warzonerat | 4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0

Analysis

max time kernel
150s
max time network
137s
platform
windows10_x64
resource
win10v20210410
submitted
05-05-2021 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
Size

1.8MB
MD5

b1b0e976765f127f3f6946201b410a8e
SHA1

5c24c01c3cf17082e412bc1970ad78e9d49d2ff6
SHA256

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0
SHA512

6ae18ddec77e2b3722924487a74f39a569a36540fc8aa6f7398533b649fc4f3025d423581059ab19bc449bbae4a42ad73e008c1991717c7133b2ffe80e8246dc

Score

10^/10

warzonerat evasion infostealer persistence rat

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs
evasion

Hidden Files and Directories
T1158

Modify Registry
T1112
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT Payload 64 IoCs

rat

Processes:

resource	yara_rule
C:\Windows\System\explorer.exe	warzonerat
\??\c:\windows\system\explorer.exe	warzonerat
C:\Users\Admin\AppData\Local\Chrome\StikyNot.exe	warzonerat
C:\Users\Admin\AppData\Local\Temp\Disk.sys	warzonerat
C:\Windows\System\explorer.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
\??\c:\windows\system\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat
C:\Windows\System\spoolsv.exe	warzonerat

Executes dropped EXE 64 IoCs

Processes:

explorer.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

pid	process
4016	explorer.exe
3972	explorer.exe
4300	spoolsv.exe
4228	spoolsv.exe
420	spoolsv.exe
580	spoolsv.exe
4340	spoolsv.exe
1016	spoolsv.exe
752	spoolsv.exe
1136	spoolsv.exe
1272	spoolsv.exe
1424	spoolsv.exe
1544	spoolsv.exe
1796	spoolsv.exe
1904	spoolsv.exe
2060	spoolsv.exe
2168	spoolsv.exe
2472	spoolsv.exe
2628	spoolsv.exe
2724	spoolsv.exe
3548	spoolsv.exe
4412	spoolsv.exe
4416	spoolsv.exe
1284	spoolsv.exe
3804	spoolsv.exe
1080	spoolsv.exe
3568	spoolsv.exe
2656	spoolsv.exe
2240	spoolsv.exe
1908	spoolsv.exe
4108	spoolsv.exe
4372	spoolsv.exe
3996	spoolsv.exe
2096	spoolsv.exe
2108	spoolsv.exe
4888	spoolsv.exe
4960	spoolsv.exe
5016	spoolsv.exe
5036	spoolsv.exe
5116	spoolsv.exe
4932	spoolsv.exe
4936	spoolsv.exe
4540	spoolsv.exe
1584	spoolsv.exe
3472	spoolsv.exe
3748	spoolsv.exe
4544	spoolsv.exe
2276	spoolsv.exe
2556	spoolsv.exe
3264	spoolsv.exe
3696	spoolsv.exe
3156	spoolsv.exe
4636	spoolsv.exe
3988	spoolsv.exe
4060	spoolsv.exe
388	spoolsv.exe
1476	spoolsv.exe
4976	spoolsv.exe
4628	spoolsv.exe
4760	spoolsv.exe
4088	spoolsv.exe
4012	spoolsv.exe
4072	spoolsv.exe
4272	spoolsv.exe

Modifies Installed Components in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Adds Run key to start application 2 TTPs 15 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

explorer.exespoolsv.exespoolsv.exespoolsv.exe4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe

Suspicious use of SetThreadContext 24 IoCs

Processes:

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

description	pid	process	target process
PID 4452 set thread context of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 set thread context of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 4016 set thread context of 3972	4016	explorer.exe	explorer.exe
PID 4016 set thread context of 4176	4016	explorer.exe	diskperf.exe
PID 4300 set thread context of 6756	4300	spoolsv.exe	spoolsv.exe
PID 4300 set thread context of 6772	4300	spoolsv.exe	diskperf.exe
PID 4228 set thread context of 6872	4228	spoolsv.exe	spoolsv.exe
PID 4228 set thread context of 6888	4228	spoolsv.exe	diskperf.exe
PID 420 set thread context of 6928	420	spoolsv.exe	spoolsv.exe
PID 420 set thread context of 6948	420	spoolsv.exe	diskperf.exe
PID 580 set thread context of 7012	580	spoolsv.exe	spoolsv.exe
PID 4340 set thread context of 7028	4340	spoolsv.exe	spoolsv.exe
PID 580 set thread context of 7044	580	spoolsv.exe	diskperf.exe
PID 4340 set thread context of 7076	4340	spoolsv.exe	diskperf.exe
PID 1016 set thread context of 7148	1016	spoolsv.exe	spoolsv.exe
PID 1016 set thread context of 1648	1016	spoolsv.exe	diskperf.exe
PID 752 set thread context of 4872	752	spoolsv.exe	spoolsv.exe
PID 1136 set thread context of 6804	1136	spoolsv.exe	spoolsv.exe
PID 1136 set thread context of 6780	1136	spoolsv.exe	diskperf.exe
PID 1272 set thread context of 6908	1272	spoolsv.exe	spoolsv.exe
PID 1272 set thread context of 6916	1272	spoolsv.exe	diskperf.exe
PID 1424 set thread context of 584	1424	spoolsv.exe	spoolsv.exe
PID 1424 set thread context of 6964	1424	spoolsv.exe	diskperf.exe
PID 1544 set thread context of 6972	1544	spoolsv.exe	spoolsv.exe

Drops file in Windows directory 4 IoCs

Processes:

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exespoolsv.exe

description	ioc	process
File opened for modification	\??\c:\windows\system\explorer.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\system\svchost.exe	spoolsv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exe

pid	process
3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

explorer.exe

pid process

3972 explorer.exe

pid	process
3972	explorer.exe

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

pid	process
3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
3972	explorer.exe
6756	spoolsv.exe
6756	spoolsv.exe
6872	spoolsv.exe
6872	spoolsv.exe
6928	spoolsv.exe
6928	spoolsv.exe
7012	spoolsv.exe
7012	spoolsv.exe
7028	spoolsv.exe
7028	spoolsv.exe
7148	spoolsv.exe
7148	spoolsv.exe
4872	spoolsv.exe
4872	spoolsv.exe
6804	spoolsv.exe
6804	spoolsv.exe
6908	spoolsv.exe
6908	spoolsv.exe
584	spoolsv.exe
584	spoolsv.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exeexplorer.exeexplorer.exe

description	pid	process	target process
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 3744	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
PID 4452 wrote to memory of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 4452 wrote to memory of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 4452 wrote to memory of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 4452 wrote to memory of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 4452 wrote to memory of 2648	4452	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	diskperf.exe
PID 3744 wrote to memory of 4016	3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	explorer.exe
PID 3744 wrote to memory of 4016	3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	explorer.exe
PID 3744 wrote to memory of 4016	3744	4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 3972	4016	explorer.exe	explorer.exe
PID 4016 wrote to memory of 4176	4016	explorer.exe	diskperf.exe
PID 4016 wrote to memory of 4176	4016	explorer.exe	diskperf.exe
PID 4016 wrote to memory of 4176	4016	explorer.exe	diskperf.exe
PID 4016 wrote to memory of 4176	4016	explorer.exe	diskperf.exe
PID 4016 wrote to memory of 4176	4016	explorer.exe	diskperf.exe
PID 3972 wrote to memory of 4300	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4300	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4300	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4228	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4228	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4228	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 420	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 420	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 420	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 580	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 580	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 580	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4340	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4340	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 4340	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1016	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1016	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1016	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 752	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 752	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 752	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1136	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1136	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1136	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1272	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1272	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1272	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1424	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1424	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1424	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1544	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1544	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1544	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1796	3972	explorer.exe	spoolsv.exe
PID 3972 wrote to memory of 1796	3972	explorer.exe	spoolsv.exe

C:\Users\Admin\AppData\Local\Temp\4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
"C:\Users\Admin\AppData\Local\Temp\4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4452

C:\Users\Admin\AppData\Local\Temp\4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe
"C:\Users\Admin\AppData\Local\Temp\4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0.exe"
2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3744

\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4016

\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
4⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4300

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6756

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:6856

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6772

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4228

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:6872

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:6976

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6888

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:420

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:6928

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6948

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:580

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:7012

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:7112

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7044

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4340

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:7028

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7076

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1016

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:7148

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1648

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:752

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6788

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1136

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:6804

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6780

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1272

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:6908

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6916

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1424

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
- Suspicious use of SetWindowsHookEx
PID:584

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6964

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1544

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:6972

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:6956

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:6884

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1796

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:7072

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:908

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:652

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1904

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:7136

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7056

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2060

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:7068

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4280

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3476

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2168

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:476

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1048

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2472

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:6760

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:1180

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4264

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2628

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:6836

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:1528

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1376

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2724

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:7088

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:672

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7060

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3548

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4344

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7136

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4412

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4908

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2360

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2172

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4416

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4248

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4508

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2464

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1284

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:740

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:6988

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2708

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3804

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2732

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4808

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1080

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5096

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4720

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7060

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3568

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2012

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4728

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4604

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2656

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4600

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4424

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7088

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2240

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:364

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2352

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4384

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1908

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1140

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4248

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4308

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4108

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:208

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4180

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5084

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4372

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1756

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2732

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3996

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2460

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:1300

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:940

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2096

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2632

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2836

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4836

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2108

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4732

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2716

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2012

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4888

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4344

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4140

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1788

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4960

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:492

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:3760

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1408

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:5016

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1140

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:6924

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3508

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:5036

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:1152

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1156

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:5116

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1732

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:3900

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3792

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4932

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1624

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2460

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7004

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4936

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5076

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5096

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4604

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4540

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1572

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:7088

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1584

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4564

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4344

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:640

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3472

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5000

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3476

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3748

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:364

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5048

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2212

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4544

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5064

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:1156

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3896

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2276

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4028

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:3112

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4116

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:2556

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1732

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2312

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5012

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3264

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4868

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:3452

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4092

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3696

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4068

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4648

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5148

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3156

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2524

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:3724

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4636

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:3780

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5196

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2220

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:3988

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5004

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2284

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4608

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4060

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4064

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5280

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5260

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:388

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5292

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:2184

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4944

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:1476

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4964

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5328

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4976

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5344

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5376

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5348

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4628

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5400

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:4564

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:2252

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4760

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4136

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:492

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5432

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4088

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5444

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:364

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4012

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4224

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:1792

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4072

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:2452

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5508

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
- Executes dropped EXE
PID:4272

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:4952

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5528

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4220

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:3752

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
7⤵
PID:5572

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:5544

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4256

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
6⤵
PID:5312

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
6⤵
PID:4468

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:544

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:904

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:400

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4568

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1256

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1372

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1588

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1808

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2148

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2468

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2500

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:500

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2844

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4388

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:200

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1480

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:748

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2728

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1944

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4368

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:3912

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1304

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4708

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4832

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4992

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5068

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5052

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4948

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4504

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1012

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2992

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:3188

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2292

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4120

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:3608

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4036

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4000

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4132

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:8

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1988

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4464

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:4668

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:3840

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5124

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5140

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5156

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5172

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5188

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5204

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5220

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5236

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5252

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5268

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5284

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5300

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5316

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5336

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5352

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5368

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5384

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5404

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5420

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5436

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5452

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5468

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5484

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5500

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5516

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5532

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5548

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5564

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5580

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5596

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5612

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5632

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5648

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5664

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5684

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5700

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5716

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5732

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5748

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5764

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5780

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5796

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5812

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5828

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5844

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5860

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5876

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5892

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5908

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5924

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5940

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5956

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5972

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:5988

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6004

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6024

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6040

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6056

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6072

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6088

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6104

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6120

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6136

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:1676

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:2336

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:3020

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6160

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6176

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6192

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6208

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6224

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6240

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6256

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6272

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6288

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6304

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6320

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6336

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6352

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6368

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6384

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6400

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6416

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6432

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6448

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6464

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6480

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6500

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6516

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6532

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6548

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6564

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6580

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6596

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6612

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6628

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6644

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6660

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6676

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6692

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6708

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6724

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6740

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6792

\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
5⤵
PID:6840

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
4⤵
PID:4176

C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
2⤵
PID:2648

\??\c:\windows\system\svchost.exe
c:\windows\system\svchost.exe
1⤵
PID:3744

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Hidden Files and Directories

T1158

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Chrome\StikyNot.exe
MD5
b1b0e976765f127f3f6946201b410a8e

SHA1
5c24c01c3cf17082e412bc1970ad78e9d49d2ff6

SHA256
4607b1cdb907ffb58abcad0f70b78e486e8b346d8862ede974d74fbe07f4f1e0

SHA512
6ae18ddec77e2b3722924487a74f39a569a36540fc8aa6f7398533b649fc4f3025d423581059ab19bc449bbae4a42ad73e008c1991717c7133b2ffe80e8246dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Disk.sys
MD5
9b78ce1424b190e3510e8d5f7e19148c

SHA1
d8dca373e0360a37af583ba467c27af351bd18ed

SHA256
428b0d53cbd97c95cb57168bc76f75e11c1dd04444eaadf4197637e313f36384

SHA512
c1fab513ee89e56b69951cae534fd926f1215f71c0083bbb1564b5d59c7066a1c69003bee3c26807add606892c13d3801833721c5b9d5f9d35facbab53d8afc4

Download Submit
C:\Windows\System\explorer.exe
MD5
9b78ce1424b190e3510e8d5f7e19148c

SHA1
d8dca373e0360a37af583ba467c27af351bd18ed

SHA256
428b0d53cbd97c95cb57168bc76f75e11c1dd04444eaadf4197637e313f36384

SHA512
c1fab513ee89e56b69951cae534fd926f1215f71c0083bbb1564b5d59c7066a1c69003bee3c26807add606892c13d3801833721c5b9d5f9d35facbab53d8afc4

Download Submit
C:\Windows\System\explorer.exe
MD5
9b78ce1424b190e3510e8d5f7e19148c

SHA1
d8dca373e0360a37af583ba467c27af351bd18ed

SHA256
428b0d53cbd97c95cb57168bc76f75e11c1dd04444eaadf4197637e313f36384

SHA512
c1fab513ee89e56b69951cae534fd926f1215f71c0083bbb1564b5d59c7066a1c69003bee3c26807add606892c13d3801833721c5b9d5f9d35facbab53d8afc4

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
C:\Windows\System\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
\??\c:\windows\system\explorer.exe
MD5
9b78ce1424b190e3510e8d5f7e19148c

SHA1
d8dca373e0360a37af583ba467c27af351bd18ed

SHA256
428b0d53cbd97c95cb57168bc76f75e11c1dd04444eaadf4197637e313f36384

SHA512
c1fab513ee89e56b69951cae534fd926f1215f71c0083bbb1564b5d59c7066a1c69003bee3c26807add606892c13d3801833721c5b9d5f9d35facbab53d8afc4

Download Submit
\??\c:\windows\system\spoolsv.exe
MD5
5c73c9bfad2010c33f961435f22d466a

SHA1
f6b8aaf7b93feeb11a8a0560253647d6eefa27c4

SHA256
735937e8f7af3acdaabf1bb1e07e80ecbc0f9fca0e8fb5519c52b890bf066abd

SHA512
cd3afd02293a4b1de87644539c150a3bfdbe34b40fb8a80afca84e4e35638003333642b5169cd208881e68df333e783577cc0f901e8c03dd0febc1b3c171ea48

Download Submit
memory/388-302-0x0000000000000000-mapping.dmp

Download
memory/388-309-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/420-150-0x0000000000000000-mapping.dmp

Download
memory/420-156-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/580-159-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/580-152-0x0000000000000000-mapping.dmp

Download
memory/752-168-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/752-162-0x0000000000000000-mapping.dmp

Download
memory/1016-160-0x0000000000000000-mapping.dmp

Download
memory/1016-166-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/1080-220-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/1080-214-0x0000000000000000-mapping.dmp

Download
memory/1136-164-0x0000000000000000-mapping.dmp

Download
memory/1136-167-0x0000000000650000-0x000000000079A000-memory.dmp

Filesize
1.3MB

Download
memory/1272-175-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1272-169-0x0000000000000000-mapping.dmp

Download
memory/1284-206-0x0000000000000000-mapping.dmp

Download
memory/1284-213-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1424-176-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1424-171-0x0000000000000000-mapping.dmp

Download
memory/1476-305-0x0000000000000000-mapping.dmp

Download
memory/1544-177-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/1544-173-0x0000000000000000-mapping.dmp

Download
memory/1584-267-0x0000000000000000-mapping.dmp

Download
memory/1584-275-0x0000000000650000-0x000000000079A000-memory.dmp

Filesize
1.3MB

Download
memory/1796-178-0x0000000000000000-mapping.dmp

Download
memory/1796-186-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/1904-180-0x0000000000000000-mapping.dmp

Download
memory/1904-187-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/1908-225-0x0000000000000000-mapping.dmp

Download
memory/1908-233-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2060-182-0x0000000000000000-mapping.dmp

Download
memory/2060-188-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/2096-242-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2096-237-0x0000000000000000-mapping.dmp

Download
memory/2108-243-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/2108-239-0x0000000000000000-mapping.dmp

Download
memory/2168-184-0x0000000000000000-mapping.dmp

Download
memory/2168-189-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2240-223-0x0000000000000000-mapping.dmp

Download
memory/2240-231-0x0000000000640000-0x000000000078A000-memory.dmp

Filesize
1.3MB

Download
memory/2276-279-0x0000000000000000-mapping.dmp

Download
memory/2472-198-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2472-190-0x0000000000000000-mapping.dmp

Download
memory/2556-281-0x0000000000000000-mapping.dmp

Download
memory/2556-285-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/2628-200-0x0000000000650000-0x000000000079A000-memory.dmp

Filesize
1.3MB

Download
memory/2628-192-0x0000000000000000-mapping.dmp

Download
memory/2648-118-0x0000000000411000-mapping.dmp

Download
memory/2648-117-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2648-128-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2656-222-0x0000000000950000-0x00000000009DE000-memory.dmp

Filesize
568KB

Download
memory/2656-218-0x0000000000000000-mapping.dmp

Download
memory/2724-201-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2724-194-0x0000000000000000-mapping.dmp

Download
memory/3156-297-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/3156-290-0x0000000000000000-mapping.dmp

Download
memory/3264-286-0x0000000000000000-mapping.dmp

Download
memory/3264-292-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/3472-269-0x0000000000000000-mapping.dmp

Download
memory/3472-276-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/3548-199-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/3548-196-0x0000000000000000-mapping.dmp

Download
memory/3568-221-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/3568-216-0x0000000000000000-mapping.dmp

Download
memory/3696-294-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/3696-288-0x0000000000000000-mapping.dmp

Download
memory/3744-127-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3744-115-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3744-116-0x0000000000403670-mapping.dmp

Download
memory/3748-274-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3748-271-0x0000000000000000-mapping.dmp

Download
memory/3804-211-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/3804-208-0x0000000000000000-mapping.dmp

Download
memory/3972-131-0x0000000000403670-mapping.dmp

Download
memory/3988-298-0x0000000000000000-mapping.dmp

Download
memory/3996-235-0x0000000000000000-mapping.dmp

Download
memory/3996-241-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4016-129-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/4016-124-0x0000000000000000-mapping.dmp

Download
memory/4060-300-0x0000000000000000-mapping.dmp

Download
memory/4060-306-0x0000000000610000-0x000000000075A000-memory.dmp

Filesize
1.3MB

Download
memory/4088-319-0x0000000000000000-mapping.dmp

Download
memory/4108-227-0x0000000000000000-mapping.dmp

Download
memory/4108-234-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/4176-137-0x0000000000411000-mapping.dmp

Download
memory/4228-154-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/4228-148-0x0000000000000000-mapping.dmp

Download
memory/4300-147-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/4300-144-0x0000000000000000-mapping.dmp

Download
memory/4340-155-0x0000000000000000-mapping.dmp

Download
memory/4340-158-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/4372-232-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/4372-229-0x0000000000000000-mapping.dmp

Download
memory/4412-202-0x0000000000000000-mapping.dmp

Download
memory/4412-210-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4416-204-0x0000000000000000-mapping.dmp

Download
memory/4416-212-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4452-114-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/4540-265-0x0000000000000000-mapping.dmp

Download
memory/4540-273-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/4544-277-0x0000000000000000-mapping.dmp

Download
memory/4544-283-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4628-312-0x0000000000000000-mapping.dmp

Download
memory/4628-317-0x0000000000520000-0x00000000005CE000-memory.dmp

Filesize
696KB

Download
memory/4636-296-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/4636-293-0x0000000000000000-mapping.dmp

Download
memory/4760-314-0x0000000000000000-mapping.dmp

Download
memory/4760-318-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/4888-252-0x0000000000570000-0x000000000061E000-memory.dmp

Filesize
696KB

Download
memory/4888-244-0x0000000000000000-mapping.dmp

Download
memory/4932-258-0x0000000000000000-mapping.dmp

Download
memory/4932-263-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/4936-260-0x0000000000000000-mapping.dmp

Download
memory/4936-264-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4960-246-0x0000000000000000-mapping.dmp

Download
memory/4960-254-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/4976-310-0x0000000000000000-mapping.dmp

Download
memory/4976-316-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/5016-248-0x0000000000000000-mapping.dmp

Download
memory/5016-255-0x0000000000570000-0x000000000061E000-memory.dmp

Filesize
696KB

Download
memory/5036-250-0x0000000000000000-mapping.dmp

Download
memory/5036-253-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/5116-256-0x0000000000000000-mapping.dmp

Download
memory/5116-262-0x0000000000570000-0x00000000006BA000-memory.dmp

Filesize
1.3MB

Download