x000500000001adaf-398.dat	warzonerat
behavioral2/files/0x000500000001adaf-402.dat	warzonerat
behavioral2/files/0x000500000001adaf-406.dat	warzonerat
behavioral2/files/0x000500000001adaf-410.dat	warzonerat
behavioral2/files/0x000500000001adaf-414.dat	warzonerat
behavioral2/files/0x000500000001adaf-418.dat	warzonerat
behavioral2/files/0x000500000001adaf-422.dat	warzonerat
behavioral2/files/0x000500000001adaf-426.dat	warzonerat
behavioral2/files/0x000500000001adaf-430.dat	warzonerat
behavioral2/files/0x000500000001adaf-434.dat	warzonerat
behavioral2/files/0x000500000001adaf-438.dat	warzonerat
behavioral2/files/0x000500000001adaf-442.dat	warzonerat
behavioral2/files/0x000500000001adaf-446.dat	warzonerat
behavioral2/files/0x000500000001adaf-450.dat	warzonerat
behavioral2/files/0x000500000001adaf-454.dat	warzonerat
behavioral2/files/0x000500000001adaf-458.dat	warzonerat
behavioral2/files/0x000500000001adaf-462.dat	warzonerat
behavioral2/files/0x000500000001adaf-466.dat	warzonerat
behavioral2/files/0x000500000001adaf-470.dat	warzonerat
behavioral2/files/0x000500000001adaf-474.dat	warzonerat
behavioral2/files/0x000500000001adaf-478.dat	warzonerat
behavioral2/files/0x000500000001adaf-482.dat	warzonerat
behavioral2/files/0x000500000001adaf-486.dat	warzonerat
behavioral2/files/0x000500000001adaf-490.dat	warzonerat
behavioral2/files/0x000500000001adaf-494.dat	warzonerat
behavioral2/files/0x000500000001adaf-498.dat	warzonerat
behavioral2/files/0x000500000001adaf-502.dat	warzonerat
behavioral2/files/0x000500000001adaf-506.dat	warzonerat
behavioral2/files/0x000500000001adaf-510.dat	warzonerat
behavioral2/files/0x000500000001adaf-514.dat	warzonerat
behavioral2/files/0x000500000001adaf-518.dat	warzonerat
behavioral2/files/0x000500000001adaf-522.dat	warzonerat
behavioral2/files/0x000500000001adaf-526.dat	warzonerat
behavioral2/files/0x000500000001adaf-530.dat	warzonerat
behavioral2/files/0x000500000001adaf-534.dat	warzonerat
behavioral2/files/0x000500000001adaf-538.dat	warzonerat
behavioral2/files/0x000500000001adaf-542.dat	warzonerat
behavioral2/files/0x000500000001adaf-546.dat	warzonerat
behavioral2/files/0x000500000001adaf-550.dat	warzonerat
behavioral2/files/0x000500000001adaf-554.dat	warzonerat
behavioral2/files/0x000500000001adaf-558.dat	warzonerat
behavioral2/files/0x000500000001adaf-562.dat	warzonerat
behavioral2/files/0x000500000001adaf-566.dat	warzonerat
behavioral2/files/0x000500000001adaf-570.dat	warzonerat
behavioral2/files/0x000500000001adaf-574.dat	warzonerat
behavioral2/files/0x000500000001adaf-578.dat	warzonerat
behavioral2/files/0x000500000001adaf-582.dat	warzonerat
behavioral2/files/0x000500000001adaf-586.dat	warzonerat
behavioral2/files/0x000500000001adaf-590.dat	warzonerat
behavioral2/files/0x000500000001adaf-594.dat	warzonerat
behavioral2/files/0x000500000001adaf-598.dat	warzonerat
behavioral2/files/0x000500000001adaf-602.dat	warzonerat
behavioral2/files/0x000500000001adaf-606.dat	warzonerat
behavioral2/files/0x000500000001adaf-610.dat	warzonerat
behavioral2/files/0x000500000001adaf-614.dat	warzonerat
behavioral2/files/0x000500000001adaf-618.dat	warzonerat
behavioral2/files/0x000500000001adaf-622.dat	warzonerat
behavioral2/files/0x000500000001adaf-626.dat	warzonerat
behavioral2/files/0x000500000001adaf-630.dat	warzonerat
behavioral2/files/0x000500000001adaf-634.dat	warzonerat
behavioral2/files/0x000500000001adaf-638.dat	warzonerat
behavioral2/files/0x000500000001adaf-642.dat	warzonerat
behavioral2/files/0x000500000001adaf-646.dat	warzonerat
behavioral2/files/0x000500000001adaf-650.dat	warzonerat
behavioral2/files/0x000500000001adaf-654.dat	warzonerat
behavioral2/files/0x000500000001adaf-658.dat	warzonerat
behavioral2/files/0x000500000001adaf-662.dat	warzonerat
behavioral2/files/0x000500000001adaf-666.dat	warzonerat
behavioral2/files/0x000500000001adaf-670.dat	warzonerat
behavioral2/files/0x000500000001adaf-674.dat	warzonerat
behavioral2/files/0x000500000001adaf-678.dat	warzonerat
behavioral2/files/0x000500000001adaf-682.dat	warzonerat
behavioral2/files/0x000500000001adaf-686.dat	warzonerat
behavioral2/files/0x000500000001adaf-690.dat	warzonerat
behavioral2/files/0x000500000001adaf-694.dat	warzonerat

Executes dropped EXE 171 IoCs

pid	Process
3632	explorer.exe
1776	explorer.exe
2164	spoolsv.exe
2704	spoolsv.exe
2852	spoolsv.exe
1460	spoolsv.exe
2228	spoolsv.exe
3984	spoolsv.exe
3728	spoolsv.exe
3716	spoolsv.exe
3624	spoolsv.exe
3640	spoolsv.exe
3824	spoolsv.exe
3264	spoolsv.exe
3348	spoolsv.exe
3352	spoolsv.exe
1148	spoolsv.exe
1992	spoolsv.exe
1632	spoolsv.exe
1444	spoolsv.exe
2824	spoolsv.exe
3636	spoolsv.exe
1984	spoolsv.exe
1812	spoolsv.exe
3632	spoolsv.exe
2432	spoolsv.exe
2944	spoolsv.exe
4028	spoolsv.exe
3608	spoolsv.exe
740	spoolsv.exe
3336	spoolsv.exe
3364	spoolsv.exe
1312	spoolsv.exe
2288	spoolsv.exe
1388	spoolsv.exe
3760	spoolsv.exe
2488	spoolsv.exe
2696	spoolsv.exe
3980	spoolsv.exe
3668	spoolsv.exe
3860	spoolsv.exe
1384	spoolsv.exe
2096	spoolsv.exe
3020	spoolsv.exe
3332	spoolsv.exe
3872	spoolsv.exe
3812	spoolsv.exe
3648	spoolsv.exe
1348	spoolsv.exe
4124	spoolsv.exe
4156	spoolsv.exe
4188	spoolsv.exe
4220	spoolsv.exe
4252	spoolsv.exe
4284	spoolsv.exe
4316	spoolsv.exe
4352	spoolsv.exe
4384	spoolsv.exe
4416	spoolsv.exe
4448	spoolsv.exe
4480	spoolsv.exe
4512	spoolsv.exe
4544	spoolsv.exe
4576	spoolsv.exe
4608	spoolsv.exe
4640	spoolsv.exe
4672	spoolsv.exe
4704	spoolsv.exe
4736	spoolsv.exe
4768	spoolsv.exe
4800	spoolsv.exe
4832	spoolsv.exe
4864	spoolsv.exe
4896	spoolsv.exe
4928	spoolsv.exe
4960	spoolsv.exe
4992	spoolsv.exe
5024	spoolsv.exe
5056	spoolsv.exe
5088	spoolsv.exe
4100	spoolsv.exe
4164	spoolsv.exe
4228	spoolsv.exe
4292	spoolsv.exe
4360	spoolsv.exe
4424	spoolsv.exe
4488	spoolsv.exe
4552	spoolsv.exe
4616	spoolsv.exe
4668	spoolsv.exe
4732	spoolsv.exe
4796	spoolsv.exe
4860	spoolsv.exe
4924	spoolsv.exe
4988	spoolsv.exe
5052	spoolsv.exe
5116	spoolsv.exe
4216	spoolsv.exe
4348	spoolsv.exe
4476	spoolsv.exe
4604	spoolsv.exe
4728	spoolsv.exe
4856	spoolsv.exe
4984	spoolsv.exe
5048	spoolsv.exe
4212	spoolsv.exe
4472	spoolsv.exe
4716	spoolsv.exe
4972	spoolsv.exe
4184	spoolsv.exe
4696	spoolsv.exe
4148	spoolsv.exe
5100	spoolsv.exe
5128	spoolsv.exe
5160	spoolsv.exe
5192	spoolsv.exe
5224	spoolsv.exe
5256	spoolsv.exe
5288	spoolsv.exe
5320	spoolsv.exe
5352	spoolsv.exe
5384	spoolsv.exe
5416	spoolsv.exe
5448	spoolsv.exe
5480	spoolsv.exe
5512	spoolsv.exe
5544	spoolsv.exe
5576	spoolsv.exe
5608	spoolsv.exe
5640	spoolsv.exe
5672	spoolsv.exe
5704	spoolsv.exe
5736	spoolsv.exe
5768	spoolsv.exe
5800	spoolsv.exe
5832	spoolsv.exe
5864	spoolsv.exe
5896	spoolsv.exe
5928	spoolsv.exe
5960	spoolsv.exe
5992	spoolsv.exe
6024	spoolsv.exe
6056	spoolsv.exe
6088	spoolsv.exe
6120	spoolsv.exe
1068	spoolsv.exe
5188	spoolsv.exe
5236	spoolsv.exe
5300	spoolsv.exe
5360	spoolsv.exe
5408	spoolsv.exe
5460	spoolsv.exe
5504	spoolsv.exe
5568	spoolsv.exe
5604	spoolsv.exe
5668	spoolsv.exe
5728	spoolsv.exe
5780	spoolsv.exe
1480	spoolsv.exe
5888	spoolsv.exe
2972	spoolsv.exe
6000	spoolsv.exe
6064	spoolsv.exe
6116	spoolsv.exe
5140	spoolsv.exe
3868	spoolsv.exe
5316	spoolsv.exe
5396	spoolsv.exe
2072	spoolsv.exe
3664	spoolsv.exe
1916	spoolsv.exe

Modifies Installed Components in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	spoolsv.exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 3864 set thread context of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 set thread context of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3632 set thread context of 1776	3632	explorer.exe	76
PID 3632 set thread context of 1472	3632	explorer.exe	77
PID 2164 set thread context of 3664	2164	spoolsv.exe	245
PID 2164 set thread context of 5652	2164	spoolsv.exe	246
PID 2704 set thread context of 5844	2704	spoolsv.exe	248

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system\explorer.exe	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 338 IoCs

pid	Process
3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1776	explorer.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
1776	explorer.exe
3664	spoolsv.exe
3664	spoolsv.exe

Suspicious use of WriteProcessMemory 554 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3828	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	67
PID 3864 wrote to memory of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3864 wrote to memory of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3864 wrote to memory of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3864 wrote to memory of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3864 wrote to memory of 3324	3864	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	68
PID 3828 wrote to memory of 3632	3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	69
PID 3828 wrote to memory of 3632	3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	69
PID 3828 wrote to memory of 3632	3828	3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe	69
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1776	3632	explorer.exe	76
PID 3632 wrote to memory of 1472	3632	explorer.exe	77
PID 3632 wrote to memory of 1472	3632	explorer.exe	77
PID 3632 wrote to memory of 1472	3632	explorer.exe	77
PID 3632 wrote to memory of 1472	3632	explorer.exe	77
PID 3632 wrote to memory of 1472	3632	explorer.exe	77
PID 1776 wrote to memory of 2164	1776	explorer.exe	78
PID 1776 wrote to memory of 2164	1776	explorer.exe	78
PID 1776 wrote to memory of 2164	1776	explorer.exe	78
PID 1776 wrote to memory of 2704	1776	explorer.exe	79
PID 1776 wrote to memory of 2704	1776	explorer.exe	79
PID 1776 wrote to memory of 2704	1776	explorer.exe	79
PID 1776 wrote to memory of 2852	1776	explorer.exe	80
PID 1776 wrote to memory of 2852	1776	explorer.exe	80
PID 1776 wrote to memory of 2852	1776	explorer.exe	80
PID 1776 wrote to memory of 1460	1776	explorer.exe	81
PID 1776 wrote to memory of 1460	1776	explorer.exe	81
PID 1776 wrote to memory of 1460	1776	explorer.exe	81
PID 1776 wrote to memory of 2228	1776	explorer.exe	82
PID 1776 wrote to memory of 2228	1776	explorer.exe	82
PID 1776 wrote to memory of 2228	1776	explorer.exe	82
PID 1776 wrote to memory of 3984	1776	explorer.exe	83
PID 1776 wrote to memory of 3984	1776	explorer.exe	83
PID 1776 wrote to memory of 3984	1776	explorer.exe	83
PID 1776 wrote to memory of 3728	1776	explorer.exe	84
PID 1776 wrote to memory of 3728	1776	explorer.exe	84
PID 1776 wrote to memory of 3728	1776	explorer.exe	84
PID 1776 wrote to memory of 3716	1776	explorer.exe	85
PID 1776 wrote to memory of 3716	1776	explorer.exe	85
PID 1776 wrote to memory of 3716	1776	explorer.exe	85
PID 1776 wrote to memory of 3624	1776	explorer.exe	86
PID 1776 wrote to memory of 3624	1776	explorer.exe	86
PID 1776 wrote to memory of 3624	1776	explorer.exe	86
PID 1776 wrote to memory of 3640	1776	explorer.exe	87
PID 1776 wrote to memory of 3640	1776	explorer.exe	87
PID 1776 wrote to memory of 3640	1776	explorer.exe	87
PID 1776 wrote to memory of 3824	1776	explorer.exe	88
PID 1776 wrote to memory of 3824	1776	explorer.exe	88
PID 1776 wrote to memory of 3824	1776	explorer.exe	88
PID 1776 wrote to memory of 3264	1776	explorer.exe	89
PID 1776 wrote to memory of 3264	1776	explorer.exe	89
PID 1776 wrote to memory of 3264	1776	explorer.exe	89
PID 1776 wrote to memory of 3348	1776	explorer.exe	90
PID 1776 wrote to memory of 3348	1776	explorer.exe	90
PID 1776 wrote to memory of 3348	1776	explorer.exe	90
PID 1776 wrote to memory of 3352	1776	explorer.exe	91
PID 1776 wrote to memory of 3352	1776	explorer.exe	91
PID 1776 wrote to memory of 3352	1776	explorer.exe	91
PID 1776 wrote to memory of 1148	1776	explorer.exe	92
PID 1776 wrote to memory of 1148	1776	explorer.exe	92
PID 1776 wrote to memory of 1148	1776	explorer.exe	92
PID 1776 wrote to memory of 1992	1776	explorer.exe	93
PID 1776 wrote to memory of 1992	1776	explorer.exe	93
PID 1776 wrote to memory of 1992	1776	explorer.exe	93
PID 1776 wrote to memory of 1632	1776	explorer.exe	94
PID 1776 wrote to memory of 1632	1776	explorer.exe	94
PID 1776 wrote to memory of 1632	1776	explorer.exe	94
PID 1776 wrote to memory of 1444	1776	explorer.exe	95
PID 1776 wrote to memory of 1444	1776	explorer.exe	95
PID 1776 wrote to memory of 1444	1776	explorer.exe	95
PID 1776 wrote to memory of 2824	1776	explorer.exe	96
PID 1776 wrote to memory of 2824	1776	explorer.exe	96
PID 1776 wrote to memory of 2824	1776	explorer.exe	96
PID 1776 wrote to memory of 3636	1776	explorer.exe	97
PID 1776 wrote to memory of 3636	1776	explorer.exe	97
PID 1776 wrote to memory of 3636	1776	explorer.exe	97
PID 1776 wrote to memory of 1984	1776	explorer.exe	98
PID 1776 wrote to memory of 1984	1776	explorer.exe	98
PID 1776 wrote to memory of 1984	1776	explorer.exe	98
PID 1776 wrote to memory of 1812	1776	explorer.exe	99
PID 1776 wrote to memory of 1812	1776	explorer.exe	99
PID 1776 wrote to memory of 1812	1776	explorer.exe	99
PID 1776 wrote to memory of 3632	1776	explorer.exe	100
PID 1776 wrote to memory of 3632	1776	explorer.exe	100
PID 1776 wrote to memory of 3632	1776	explorer.exe	100
PID 1776 wrote to memory of 2432	1776	explorer.exe	101
PID 1776 wrote to memory of 2432	1776	explorer.exe	101
PID 1776 wrote to memory of 2432	1776	explorer.exe	101
PID 1776 wrote to memory of 2944	1776	explorer.exe	102
PID 1776 wrote to memory of 2944	1776	explorer.exe	102
PID 1776 wrote to memory of 2944	1776	explorer.exe	102
PID 1776 wrote to memory of 4028	1776	explorer.exe	103
PID 1776 wrote to memory of 4028	1776	explorer.exe	103
PID 1776 wrote to memory of 4028	1776	explorer.exe	103
PID 1776 wrote to memory of 3608	1776	explorer.exe	104
PID 1776 wrote to memory of 3608	1776	explorer.exe	104
PID 1776 wrote to memory of 3608	1776	explorer.exe	104
PID 1776 wrote to memory of 740	1776	explorer.exe	105
PID 1776 wrote to memory of 740	1776	explorer.exe	105
PID 1776 wrote to memory of 740	1776	explorer.exe	105
PID 1776 wrote to memory of 3336	1776	explorer.exe	106
PID 1776 wrote to memory of 3336	1776	explorer.exe	106
PID 1776 wrote to memory of 3336	1776	explorer.exe	106
PID 1776 wrote to memory of 3364	1776	explorer.exe	107
PID 1776 wrote to memory of 3364	1776	explorer.exe	107
PID 1776 wrote to memory of 3364	1776	explorer.exe	107
PID 1776 wrote to memory of 1312	1776	explorer.exe	108
PID 1776 wrote to memory of 1312	1776	explorer.exe	108
PID 1776 wrote to memory of 1312	1776	explorer.exe	108
PID 1776 wrote to memory of 2288	1776	explorer.exe	109
PID 1776 wrote to memory of 2288	1776	explorer.exe	109
PID 1776 wrote to memory of 2288	1776	explorer.exe	109
PID 1776 wrote to memory of 1388	1776	explorer.exe	110
PID 1776 wrote to memory of 1388	1776	explorer.exe	110
PID 1776 wrote to memory of 1388	1776	explorer.exe	110
PID 1776 wrote to memory of 3760	1776	explorer.exe	111
PID 1776 wrote to memory of 3760	1776	explorer.exe	111
PID 1776 wrote to memory of 3760	1776	explorer.exe	111
PID 1776 wrote to memory of 2488	1776	explorer.exe	112
PID 1776 wrote to memory of 2488	1776	explorer.exe	112
PID 1776 wrote to memory of 2488	1776	explorer.exe	112
PID 1776 wrote to memory of 2696	1776	explorer.exe	113
PID 1776 wrote to memory of 2696	1776	explorer.exe	113
PID 1776 wrote to memory of 2696	1776	explorer.exe	113
PID 1776 wrote to memory of 3980	1776	explorer.exe	114
PID 1776 wrote to memory of 3980	1776	explorer.exe	114
PID 1776 wrote to memory of 3980	1776	explorer.exe	114
PID 1776 wrote to memory of 3668	1776	explorer.exe	115
PID 1776 wrote to memory of 3668	1776	explorer.exe	115
PID 1776 wrote to memory of 3668	1776	explorer.exe	115
PID 1776 wrote to memory of 3860	1776	explorer.exe	116
PID 1776 wrote to memory of 3860	1776	explorer.exe	116
PID 1776 wrote to memory of 3860	1776	explorer.exe	116
PID 1776 wrote to memory of 1384	1776	explorer.exe	117
PID 1776 wrote to memory of 1384	1776	explorer.exe	117
PID 1776 wrote to memory of 1384	1776	explorer.exe	117
PID 1776 wrote to memory of 2096	1776	explorer.exe	118
PID 1776 wrote to memory of 2096	1776	explorer.exe	118
PID 1776 wrote to memory of 2096	1776	explorer.exe	118
PID 1776 wrote to memory of 3020	1776	explorer.exe	119
PID 1776 wrote to memory of 3020	1776	explorer.exe	119
PID 1776 wrote to memory of 3020	1776	explorer.exe	119
PID 1776 wrote to memory of 3332	1776	explorer.exe	120
PID 1776 wrote to memory of 3332	1776	explorer.exe	120
PID 1776 wrote to memory of 3332	1776	explorer.exe	120
PID 1776 wrote to memory of 3872	1776	explorer.exe	121
PID 1776 wrote to memory of 3872	1776	explorer.exe	121
PID 1776 wrote to memory of 3872	1776	explorer.exe	121
PID 1776 wrote to memory of 3812	1776	explorer.exe	122
PID 1776 wrote to memory of 3812	1776	explorer.exe	122
PID 1776 wrote to memory of 3812	1776	explorer.exe	122
PID 1776 wrote to memory of 3648	1776	explorer.exe	123
PID 1776 wrote to memory of 3648	1776	explorer.exe	123
PID 1776 wrote to memory of 3648	1776	explorer.exe	123
PID 1776 wrote to memory of 1348	1776	explorer.exe	124
PID 1776 wrote to memory of 1348	1776	explorer.exe	124
PID 1776 wrote to memory of 1348	1776	explorer.exe	124
PID 1776 wrote to memory of 4124	1776	explorer.exe	125
PID 1776 wrote to memory of 4124	1776	explorer.exe	125
PID 1776 wrote to memory of 4124	1776	explorer.exe	125
PID 1776 wrote to memory of 4156	1776	explorer.exe	126
PID 1776 wrote to memory of 4156	1776	explorer.exe	126
PID 1776 wrote to memory of 4156	1776	explorer.exe	126
PID 1776 wrote to memory of 4188	1776	explorer.exe	127
PID 1776 wrote to memory of 4188	1776	explorer.exe	127
PID 1776 wrote to memory of 4188	1776	explorer.exe	127
PID 1776 wrote to memory of 4220	1776	explorer.exe	128
PID 1776 wrote to memory of 4220	1776	explorer.exe	128
PID 1776 wrote to memory of 4220	1776	explorer.exe	128
PID 1776 wrote to memory of 4252	1776	explorer.exe	129
PID 1776 wrote to memory of 4252	1776	explorer.exe	129
PID 1776 wrote to memory of 4252	1776	explorer.exe	129
PID 1776 wrote to memory of 4284	1776	explorer.exe	130
PID 1776 wrote to memory of 4284	1776	explorer.exe	130
PID 1776 wrote to memory of 4284	1776	explorer.exe	130
PID 1776 wrote to memory of 4316	1776	explorer.exe	131
PID 1776 wrote to memory of 4316	1776	explorer.exe	131
PID 1776 wrote to memory of 4316	1776	explorer.exe	131
PID 1776 wrote to memory of 4352	1776	explorer.exe	132
PID 1776 wrote to memory of 4352	1776	explorer.exe	132
PID 1776 wrote to memory of 4352	1776	explorer.exe	132
PID 1776 wrote to memory of 4384	1776	explorer.exe	133
PID 1776 wrote to memory of 4384	1776	explorer.exe	133
PID 1776 wrote to memory of 4384	1776	explorer.exe	133
PID 1776 wrote to memory of 4416	1776	explorer.exe	134
PID 1776 wrote to memory of 4416	1776	explorer.exe	134
PID 1776 wrote to memory of 4416	1776	explorer.exe	134
PID 1776 wrote to memory of 4448	1776	explorer.exe	135
PID 1776 wrote to memory of 4448	1776	explorer.exe	135
PID 1776 wrote to memory of 4448	1776	explorer.exe	135
PID 1776 wrote to memory of 4480	1776	explorer.exe	136
PID 1776 wrote to memory of 4480	1776	explorer.exe	136
PID 1776 wrote to memory of 4480	1776	explorer.exe	136
PID 1776 wrote to memory of 4512	1776	explorer.exe	137
PID 1776 wrote to memory of 4512	1776	explorer.exe	137
PID 1776 wrote to memory of 4512	1776	explorer.exe	137
PID 1776 wrote to memory of 4544	1776	explorer.exe	138
PID 1776 wrote to memory of 4544	1776	explorer.exe	138
PID 1776 wrote to memory of 4544	1776	explorer.exe	138
PID 1776 wrote to memory of 4576	1776	explorer.exe	139
PID 1776 wrote to memory of 4576	1776	explorer.exe	139
PID 1776 wrote to memory of 4576	1776	explorer.exe	139
PID 1776 wrote to memory of 4608	1776	explorer.exe	140
PID 1776 wrote to memory of 4608	1776	explorer.exe	140
PID 1776 wrote to memory of 4608	1776	explorer.exe	140
PID 1776 wrote to memory of 4640	1776	explorer.exe	141
PID 1776 wrote to memory of 4640	1776	explorer.exe	141
PID 1776 wrote to memory of 4640	1776	explorer.exe	141
PID 1776 wrote to memory of 4672	1776	explorer.exe	142
PID 1776 wrote to memory of 4672	1776	explorer.exe	142
PID 1776 wrote to memory of 4672	1776	explorer.exe	142
PID 1776 wrote to memory of 4704	1776	explorer.exe	143
PID 1776 wrote to memory of 4704	1776	explorer.exe	143
PID 1776 wrote to memory of 4704	1776	explorer.exe	143
PID 1776 wrote to memory of 4736	1776	explorer.exe	144
PID 1776 wrote to memory of 4736	1776	explorer.exe	144
PID 1776 wrote to memory of 4736	1776	explorer.exe	144
PID 1776 wrote to memory of 4768	1776	explorer.exe	145
PID 1776 wrote to memory of 4768	1776	explorer.exe	145
PID 1776 wrote to memory of 4768	1776	explorer.exe	145
PID 1776 wrote to memory of 4800	1776	explorer.exe	146
PID 1776 wrote to memory of 4800	1776	explorer.exe	146
PID 1776 wrote to memory of 4800	1776	explorer.exe	146
PID 1776 wrote to memory of 4832	1776	explorer.exe	147
PID 1776 wrote to memory of 4832	1776	explorer.exe	147
PID 1776 wrote to memory of 4832	1776	explorer.exe	147
PID 1776 wrote to memory of 4864	1776	explorer.exe	148
PID 1776 wrote to memory of 4864	1776	explorer.exe	148
PID 1776 wrote to memory of 4864	1776	explorer.exe	148
PID 1776 wrote to memory of 4896	1776	explorer.exe	149
PID 1776 wrote to memory of 4896	1776	explorer.exe	149
PID 1776 wrote to memory of 4896	1776	explorer.exe	149
PID 1776 wrote to memory of 4928	1776	explorer.exe	150
PID 1776 wrote to memory of 4928	1776	explorer.exe	150
PID 1776 wrote to memory of 4928	1776	explorer.exe	150
PID 1776 wrote to memory of 4960	1776	explorer.exe	151
PID 1776 wrote to memory of 4960	1776	explorer.exe	151
PID 1776 wrote to memory of 4960	1776	explorer.exe	151
PID 1776 wrote to memory of 4992	1776	explorer.exe	152
PID 1776 wrote to memory of 4992	1776	explorer.exe	152
PID 1776 wrote to memory of 4992	1776	explorer.exe	152
PID 1776 wrote to memory of 5024	1776	explorer.exe	153
PID 1776 wrote to memory of 5024	1776	explorer.exe	153
PID 1776 wrote to memory of 5024	1776	explorer.exe	153
PID 1776 wrote to memory of 5056	1776	explorer.exe	154
PID 1776 wrote to memory of 5056	1776	explorer.exe	154
PID 1776 wrote to memory of 5056	1776	explorer.exe	154
PID 1776 wrote to memory of 5088	1776	explorer.exe	155
PID 1776 wrote to memory of 5088	1776	explorer.exe	155
PID 1776 wrote to memory of 5088	1776	explorer.exe	155
PID 1776 wrote to memory of 4100	1776	explorer.exe	156
PID 1776 wrote to memory of 4100	1776	explorer.exe	156
PID 1776 wrote to memory of 4100	1776	explorer.exe	156
PID 1776 wrote to memory of 4164	1776	explorer.exe	157
PID 1776 wrote to memory of 4164	1776	explorer.exe	157
PID 1776 wrote to memory of 4164	1776	explorer.exe	157
PID 1776 wrote to memory of 4228	1776	explorer.exe	158
PID 1776 wrote to memory of 4228	1776	explorer.exe	158
PID 1776 wrote to memory of 4228	1776	explorer.exe	158
PID 1776 wrote to memory of 4292	1776	explorer.exe	159
PID 1776 wrote to memory of 4292	1776	explorer.exe	159
PID 1776 wrote to memory of 4292	1776	explorer.exe	159
PID 1776 wrote to memory of 4360	1776	explorer.exe	160
PID 1776 wrote to memory of 4360	1776	explorer.exe	160
PID 1776 wrote to memory of 4360	1776	explorer.exe	160
PID 1776 wrote to memory of 4424	1776	explorer.exe	161
PID 1776 wrote to memory of 4424	1776	explorer.exe	161
PID 1776 wrote to memory of 4424	1776	explorer.exe	161
PID 1776 wrote to memory of 4488	1776	explorer.exe	162
PID 1776 wrote to memory of 4488	1776	explorer.exe	162
PID 1776 wrote to memory of 4488	1776	explorer.exe	162
PID 1776 wrote to memory of 4552	1776	explorer.exe	163
PID 1776 wrote to memory of 4552	1776	explorer.exe	163
PID 1776 wrote to memory of 4552	1776	explorer.exe	163
PID 1776 wrote to memory of 4616	1776	explorer.exe	164
PID 1776 wrote to memory of 4616	1776	explorer.exe	164
PID 1776 wrote to memory of 4616	1776	explorer.exe	164
PID 1776 wrote to memory of 4668	1776	explorer.exe	165
PID 1776 wrote to memory of 4668	1776	explorer.exe	165
PID 1776 wrote to memory of 4668	1776	explorer.exe	165
PID 1776 wrote to memory of 4732	1776	explorer.exe	166
PID 1776 wrote to memory of 4732	1776	explorer.exe	166
PID 1776 wrote to memory of 4732	1776	explorer.exe	166
PID 1776 wrote to memory of 4796	1776	explorer.exe	167
PID 1776 wrote to memory of 4796	1776	explorer.exe	167
PID 1776 wrote to memory of 4796	1776	explorer.exe	167
PID 1776 wrote to memory of 4860	1776	explorer.exe	168
PID 1776 wrote to memory of 4860	1776	explorer.exe	168
PID 1776 wrote to memory of 4860	1776	explorer.exe	168
PID 1776 wrote to memory of 4924	1776	explorer.exe	169
PID 1776 wrote to memory of 4924	1776	explorer.exe	169
PID 1776 wrote to memory of 4924	1776	explorer.exe	169
PID 1776 wrote to memory of 4988	1776	explorer.exe	170
PID 1776 wrote to memory of 4988	1776	explorer.exe	170
PID 1776 wrote to memory of 4988	1776	explorer.exe	170
PID 1776 wrote to memory of 5052	1776	explorer.exe	171
PID 1776 wrote to memory of 5052	1776	explorer.exe	171
PID 1776 wrote to memory of 5052	1776	explorer.exe	171
PID 1776 wrote to memory of 5116	1776	explorer.exe	172
PID 1776 wrote to memory of 5116	1776	explorer.exe	172
PID 1776 wrote to memory of 5116	1776	explorer.exe	172
PID 1776 wrote to memory of 4216	1776	explorer.exe	173
PID 1776 wrote to memory of 4216	1776	explorer.exe	173
PID 1776 wrote to memory of 4216	1776	explorer.exe	173
PID 1776 wrote to memory of 4348	1776	explorer.exe	174
PID 1776 wrote to memory of 4348	1776	explorer.exe	174
PID 1776 wrote to memory of 4348	1776	explorer.exe	174
PID 1776 wrote to memory of 4476	1776	explorer.exe	175
PID 1776 wrote to memory of 4476	1776	explorer.exe	175
PID 1776 wrote to memory of 4476	1776	explorer.exe	175
PID 1776 wrote to memory of 4604	1776	explorer.exe	176
PID 1776 wrote to memory of 4604	1776	explorer.exe	176
PID 1776 wrote to memory of 4604	1776	explorer.exe	176
PID 1776 wrote to memory of 4728	1776	explorer.exe	177
PID 1776 wrote to memory of 4728	1776	explorer.exe	177
PID 1776 wrote to memory of 4728	1776	explorer.exe	177
PID 1776 wrote to memory of 4856	1776	explorer.exe	178
PID 1776 wrote to memory of 4856	1776	explorer.exe	178
PID 1776 wrote to memory of 4856	1776	explorer.exe	178
PID 1776 wrote to memory of 4984	1776	explorer.exe	179
PID 1776 wrote to memory of 4984	1776	explorer.exe	179
PID 1776 wrote to memory of 4984	1776	explorer.exe	179
PID 1776 wrote to memory of 5048	1776	explorer.exe	180
PID 1776 wrote to memory of 5048	1776	explorer.exe	180
PID 1776 wrote to memory of 5048	1776	explorer.exe	180
PID 1776 wrote to memory of 4212	1776	explorer.exe	181
PID 1776 wrote to memory of 4212	1776	explorer.exe	181
PID 1776 wrote to memory of 4212	1776	explorer.exe	181
PID 1776 wrote to memory of 4472	1776	explorer.exe	182
PID 1776 wrote to memory of 4472	1776	explorer.exe	182
PID 1776 wrote to memory of 4472	1776	explorer.exe	182
PID 1776 wrote to memory of 4716	1776	explorer.exe	183
PID 1776 wrote to memory of 4716	1776	explorer.exe	183
PID 1776 wrote to memory of 4716	1776	explorer.exe	183
PID 1776 wrote to memory of 4972	1776	explorer.exe	184
PID 1776 wrote to memory of 4972	1776	explorer.exe	184
PID 1776 wrote to memory of 4972	1776	explorer.exe	184
PID 1776 wrote to memory of 4184	1776	explorer.exe	185
PID 1776 wrote to memory of 4184	1776	explorer.exe	185
PID 1776 wrote to memory of 4184	1776	explorer.exe	185
PID 1776 wrote to memory of 4696	1776	explorer.exe	186
PID 1776 wrote to memory of 4696	1776	explorer.exe	186
PID 1776 wrote to memory of 4696	1776	explorer.exe	186
PID 1776 wrote to memory of 4148	1776	explorer.exe	187
PID 1776 wrote to memory of 4148	1776	explorer.exe	187
PID 1776 wrote to memory of 4148	1776	explorer.exe	187
PID 1776 wrote to memory of 5100	1776	explorer.exe	188
PID 1776 wrote to memory of 5100	1776	explorer.exe	188
PID 1776 wrote to memory of 5100	1776	explorer.exe	188
PID 1776 wrote to memory of 5128	1776	explorer.exe	189
PID 1776 wrote to memory of 5128	1776	explorer.exe	189
PID 1776 wrote to memory of 5128	1776	explorer.exe	189
PID 1776 wrote to memory of 5160	1776	explorer.exe	190
PID 1776 wrote to memory of 5160	1776	explorer.exe	190
PID 1776 wrote to memory of 5160	1776	explorer.exe	190
PID 1776 wrote to memory of 5192	1776	explorer.exe	191
PID 1776 wrote to memory of 5192	1776	explorer.exe	191
PID 1776 wrote to memory of 5192	1776	explorer.exe	191
PID 1776 wrote to memory of 5224	1776	explorer.exe	192
PID 1776 wrote to memory of 5224	1776	explorer.exe	192
PID 1776 wrote to memory of 5224	1776	explorer.exe	192
PID 1776 wrote to memory of 5256	1776	explorer.exe	193
PID 1776 wrote to memory of 5256	1776	explorer.exe	193
PID 1776 wrote to memory of 5256	1776	explorer.exe	193
PID 1776 wrote to memory of 5288	1776	explorer.exe	194
PID 1776 wrote to memory of 5288	1776	explorer.exe	194
PID 1776 wrote to memory of 5288	1776	explorer.exe	194
PID 1776 wrote to memory of 5320	1776	explorer.exe	195
PID 1776 wrote to memory of 5320	1776	explorer.exe	195
PID 1776 wrote to memory of 5320	1776	explorer.exe	195
PID 1776 wrote to memory of 5352	1776	explorer.exe	196
PID 1776 wrote to memory of 5352	1776	explorer.exe	196
PID 1776 wrote to memory of 5352	1776	explorer.exe	196
PID 1776 wrote to memory of 5384	1776	explorer.exe	197
PID 1776 wrote to memory of 5384	1776	explorer.exe	197
PID 1776 wrote to memory of 5384	1776	explorer.exe	197
PID 1776 wrote to memory of 5416	1776	explorer.exe	198
PID 1776 wrote to memory of 5416	1776	explorer.exe	198
PID 1776 wrote to memory of 5416	1776	explorer.exe	198
PID 1776 wrote to memory of 5448	1776	explorer.exe	199
PID 1776 wrote to memory of 5448	1776	explorer.exe	199
PID 1776 wrote to memory of 5448	1776	explorer.exe	199
PID 1776 wrote to memory of 5480	1776	explorer.exe	200
PID 1776 wrote to memory of 5480	1776	explorer.exe	200
PID 1776 wrote to memory of 5480	1776	explorer.exe	200
PID 1776 wrote to memory of 5512	1776	explorer.exe	201
PID 1776 wrote to memory of 5512	1776	explorer.exe	201
PID 1776 wrote to memory of 5512	1776	explorer.exe	201
PID 1776 wrote to memory of 5544	1776	explorer.exe	202
PID 1776 wrote to memory of 5544	1776	explorer.exe	202
PID 1776 wrote to memory of 5544	1776	explorer.exe	202
PID 1776 wrote to memory of 5576	1776	explorer.exe	203
PID 1776 wrote to memory of 5576	1776	explorer.exe	203
PID 1776 wrote to memory of 5576	1776	explorer.exe	203
PID 1776 wrote to memory of 5608	1776	explorer.exe	204
PID 1776 wrote to memory of 5608	1776	explorer.exe	204
PID 1776 wrote to memory of 5608	1776	explorer.exe	204
PID 1776 wrote to memory of 5640	1776	explorer.exe	205
PID 1776 wrote to memory of 5640	1776	explorer.exe	205
PID 1776 wrote to memory of 5640	1776	explorer.exe	205
PID 1776 wrote to memory of 5672	1776	explorer.exe	206
PID 1776 wrote to memory of 5672	1776	explorer.exe	206
PID 1776 wrote to memory of 5672	1776	explorer.exe	206
PID 1776 wrote to memory of 5704	1776	explorer.exe	207
PID 1776 wrote to memory of 5704	1776	explorer.exe	207
PID 1776 wrote to memory of 5704	1776	explorer.exe	207
PID 1776 wrote to memory of 5736	1776	explorer.exe	208
PID 1776 wrote to memory of 5736	1776	explorer.exe	208
PID 1776 wrote to memory of 5736	1776	explorer.exe	208
PID 1776 wrote to memory of 5768	1776	explorer.exe	209
PID 1776 wrote to memory of 5768	1776	explorer.exe	209
PID 1776 wrote to memory of 5768	1776	explorer.exe	209
PID 1776 wrote to memory of 5800	1776	explorer.exe	210
PID 1776 wrote to memory of 5800	1776	explorer.exe	210
PID 1776 wrote to memory of 5800	1776	explorer.exe	210
PID 1776 wrote to memory of 5832	1776	explorer.exe	211
PID 1776 wrote to memory of 5832	1776	explorer.exe	211
PID 1776 wrote to memory of 5832	1776	explorer.exe	211
PID 1776 wrote to memory of 5864	1776	explorer.exe	212
PID 1776 wrote to memory of 5864	1776	explorer.exe	212
PID 1776 wrote to memory of 5864	1776	explorer.exe	212
PID 1776 wrote to memory of 5896	1776	explorer.exe	213
PID 1776 wrote to memory of 5896	1776	explorer.exe	213
PID 1776 wrote to memory of 5896	1776	explorer.exe	213
PID 1776 wrote to memory of 5928	1776	explorer.exe	214
PID 1776 wrote to memory of 5928	1776	explorer.exe	214
PID 1776 wrote to memory of 5928	1776	explorer.exe	214
PID 1776 wrote to memory of 5960	1776	explorer.exe	215
PID 1776 wrote to memory of 5960	1776	explorer.exe	215
PID 1776 wrote to memory of 5960	1776	explorer.exe	215
PID 1776 wrote to memory of 5992	1776	explorer.exe	216
PID 1776 wrote to memory of 5992	1776	explorer.exe	216
PID 1776 wrote to memory of 5992	1776	explorer.exe	216
PID 1776 wrote to memory of 6024	1776	explorer.exe	217
PID 1776 wrote to memory of 6024	1776	explorer.exe	217
PID 1776 wrote to memory of 6024	1776	explorer.exe	217
PID 1776 wrote to memory of 6056	1776	explorer.exe	218
PID 1776 wrote to memory of 6056	1776	explorer.exe	218
PID 1776 wrote to memory of 6056	1776	explorer.exe	218
PID 1776 wrote to memory of 6088	1776	explorer.exe	219
PID 1776 wrote to memory of 6088	1776	explorer.exe	219
PID 1776 wrote to memory of 6088	1776	explorer.exe	219
PID 1776 wrote to memory of 6120	1776	explorer.exe	220
PID 1776 wrote to memory of 6120	1776	explorer.exe	220
PID 1776 wrote to memory of 6120	1776	explorer.exe	220
PID 1776 wrote to memory of 1068	1776	explorer.exe	221
PID 1776 wrote to memory of 1068	1776	explorer.exe	221
PID 1776 wrote to memory of 1068	1776	explorer.exe	221
PID 1776 wrote to memory of 5188	1776	explorer.exe	222
PID 1776 wrote to memory of 5188	1776	explorer.exe	222
PID 1776 wrote to memory of 5188	1776	explorer.exe	222
PID 1776 wrote to memory of 5236	1776	explorer.exe	223
PID 1776 wrote to memory of 5236	1776	explorer.exe	223
PID 1776 wrote to memory of 5236	1776	explorer.exe	223
PID 1776 wrote to memory of 5300	1776	explorer.exe	224
PID 1776 wrote to memory of 5300	1776	explorer.exe	224
PID 1776 wrote to memory of 5300	1776	explorer.exe	224
PID 1776 wrote to memory of 5360	1776	explorer.exe	225
PID 1776 wrote to memory of 5360	1776	explorer.exe	225
PID 1776 wrote to memory of 5360	1776	explorer.exe	225
PID 1776 wrote to memory of 5408	1776	explorer.exe	226
PID 1776 wrote to memory of 5408	1776	explorer.exe	226
PID 1776 wrote to memory of 5408	1776	explorer.exe	226
PID 1776 wrote to memory of 5460	1776	explorer.exe	227
PID 1776 wrote to memory of 5460	1776	explorer.exe	227
PID 1776 wrote to memory of 5460	1776	explorer.exe	227
PID 1776 wrote to memory of 5504	1776	explorer.exe	228
PID 1776 wrote to memory of 5504	1776	explorer.exe	228
PID 1776 wrote to memory of 5504	1776	explorer.exe	228
PID 1776 wrote to memory of 5568	1776	explorer.exe	229
PID 1776 wrote to memory of 5568	1776	explorer.exe	229
PID 1776 wrote to memory of 5568	1776	explorer.exe	229
PID 1776 wrote to memory of 5604	1776	explorer.exe	230
PID 1776 wrote to memory of 5604	1776	explorer.exe	230
PID 1776 wrote to memory of 5604	1776	explorer.exe	230
PID 1776 wrote to memory of 5668	1776	explorer.exe	231
PID 1776 wrote to memory of 5668	1776	explorer.exe	231
PID 1776 wrote to memory of 5668	1776	explorer.exe	231
PID 1776 wrote to memory of 5728	1776	explorer.exe	232
PID 1776 wrote to memory of 5728	1776	explorer.exe	232
PID 1776 wrote to memory of 5728	1776	explorer.exe	232
PID 1776 wrote to memory of 5780	1776	explorer.exe	233
PID 1776 wrote to memory of 5780	1776	explorer.exe	233
PID 1776 wrote to memory of 5780	1776	explorer.exe	233
PID 1776 wrote to memory of 1480	1776	explorer.exe	234
PID 1776 wrote to memory of 1480	1776	explorer.exe	234
PID 1776 wrote to memory of 1480	1776	explorer.exe	234
PID 1776 wrote to memory of 5888	1776	explorer.exe	235
PID 1776 wrote to memory of 5888	1776	explorer.exe	235
PID 1776 wrote to memory of 5888	1776	explorer.exe	235
PID 1776 wrote to memory of 2972	1776	explorer.exe	236
PID 1776 wrote to memory of 2972	1776	explorer.exe	236
PID 1776 wrote to memory of 2972	1776	explorer.exe	236
PID 1776 wrote to memory of 6000	1776	explorer.exe	237
PID 1776 wrote to memory of 6000	1776	explorer.exe	237
PID 1776 wrote to memory of 6000	1776	explorer.exe	237
PID 1776 wrote to memory of 6064	1776	explorer.exe	238
PID 1776 wrote to memory of 6064	1776	explorer.exe	238
PID 1776 wrote to memory of 6064	1776	explorer.exe	238
PID 1776 wrote to memory of 6116	1776	explorer.exe	239
PID 1776 wrote to memory of 6116	1776	explorer.exe	239
PID 1776 wrote to memory of 6116	1776	explorer.exe	239
PID 1776 wrote to memory of 5140	1776	explorer.exe	240
PID 1776 wrote to memory of 5140	1776	explorer.exe	240
PID 1776 wrote to memory of 5140	1776	explorer.exe	240
PID 1776 wrote to memory of 3868	1776	explorer.exe	241
PID 1776 wrote to memory of 3868	1776	explorer.exe	241
PID 1776 wrote to memory of 3868	1776	explorer.exe	241
PID 1776 wrote to memory of 5316	1776	explorer.exe	242
PID 1776 wrote to memory of 5316	1776	explorer.exe	242
PID 1776 wrote to memory of 5316	1776	explorer.exe	242
PID 1776 wrote to memory of 5396	1776	explorer.exe	243
PID 1776 wrote to memory of 5396	1776	explorer.exe	243
PID 1776 wrote to memory of 5396	1776	explorer.exe	243
PID 1776 wrote to memory of 2072	1776	explorer.exe	244
PID 1776 wrote to memory of 2072	1776	explorer.exe	244
PID 1776 wrote to memory of 2072	1776	explorer.exe	244
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 3664	2164	spoolsv.exe	245
PID 2164 wrote to memory of 5652	2164	spoolsv.exe	246
PID 2164 wrote to memory of 5652	2164	spoolsv.exe	246
PID 2164 wrote to memory of 5652	2164	spoolsv.exe	246
PID 2164 wrote to memory of 5652	2164	spoolsv.exe	246
PID 2164 wrote to memory of 5652	2164	spoolsv.exe	246
PID 1776 wrote to memory of 1916	1776	explorer.exe	247
PID 1776 wrote to memory of 1916	1776	explorer.exe	247
PID 1776 wrote to memory of 1916	1776	explorer.exe	247
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248
PID 2704 wrote to memory of 5844	2704	spoolsv.exe	248

C:\Users\Admin\AppData\Local\Temp\3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
"C:\Users\Admin\AppData\Local\Temp\3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Users\Admin\AppData\Local\Temp\3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe
  "C:\Users\Admin\AppData\Local\Temp\3816c271634e3a2861904c643e3f82fcc3e50ce185394dae41b69e13e0165a95.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3828
- - \??\c:\windows\system\explorer.exe
    c:\windows\system\explorer.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - \??\c:\windows\system\explorer.exe
      c:\windows\system\explorer.exe
      4⤵
      Modifies WinLogon for persistence
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1776
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        
        PID:2164
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3664
      - C:\Windows\SysWOW64\diskperf.exe
        
        "C:\Windows\SysWOW64\diskperf.exe"
        6⤵
        
        PID:5652
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2704
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        
        PID:5844
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2852
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1460
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2228
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3984
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3728
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3716
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3624
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3640
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3824
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3264
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3348
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3352
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1148
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1992
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1632
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1444
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2824
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3636
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1984
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1812
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3632
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2432
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2944
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4028
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3608
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:740
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3336
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3364
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1312
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2288
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1388
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3760
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2488
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2696
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3980
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3668
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3860
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1384
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2096
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3020
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3332
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3872
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3812
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3648
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1348
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4124
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4156
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4188
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4220
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4252
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4284
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4316
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4352
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4384
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4416
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4448
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4480
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4512
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4544
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4576
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4608
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4640
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4672
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4704
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4736
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4768
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4800
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4832
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4864
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4896
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4928
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4960
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4992
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5024
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5056
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5088
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4100
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4164
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4228
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4292
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4360
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4424
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4488
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4552
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4616
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4668
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4732
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4796
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4860
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4924
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4988
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5052
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5116
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4216
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4348
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4476
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4604
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4728
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4856
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4984
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5048
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4212
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4472
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4716
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4972
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4184
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4696
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4148
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5100
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5128
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5160
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5192
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5224
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5256
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5288
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5320
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5352
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5384
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5416
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5448
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5480
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5512
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5544
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5576
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5608
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5640
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5672
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5704
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5736
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5768
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5800
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5832
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5864
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5896
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5928
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5960
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5992
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6024
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6056
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6088
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6120
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:1068
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5188
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5236
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5300
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5360
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5408
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5460
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5504
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5568
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5604
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5668
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5728
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5780
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:1480
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5888
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:2972
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6000
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6064
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6116
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5140
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:3868
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5316
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5396
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:2072
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:1916
  - - C:\Windows\SysWOW64\diskperf.exe
      "C:\Windows\SysWOW64\diskperf.exe"
      4⤵
      PID:1472
- C:\Windows\SysWOW64\diskperf.exe
  "C:\Windows\SysWOW64\diskperf.exe"
  2⤵
  PID:3324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1776-356-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-451-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-199-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-200-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-700-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-196-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-203-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-204-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-698-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-195-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-207-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-208-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-692-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-691-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-211-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-212-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-192-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-191-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-215-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-216-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-688-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-687-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-219-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-220-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-684-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-188-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-223-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-224-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-683-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-187-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-227-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-228-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-680-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-184-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-231-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-232-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-679-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-183-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-235-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-236-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-676-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-675-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-239-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-240-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-672-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-180-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-243-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-244-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-671-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-179-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-247-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-248-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-668-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-251-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-252-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-667-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-176-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-255-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-256-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-664-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-175-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-259-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-260-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-663-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-29-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-263-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-264-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-660-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-172-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-267-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-268-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-659-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-171-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-271-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-272-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-30-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-656-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-275-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-276-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-655-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-168-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-279-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-280-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-31-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-167-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-283-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-284-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-32-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-652-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-287-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-288-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-651-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-164-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-291-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-292-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-648-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-163-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-295-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-296-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-647-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-35-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-299-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-300-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-644-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-160-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-303-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-304-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-643-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-159-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-307-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-308-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-36-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-156-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-311-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-312-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-640-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-155-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-315-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-316-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-639-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-636-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-319-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-320-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-635-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-152-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-323-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-324-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-39-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-151-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-327-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-328-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-632-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-148-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-331-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-332-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-631-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-147-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-335-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-336-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-40-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-628-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-339-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-340-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-627-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-144-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-343-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-344-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-43-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-143-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-347-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-348-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-624-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-623-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-351-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-352-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-44-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-140-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-355-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-620-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-619-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-139-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-359-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-360-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-616-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-136-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-363-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-364-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-615-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-135-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-367-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-368-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-47-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-612-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-371-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-372-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-611-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-132-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-375-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-376-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-48-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-131-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-379-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-380-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-608-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-607-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-383-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-384-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-604-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-128-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-387-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-388-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-603-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-127-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-391-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-392-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-51-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-52-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-395-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-396-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-600-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-124-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-399-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-400-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-599-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-123-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-403-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-404-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-596-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-595-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-407-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-408-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-55-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-120-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-411-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-412-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-592-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-119-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-415-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-416-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-591-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-56-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-419-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-420-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-588-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-116-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-423-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-424-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-587-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-115-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-427-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-428-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-584-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-583-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-431-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-432-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-59-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-112-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-435-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-436-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-580-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-111-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-439-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-440-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-579-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-60-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-443-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-444-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-576-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-108-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-447-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-448-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-575-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-107-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-572-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-452-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-571-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-63-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-455-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-456-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-568-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-104-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-459-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-460-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-567-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-103-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-463-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-464-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-64-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-564-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-467-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-468-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-563-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-100-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-471-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-472-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-560-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-99-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-475-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-476-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-559-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-96-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-479-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-480-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-67-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-95-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-483-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-484-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-556-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-92-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-487-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-488-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-555-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-91-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-491-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-492-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-68-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-552-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-495-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-496-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-551-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-88-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-499-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-500-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-548-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-87-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-503-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-504-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-547-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-84-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-507-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-508-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-71-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-83-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-511-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-512-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-544-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-543-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-515-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-516-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-72-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-80-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-519-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-520-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-540-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-79-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-523-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-524-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-539-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-536-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-527-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-528-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-535-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-76-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-531-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1776-532-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/1776-75-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/3324-3-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3324-5-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3828-9-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/3828-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3828-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3828-10-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

Filesize
4KB

Download