4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7

Analysis

max time kernel
152s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
Size

274KB
MD5

902ad86abfbf7cbdd2aa5a8cac5853e0
SHA1

324f07cfdc50272d935ac811814c63ae78d99569
SHA256

4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7
SHA512

8a4b8d98ac567187abcc57ed21270598e49ffca8fdb6540ab21afcdfa152e0153d4bb4624311dcd8b5592a4e7ec00a7fc9b93051d6b4254803d18ee846332831
SSDEEP

3072:Gbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAT:Gbl5RKgOGqml80FrgTRHGvJI08iY1

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\drivers\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\SysWOW64\drivers\svchost.exe	spoolsv.exe
File opened for modification	C:\Windows\SysWOW64\drivers\udsys.exe	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
1372	explorer.exe
2020	spoolsv.exe
924	svchost.exe
268	explorer.exe
688	spoolsv.exe
1984	svchost.exe
1184	explorer.exe
1492	spoolsv.exe
1744	svchost.exe
2032	explorer.exe
1976	spoolsv.exe
1624	svchost.exe
956	explorer.exe
1940	spoolsv.exe
1512	svchost.exe
832	explorer.exe
328	spoolsv.exe
1496	svchost.exe
1688	explorer.exe
1744	spoolsv.exe
1376	svchost.exe
684	explorer.exe
760	spoolsv.exe
1552	svchost.exe
1124	explorer.exe
560	spoolsv.exe
2008	svchost.exe
1500	explorer.exe
968	spoolsv.exe
1896	svchost.exe
1836	explorer.exe
1608	spoolsv.exe
1156	svchost.exe
1588	explorer.exe
1536	spoolsv.exe
1532	svchost.exe
1804	explorer.exe
1320	spoolsv.exe
868	svchost.exe
960	explorer.exe
1672	spoolsv.exe
1736	svchost.exe
1332	explorer.exe
1404	spoolsv.exe
624	svchost.exe
520	explorer.exe
1872	spoolsv.exe
856	svchost.exe
1112	explorer.exe
1072	spoolsv.exe
1840	svchost.exe
1124	explorer.exe
1184	spoolsv.exe
960	svchost.exe
2040	explorer.exe
1716	spoolsv.exe
1500	svchost.exe
1648	explorer.exe
1616	spoolsv.exe
1896	svchost.exe
1376	explorer.exe
1832	spoolsv.exe
612	svchost.exe
756	explorer.exe

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}	explorer.exe

Loads dropped DLL 64 IoCs

pid	Process
1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
1372	explorer.exe
1372	explorer.exe
2020	spoolsv.exe
2020	spoolsv.exe
924	svchost.exe
1372	explorer.exe
1372	explorer.exe
688	spoolsv.exe
688	spoolsv.exe
1984	svchost.exe
1372	explorer.exe
1372	explorer.exe
1492	spoolsv.exe
1492	spoolsv.exe
1744	svchost.exe
1372	explorer.exe
1372	explorer.exe
1976	spoolsv.exe
1976	spoolsv.exe
1624	svchost.exe
1372	explorer.exe
1372	explorer.exe
1940	spoolsv.exe
1940	spoolsv.exe
1512	svchost.exe
1372	explorer.exe
1372	explorer.exe
328	spoolsv.exe
328	spoolsv.exe
1496	svchost.exe
1372	explorer.exe
1372	explorer.exe
1744	spoolsv.exe
1744	spoolsv.exe
1376	svchost.exe
1372	explorer.exe
1372	explorer.exe
760	spoolsv.exe
760	spoolsv.exe
1552	svchost.exe
1372	explorer.exe
1372	explorer.exe
560	spoolsv.exe
560	spoolsv.exe
2008	svchost.exe
1372	explorer.exe
1372	explorer.exe
968	spoolsv.exe
968	spoolsv.exe
1896	svchost.exe
1372	explorer.exe
1372	explorer.exe
1608	spoolsv.exe
1608	spoolsv.exe
1156	svchost.exe
1372	explorer.exe
1372	explorer.exe
1536	spoolsv.exe
1536	spoolsv.exe
1532	svchost.exe
1372	explorer.exe
1372	explorer.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system32\\drivers\\svchost.exe RO"	explorer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system\explorer.exe	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe
1372	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1372	explorer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
1372	explorer.exe
1372	explorer.exe
2020	spoolsv.exe
2020	spoolsv.exe
924	svchost.exe
924	svchost.exe
268	explorer.exe
268	explorer.exe
1372	explorer.exe
1372	explorer.exe
688	spoolsv.exe
688	spoolsv.exe
1984	svchost.exe
1984	svchost.exe
1184	explorer.exe
1184	explorer.exe
1492	spoolsv.exe
1492	spoolsv.exe
2032	explorer.exe
2032	explorer.exe
1976	spoolsv.exe
1976	spoolsv.exe
1624	svchost.exe
1624	svchost.exe
956	explorer.exe
956	explorer.exe
1940	spoolsv.exe
1940	spoolsv.exe
1512	svchost.exe
1512	svchost.exe
832	explorer.exe
832	explorer.exe
328	spoolsv.exe
328	spoolsv.exe
1496	svchost.exe
1496	svchost.exe
1688	explorer.exe
1688	explorer.exe
1376	svchost.exe
1376	svchost.exe
684	explorer.exe
684	explorer.exe
760	spoolsv.exe
760	spoolsv.exe
1552	svchost.exe
1552	svchost.exe
1124	explorer.exe
1124	explorer.exe
560	spoolsv.exe
560	spoolsv.exe
2008	svchost.exe
2008	svchost.exe
1500	explorer.exe
1500	explorer.exe
968	spoolsv.exe
968	spoolsv.exe
1896	svchost.exe
1896	svchost.exe
1836	explorer.exe
1836	explorer.exe
1608	spoolsv.exe
1608	spoolsv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1372	1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe	28
PID 1912 wrote to memory of 1372	1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe	28
PID 1912 wrote to memory of 1372	1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe	28
PID 1912 wrote to memory of 1372	1912	4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe	28
PID 1372 wrote to memory of 2020	1372	explorer.exe	29
PID 1372 wrote to memory of 2020	1372	explorer.exe	29
PID 1372 wrote to memory of 2020	1372	explorer.exe	29
PID 1372 wrote to memory of 2020	1372	explorer.exe	29
PID 2020 wrote to memory of 924	2020	spoolsv.exe	30
PID 2020 wrote to memory of 924	2020	spoolsv.exe	30
PID 2020 wrote to memory of 924	2020	spoolsv.exe	30
PID 2020 wrote to memory of 924	2020	spoolsv.exe	30
PID 924 wrote to memory of 268	924	svchost.exe	31
PID 924 wrote to memory of 268	924	svchost.exe	31
PID 924 wrote to memory of 268	924	svchost.exe	31
PID 924 wrote to memory of 268	924	svchost.exe	31
PID 1372 wrote to memory of 1236	1372	explorer.exe	32
PID 1372 wrote to memory of 1236	1372	explorer.exe	32
PID 1372 wrote to memory of 1236	1372	explorer.exe	32
PID 1372 wrote to memory of 1236	1372	explorer.exe	32
PID 1372 wrote to memory of 688	1372	explorer.exe	33
PID 1372 wrote to memory of 688	1372	explorer.exe	33
PID 1372 wrote to memory of 688	1372	explorer.exe	33
PID 1372 wrote to memory of 688	1372	explorer.exe	33
PID 688 wrote to memory of 1984	688	spoolsv.exe	34
PID 688 wrote to memory of 1984	688	spoolsv.exe	34
PID 688 wrote to memory of 1984	688	spoolsv.exe	34
PID 688 wrote to memory of 1984	688	spoolsv.exe	34
PID 1984 wrote to memory of 1184	1984	svchost.exe	35
PID 1984 wrote to memory of 1184	1984	svchost.exe	35
PID 1984 wrote to memory of 1184	1984	svchost.exe	35
PID 1984 wrote to memory of 1184	1984	svchost.exe	35
PID 1372 wrote to memory of 1492	1372	explorer.exe	36
PID 1372 wrote to memory of 1492	1372	explorer.exe	36
PID 1372 wrote to memory of 1492	1372	explorer.exe	36
PID 1372 wrote to memory of 1492	1372	explorer.exe	36
PID 1492 wrote to memory of 1744	1492	spoolsv.exe	38
PID 1492 wrote to memory of 1744	1492	spoolsv.exe	38
PID 1492 wrote to memory of 1744	1492	spoolsv.exe	38
PID 1492 wrote to memory of 1744	1492	spoolsv.exe	38
PID 1372 wrote to memory of 1976	1372	explorer.exe	40
PID 1372 wrote to memory of 1976	1372	explorer.exe	40
PID 1372 wrote to memory of 1976	1372	explorer.exe	40
PID 1372 wrote to memory of 1976	1372	explorer.exe	40
PID 1976 wrote to memory of 1624	1976	spoolsv.exe	41
PID 1976 wrote to memory of 1624	1976	spoolsv.exe	41
PID 1976 wrote to memory of 1624	1976	spoolsv.exe	41
PID 1976 wrote to memory of 1624	1976	spoolsv.exe	41
PID 1624 wrote to memory of 956	1624	svchost.exe	42
PID 1624 wrote to memory of 956	1624	svchost.exe	42
PID 1624 wrote to memory of 956	1624	svchost.exe	42
PID 1624 wrote to memory of 956	1624	svchost.exe	42
PID 1372 wrote to memory of 1940	1372	explorer.exe	43
PID 1372 wrote to memory of 1940	1372	explorer.exe	43
PID 1372 wrote to memory of 1940	1372	explorer.exe	43
PID 1372 wrote to memory of 1940	1372	explorer.exe	43
PID 1940 wrote to memory of 1512	1940	spoolsv.exe	44
PID 1940 wrote to memory of 1512	1940	spoolsv.exe	44
PID 1940 wrote to memory of 1512	1940	spoolsv.exe	44
PID 1940 wrote to memory of 1512	1940	spoolsv.exe	44
PID 1512 wrote to memory of 832	1512	svchost.exe	45
PID 1512 wrote to memory of 832	1512	svchost.exe	45
PID 1512 wrote to memory of 832	1512	svchost.exe	45
PID 1512 wrote to memory of 832	1512	svchost.exe	45

C:\Users\Admin\AppData\Local\Temp\4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe
"C:\Users\Admin\AppData\Local\Temp\4d5135f33ec51bdf79fb42f10d121cb56e875d3277afd317749a4ce7dc5ec1f7.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912
- \??\c:\windows\system\explorer.exe
  c:\windows\system\explorer.exe
  2⤵
  - Modifies WinLogon for persistence
  - Modifies visiblity of hidden/system files in Explorer
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Modifies Installed Components in the registry
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1372
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2020
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:924
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
- - C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe
    3⤵
    PID:1236
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:688
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1984
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1744
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1624
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1512
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:328
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1744
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:560
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1156
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1588
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1536
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1532
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1804
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1320
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:868
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:960
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1672
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:1736
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1332
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1404
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:624
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:520
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1872
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:856
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1112
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1072
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:1840
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1124
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1184
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:960
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:2040
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1716
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:1500
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1648
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1616
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:1896
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:1376
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    PID:1832
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      Executes dropped EXE
      PID:612
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        
        PID:756
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:956
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1660
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:868
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:276
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1908
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:688
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1032
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1672
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2032
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:952
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1156
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1376
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1920
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1652
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1600
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1388
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1124
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:764
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:868
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1504
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2028
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:276
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1192
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1952
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:584
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2012
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1888
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1376
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1804
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1652
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1920
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1780
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:388
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1940
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1748
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:956
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1160
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1956
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1908
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1492
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1144
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:920
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:576
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:828
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1624
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1224
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1580
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1124
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1824
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:932
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1748
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1844
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:896
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1836
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:688
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1588
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1156
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1728
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1376
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1104
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:756
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1712
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1224
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1552
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1332
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1736
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1952
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:544
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:896
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1768
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:520
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1404
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:612
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:828
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1556
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1840
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1608
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1580
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:2040
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1068
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1012
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:752
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:552
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1648
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1492
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1616
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1404
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:2000
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1784
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1112
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:976
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1988
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1984
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1332
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2028
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2032
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1672
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:920
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1584
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1896
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:584
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1776
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1536
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1236
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:612
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:572
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1824
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1816
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:976
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:276
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:916
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1716
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1908
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:920
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1612
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1872
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1928
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1320
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1176
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1604
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1224
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1072
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1748
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:864
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2028
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1500
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:2036
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:668
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1888
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1716
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1492
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1896
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1612
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1652
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:580
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:764
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1936
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:956
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1988
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1504
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:976
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1500
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2040
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1672
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1952
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2036
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:584
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:576
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1708
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:288
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1652
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1612
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:960
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1176
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1824
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:776
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1032
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1504
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1364
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:2012
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:920
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:520
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1624
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1232
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1156
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1376
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1708
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2000
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1632
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:828
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:760
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1552
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2032
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1496
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1548
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1744
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1504
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:544
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1228
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1144
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1776
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1716
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1952
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1920
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:612
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:856
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1564
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1320
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1660
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1348
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1940
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:864
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:552
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1988
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1248
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1144
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2036
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:860
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1608
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1804
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1112
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:956
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:388
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1332
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1580
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:776
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1768
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1752
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1348
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:932
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1744
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1504
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1736
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1236
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1404
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2044
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:288
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1780
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1344
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1124
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1660
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1612
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:868
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1496
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:980
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:976
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1836
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2032
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1888
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1440
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1736
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1584
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1144
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1236
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1728
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1112
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1780
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1272
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:756
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1492
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1124
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1644
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:996
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1068
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1348
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:864
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1436
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1192
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1736
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:276
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1872
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1628
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1616
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:856
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1728
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1012
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1660
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:764
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:2040
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1700
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1540
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:684
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:280
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:976
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:316
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1248
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1536
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1952
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1628
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1232
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1112
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:288
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:572
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1508
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1984
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1956
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1748
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:696
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1936
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1732
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1988
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:280
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1440
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:552
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1736
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1872
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1344
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:304
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1780
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1784
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1604
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1332
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1984
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1548
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1844
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1184
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:2032
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:920
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1672
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1732
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1416
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1584
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1248
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1192
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:276
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1608
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1952
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1564
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1376
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1784
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1072
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:868
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1984
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1124
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1068
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1824
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:976
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:584
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1588
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1536
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:688
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1364
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1144
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:832
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1904
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:856
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:612
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1376
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1492
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1660
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:868
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:1700
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:980
- - \??\c:\windows\SysWOW64\drivers\spoolsv.exe
    c:\windows\system32\drivers\spoolsv.exe SE
    3⤵
    PID:1068
  - - \??\c:\windows\SysWOW64\drivers\svchost.exe
      c:\windows\system32\drivers\svchost.exe
      4⤵
      PID:2008
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        
        PID:1744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
C:\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\??\c:\windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\??\c:\windows\syswow64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\??\c:\windows\syswow64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\spoolsv.exe

Filesize
274KB

MD5
43fe230daa3d511941c045ab27d81d7c

SHA1
f270704ee740f1698652386753e8f9ef6c96c5f1

SHA256
9189fa6eabd85e621403c25f9dfcb470ab61df6397c1c64befb649600afb62ed

SHA512
59d4892629dbd6f17539066ad6be3e6d9de0932be43422ea4189a8ce9de8863894c23a191317d92ce3a32ccef2ce0581c4e5e8e8089b78a021207ae51ab3c44c

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\SysWOW64\drivers\svchost.exe

Filesize
274KB

MD5
f16a3e451128a380d8dac13facf012a0

SHA1
ec4b9261bb1a6c197c7687cb4722c0903dd084ed

SHA256
2c394045220d9b2d204ed09e41b64908be05ff0bc6b3d089ffa45998b4bc3498

SHA512
884f2798a27566f10b0745b0c68b180f8183a991e397881971fc5af17926f9327d5da6f717389d9f3502d54e7fca28722547ec688892242857bc5b1eccf8cce2

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
\Windows\system\explorer.exe

Filesize
274KB

MD5
73d9affbf8ab28a797d186ee6c571d2b

SHA1
a372a0fc59b9e3ef414a60c29033e2637b44d041

SHA256
651d9a946b4992c54cfc3c3012b90640ad7167e9f222463919ee66968a955150

SHA512
4dff706b02190569dee44b399796987e97e3f26dc67b71a55870a6f163056d05dbb786fd6f89b9c85b1dc545db423c733f64e625176020ed8ee273036f4d4e40

Download Submit
memory/268-92-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/328-224-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/520-388-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/560-287-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/684-245-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/684-249-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/688-114-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/688-128-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/760-272-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/760-265-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/856-403-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/924-95-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/956-171-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/960-354-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/968-306-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1112-404-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1124-270-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1156-322-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1184-126-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1236-96-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp

Filesize
8KB

Download
memory/1320-355-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1320-342-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1332-370-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1372-341-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-262-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-373-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-290-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-406-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-199-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-239-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-240-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-372-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-264-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-323-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-113-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-115-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1372-116-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1372-110-0x0000000002550000-0x000000000258E000-memory.dmp

Filesize
248KB

Download
memory/1376-242-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1376-247-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1492-148-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1496-223-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1500-288-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1512-197-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1552-271-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1552-267-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1624-172-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1672-371-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1688-222-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1744-248-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1744-146-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1744-241-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1836-307-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1872-405-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1896-305-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1912-97-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1912-58-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1912-56-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1940-198-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1976-174-0x00000000023D0000-0x000000000240E000-memory.dmp

Filesize
248KB

Download
memory/1976-173-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1984-127-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1984-118-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2008-289-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2020-94-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2032-147-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download