Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

aa9f58d66f...09.exe

windows7-x64

10

aa9f58d66f...09.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    256s
  • max time network
    269s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009.exe

  • Size

    659KB

  • MD5

    25c15339a4bc59109a702aea175a4278

  • SHA1

    b7f42b8830b228e3af0210f7fea252430eaaefe3

  • SHA256

    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

  • SHA512

    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

  • SSDEEP

    12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKg:XAQ6Zx9cxTmOrucTIEFSpOG1

Score
10/10
darkcometpersistencerattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 64 IoCs
    persistence
  • Executes dropped EXE 64 IoCs
  • Checks BIOS information in registry 2 TTPs 64 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 64 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 64 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Suspicious use of SetThreadContext 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks processor information in registry 2 TTPs 64 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009.exe
    "C:\Users\Admin\AppData\Local\Temp\aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Windows\SysWOW64\notepad.exe
      notepad
      2⤵
        PID:4616
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\SysWOW64\explorer.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4352
      • C:\Windows\SysWOW64\Windowssupdate.exe
        "C:\Windows\system32\Windowssupdate.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2364
        • C:\Windows\SysWOW64\notepad.exe
          notepad
          3⤵
            PID:2556
          • C:\Windows\SysWOW64\explorer.exe
            "C:\Windows\SysWOW64\explorer.exe"
            3⤵
              PID:956
            • C:\Windows\SysWOW64\Windowssupdate.exe
              "C:\Windows\system32\Windowssupdate.exe"
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • Suspicious use of SetThreadContext
              • Enumerates system info in registry
              PID:1356
              • C:\Windows\SysWOW64\notepad.exe
                notepad
                4⤵
                  PID:2188
                • C:\Windows\SysWOW64\explorer.exe
                  "C:\Windows\SysWOW64\explorer.exe"
                  4⤵
                  • Checks BIOS information in registry
                  PID:4232
                • C:\Windows\SysWOW64\Windowssupdate.exe
                  "C:\Windows\system32\Windowssupdate.exe"
                  4⤵
                  • Modifies WinLogon for persistence
                  • Executes dropped EXE
                  • Checks computer location settings
                  • Adds Run key to start application
                  • Drops file in System32 directory
                  • Suspicious use of SetThreadContext
                  PID:4448
                  • C:\Windows\SysWOW64\notepad.exe
                    notepad
                    5⤵
                      PID:4176
                    • C:\Windows\SysWOW64\explorer.exe
                      "C:\Windows\SysWOW64\explorer.exe"
                      5⤵
                      • Checks BIOS information in registry
                      • Checks processor information in registry
                      PID:1164
                    • C:\Windows\SysWOW64\Windowssupdate.exe
                      "C:\Windows\system32\Windowssupdate.exe"
                      5⤵
                      • Modifies WinLogon for persistence
                      • Executes dropped EXE
                      • Adds Run key to start application
                      • Drops file in System32 directory
                      • Suspicious use of SetThreadContext
                      PID:4116
                      • C:\Windows\SysWOW64\notepad.exe
                        notepad
                        6⤵
                          PID:2120
                        • C:\Windows\SysWOW64\explorer.exe
                          "C:\Windows\SysWOW64\explorer.exe"
                          6⤵
                            PID:4920
                          • C:\Windows\SysWOW64\Windowssupdate.exe
                            "C:\Windows\system32\Windowssupdate.exe"
                            6⤵
                              PID:1708
                              • C:\Windows\SysWOW64\notepad.exe
                                notepad
                                7⤵
                                  PID:4196
                                • C:\Windows\SysWOW64\explorer.exe
                                  "C:\Windows\SysWOW64\explorer.exe"
                                  7⤵
                                  • Checks processor information in registry
                                  PID:1132
                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                  "C:\Windows\system32\Windowssupdate.exe"
                                  7⤵
                                    PID:4260
                                    • C:\Windows\SysWOW64\notepad.exe
                                      notepad
                                      8⤵
                                      • Adds Run key to start application
                                      PID:1832
                                    • C:\Windows\SysWOW64\explorer.exe
                                      "C:\Windows\SysWOW64\explorer.exe"
                                      8⤵
                                        PID:2816
                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                        "C:\Windows\system32\Windowssupdate.exe"
                                        8⤵
                                        • Executes dropped EXE
                                        • Checks computer location settings
                                        • Adds Run key to start application
                                        • Suspicious use of SetThreadContext
                                        PID:2040
                                        • C:\Windows\SysWOW64\notepad.exe
                                          notepad
                                          9⤵
                                            PID:4724
                                          • C:\Windows\SysWOW64\explorer.exe
                                            "C:\Windows\SysWOW64\explorer.exe"
                                            9⤵
                                            • Checks processor information in registry
                                            PID:1796
                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                            "C:\Windows\system32\Windowssupdate.exe"
                                            9⤵
                                            • Executes dropped EXE
                                            • Checks computer location settings
                                            • Suspicious use of SetThreadContext
                                            PID:4748
                                            • C:\Windows\SysWOW64\notepad.exe
                                              notepad
                                              10⤵
                                                PID:2216
                                              • C:\Windows\SysWOW64\explorer.exe
                                                "C:\Windows\SysWOW64\explorer.exe"
                                                10⤵
                                                  PID:4388
                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                  10⤵
                                                  • Modifies WinLogon for persistence
                                                  • Executes dropped EXE
                                                  • Checks computer location settings
                                                  • Drops file in System32 directory
                                                  • Suspicious use of SetThreadContext
                                                  PID:4800
                                                  • C:\Windows\SysWOW64\notepad.exe
                                                    notepad
                                                    11⤵
                                                    • Adds Run key to start application
                                                    PID:4180
                                                  • C:\Windows\SysWOW64\explorer.exe
                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                    11⤵
                                                      PID:3524
                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                      11⤵
                                                        PID:3344
                                                        • C:\Windows\SysWOW64\notepad.exe
                                                          notepad
                                                          12⤵
                                                          • Adds Run key to start application
                                                          PID:4392
                                                        • C:\Windows\SysWOW64\explorer.exe
                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                          12⤵
                                                          • Checks BIOS information in registry
                                                          • Checks processor information in registry
                                                          PID:2248
                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                          12⤵
                                                          • Modifies WinLogon for persistence
                                                          • Executes dropped EXE
                                                          • Checks computer location settings
                                                          • Drops file in System32 directory
                                                          • Suspicious use of SetThreadContext
                                                          • Enumerates system info in registry
                                                          PID:4300
                                                          • C:\Windows\SysWOW64\notepad.exe
                                                            notepad
                                                            13⤵
                                                              PID:4248
                                                            • C:\Windows\SysWOW64\explorer.exe
                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                              13⤵
                                                              • Checks BIOS information in registry
                                                              PID:3496
                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                              13⤵
                                                              • Executes dropped EXE
                                                              • Checks BIOS information in registry
                                                              • Adds Run key to start application
                                                              • Suspicious use of SetThreadContext
                                                              • Checks processor information in registry
                                                              PID:3888
                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                notepad
                                                                14⤵
                                                                • Adds Run key to start application
                                                                PID:2272
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                14⤵
                                                                • Checks BIOS information in registry
                                                                • Enumerates system info in registry
                                                                PID:2916
                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                14⤵
                                                                  PID:4792
                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                    notepad
                                                                    15⤵
                                                                    • Adds Run key to start application
                                                                    PID:560
                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                    15⤵
                                                                      PID:4680
                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                      15⤵
                                                                      • Modifies WinLogon for persistence
                                                                      • Executes dropped EXE
                                                                      • Checks BIOS information in registry
                                                                      • Checks computer location settings
                                                                      • Suspicious use of SetThreadContext
                                                                      PID:1896
                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                        notepad
                                                                        16⤵
                                                                        • Drops file in System32 directory
                                                                        PID:1996
                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                        16⤵
                                                                          PID:1708
                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                          16⤵
                                                                          • Modifies WinLogon for persistence
                                                                          • Executes dropped EXE
                                                                          • Drops file in System32 directory
                                                                          • Suspicious use of SetThreadContext
                                                                          • Enumerates system info in registry
                                                                          PID:2816
                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                            notepad
                                                                            17⤵
                                                                              PID:2864
                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                              17⤵
                                                                              • Checks processor information in registry
                                                                              PID:4728
                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                              17⤵
                                                                              • Modifies WinLogon for persistence
                                                                              • Executes dropped EXE
                                                                              • Checks computer location settings
                                                                              • Adds Run key to start application
                                                                              • Suspicious use of SetThreadContext
                                                                              • Enumerates system info in registry
                                                                              PID:1464
                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                notepad
                                                                                18⤵
                                                                                  PID:4996
                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                  18⤵
                                                                                    PID:3364
                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                    18⤵
                                                                                    • Modifies WinLogon for persistence
                                                                                    • Executes dropped EXE
                                                                                    • Checks computer location settings
                                                                                    • Drops file in System32 directory
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • Checks processor information in registry
                                                                                    • Enumerates system info in registry
                                                                                    PID:3412
                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                      notepad
                                                                                      19⤵
                                                                                        PID:4496
                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                        19⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:3344
                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                        19⤵
                                                                                        • Executes dropped EXE
                                                                                        • Adds Run key to start application
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Checks processor information in registry
                                                                                        PID:2172
                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                          notepad
                                                                                          20⤵
                                                                                            PID:3012
                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                            20⤵
                                                                                              PID:3076
                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                              20⤵
                                                                                              • Modifies WinLogon for persistence
                                                                                              • Executes dropped EXE
                                                                                              • Checks computer location settings
                                                                                              • Adds Run key to start application
                                                                                              • Drops file in System32 directory
                                                                                              • Suspicious use of SetThreadContext
                                                                                              • Checks processor information in registry
                                                                                              PID:3752
                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                21⤵
                                                                                                • Checks BIOS information in registry
                                                                                                PID:4212
                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                notepad
                                                                                                21⤵
                                                                                                • Modifies WinLogon for persistence
                                                                                                • Executes dropped EXE
                                                                                                • Checks BIOS information in registry
                                                                                                • Drops file in System32 directory
                                                                                                • Suspicious use of SetThreadContext
                                                                                                • Enumerates system info in registry
                                                                                                PID:4792
                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                21⤵
                                                                                                • Modifies WinLogon for persistence
                                                                                                • Executes dropped EXE
                                                                                                • Checks computer location settings
                                                                                                • Drops file in System32 directory
                                                                                                • Suspicious use of SetThreadContext
                                                                                                • Checks processor information in registry
                                                                                                PID:1708
                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                  notepad
                                                                                                  22⤵
                                                                                                    PID:1676
                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                    22⤵
                                                                                                    • Checks BIOS information in registry
                                                                                                    PID:4052
                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                    22⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Checks computer location settings
                                                                                                    • Drops file in System32 directory
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    PID:4660
                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                      notepad
                                                                                                      23⤵
                                                                                                        PID:4868
                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                        23⤵
                                                                                                        • Checks processor information in registry
                                                                                                        PID:3364
                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                        23⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Checks BIOS information in registry
                                                                                                        • Checks computer location settings
                                                                                                        • Suspicious use of SetThreadContext
                                                                                                        • Enumerates system info in registry
                                                                                                        PID:2420
                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                          notepad
                                                                                                          24⤵
                                                                                                            PID:2160
                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                            24⤵
                                                                                                            • Enumerates system info in registry
                                                                                                            PID:1512
                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                            24⤵
                                                                                                            • Modifies WinLogon for persistence
                                                                                                            • Executes dropped EXE
                                                                                                            • Checks computer location settings
                                                                                                            • Drops file in System32 directory
                                                                                                            • Suspicious use of SetThreadContext
                                                                                                            • Enumerates system info in registry
                                                                                                            PID:3132
                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                              notepad
                                                                                                              25⤵
                                                                                                                PID:5008
                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                25⤵
                                                                                                                • Checks BIOS information in registry
                                                                                                                PID:2440
                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                25⤵
                                                                                                                • Modifies WinLogon for persistence
                                                                                                                • Executes dropped EXE
                                                                                                                • Checks BIOS information in registry
                                                                                                                • Checks computer location settings
                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                PID:4540
                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                  notepad
                                                                                                                  26⤵
                                                                                                                  • Adds Run key to start application
                                                                                                                  PID:2804
                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                  26⤵
                                                                                                                    PID:4240
                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                    26⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Checks computer location settings
                                                                                                                    • Drops file in System32 directory
                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                    • Enumerates system info in registry
                                                                                                                    PID:3968
                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                      notepad
                                                                                                                      27⤵
                                                                                                                        PID:4404
                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                        27⤵
                                                                                                                          PID:4808
                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                          27⤵
                                                                                                                            PID:5164
                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                            27⤵
                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Checks BIOS information in registry
                                                                                                                            • Checks computer location settings
                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                            PID:5156
                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                              28⤵
                                                                                                                                PID:5228
                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                notepad
                                                                                                                                28⤵
                                                                                                                                • Adds Run key to start application
                                                                                                                                PID:5208
                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                28⤵
                                                                                                                                  PID:5364
                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                  28⤵
                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Checks computer location settings
                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                  PID:5356
                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                    29⤵
                                                                                                                                      PID:5424
                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                      notepad
                                                                                                                                      29⤵
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • Drops file in System32 directory
                                                                                                                                      PID:5412
                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                      29⤵
                                                                                                                                        PID:5520
                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                          notepad
                                                                                                                                          30⤵
                                                                                                                                            PID:5592
                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                            30⤵
                                                                                                                                              PID:5604
                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                              30⤵
                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              • Checks processor information in registry
                                                                                                                                              PID:5684
                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                notepad
                                                                                                                                                31⤵
                                                                                                                                                  PID:5728
                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                  31⤵
                                                                                                                                                    PID:5744
                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                    31⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                    PID:5832
                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                      notepad
                                                                                                                                                      32⤵
                                                                                                                                                        PID:5872
                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                        32⤵
                                                                                                                                                          PID:5888
                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                          32⤵
                                                                                                                                                            PID:6012
                                                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                            32⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                            • Checks computer location settings
                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                            PID:6000
                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                              notepad
                                                                                                                                                              33⤵
                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                              PID:6048
                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                              33⤵
                                                                                                                                                                PID:6064
                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                33⤵
                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                PID:4540
                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                  34⤵
                                                                                                                                                                    PID:4584
                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                    notepad
                                                                                                                                                                    34⤵
                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                    PID:1080
                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                    34⤵
                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                    PID:5228
                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                    34⤵
                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                    PID:5440
                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                      35⤵
                                                                                                                                                                        PID:5360
                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                        notepad
                                                                                                                                                                        35⤵
                                                                                                                                                                          PID:5516
                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                          35⤵
                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                          PID:5524
                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                            notepad
                                                                                                                                                                            36⤵
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            PID:5824
                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                            36⤵
                                                                                                                                                                              PID:5828
                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                              36⤵
                                                                                                                                                                                PID:6120
                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                36⤵
                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                PID:6088
                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                  notepad
                                                                                                                                                                                  37⤵
                                                                                                                                                                                    PID:6044
                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                    37⤵
                                                                                                                                                                                      PID:6064
                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                      37⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                      PID:5160
                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                        notepad
                                                                                                                                                                                        38⤵
                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                        PID:5644
                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                        38⤵
                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                        PID:5468
                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                        38⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                        PID:5972
                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                          notepad
                                                                                                                                                                                          39⤵
                                                                                                                                                                                            PID:6028
                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                            39⤵
                                                                                                                                                                                              PID:4584
                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                              39⤵
                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                              PID:5608
                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                notepad
                                                                                                                                                                                                40⤵
                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                PID:5488
                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                40⤵
                                                                                                                                                                                                  PID:5936
                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                  40⤵
                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                  PID:6116
                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                    41⤵
                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                    PID:6188
                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                    notepad
                                                                                                                                                                                                    41⤵
                                                                                                                                                                                                      PID:6172
                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                      41⤵
                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                      PID:6276
                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                        notepad
                                                                                                                                                                                                        42⤵
                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                        PID:6324
                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                        42⤵
                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                        PID:6340
                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                        42⤵
                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                        PID:6428
                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                          notepad
                                                                                                                                                                                                          43⤵
                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                          PID:6484
                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                          43⤵
                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                          PID:6496
                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                          43⤵
                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                          PID:6576
                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                            notepad
                                                                                                                                                                                                            44⤵
                                                                                                                                                                                                              PID:6632
                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                              44⤵
                                                                                                                                                                                                                PID:6740
                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                44⤵
                                                                                                                                                                                                                  PID:6832
                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                  44⤵
                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                  PID:6820
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                    45⤵
                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                    PID:6880
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                    45⤵
                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                    PID:6892
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                    45⤵
                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                    PID:6952
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                      46⤵
                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                      PID:7040
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                      46⤵
                                                                                                                                                                                                                        PID:7028
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                        46⤵
                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                        PID:7164
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                          47⤵
                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                          PID:5996
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                          47⤵
                                                                                                                                                                                                                            PID:6240
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                            47⤵
                                                                                                                                                                                                                              PID:6388
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                              47⤵
                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                              PID:6392
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                48⤵
                                                                                                                                                                                                                                  PID:6344
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                  48⤵
                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                  PID:6412
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                  48⤵
                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                  PID:6584
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                    49⤵
                                                                                                                                                                                                                                      PID:5768
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                      49⤵
                                                                                                                                                                                                                                        PID:5688
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                        49⤵
                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                        PID:6580
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                          50⤵
                                                                                                                                                                                                                                            PID:5320
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                            50⤵
                                                                                                                                                                                                                                              PID:6720
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                              50⤵
                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                              PID:6960
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                51⤵
                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                PID:5092
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                51⤵
                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                PID:6992
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                51⤵
                                                                                                                                                                                                                                                  PID:6168
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                  51⤵
                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                  PID:6360
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                    52⤵
                                                                                                                                                                                                                                                      PID:6240
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                      52⤵
                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                      PID:6424
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                      52⤵
                                                                                                                                                                                                                                                        PID:6380
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                        52⤵
                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                        PID:6432
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                                          53⤵
                                                                                                                                                                                                                                                            PID:5684
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                            53⤵
                                                                                                                                                                                                                                                              PID:5564
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                              53⤵
                                                                                                                                                                                                                                                                PID:7000
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                53⤵
                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                PID:6812
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                  54⤵
                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                  PID:6720
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                  54⤵
                                                                                                                                                                                                                                                                    PID:1020
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                    54⤵
                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                    PID:6572
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                      55⤵
                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                      PID:6756
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                      55⤵
                                                                                                                                                                                                                                                                        PID:6616
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                        55⤵
                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                        PID:6692
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                          56⤵
                                                                                                                                                                                                                                                                            PID:6684
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                            56⤵
                                                                                                                                                                                                                                                                              PID:4520
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                              56⤵
                                                                                                                                                                                                                                                                                PID:6468
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                56⤵
                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                PID:2472
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                  57⤵
                                                                                                                                                                                                                                                                                    PID:7192
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                    57⤵
                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                    PID:7208
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                    57⤵
                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                    PID:7296
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                                      58⤵
                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                      PID:7340
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                      58⤵
                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                      PID:7352
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                      58⤵
                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                      PID:7440
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                        59⤵
                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                        PID:7492
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                        59⤵
                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                        PID:7512
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                        59⤵
                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                        PID:7588
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                                                                          60⤵
                                                                                                                                                                                                                                                                                            PID:7636
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                            60⤵
                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                            PID:7648
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                            60⤵
                                                                                                                                                                                                                                                                                              PID:7748
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                              60⤵
                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                              PID:7736
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                61⤵
                                                                                                                                                                                                                                                                                                  PID:7796
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                  61⤵
                                                                                                                                                                                                                                                                                                    PID:7784
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                    61⤵
                                                                                                                                                                                                                                                                                                      PID:7888
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                        62⤵
                                                                                                                                                                                                                                                                                                          PID:7948
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                          62⤵
                                                                                                                                                                                                                                                                                                            PID:7960
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                            62⤵
                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                            PID:8040
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                              63⤵
                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                              PID:8096
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                              63⤵
                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                              PID:8084
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                              63⤵
                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                              PID:8188
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                64⤵
                                                                                                                                                                                                                                                                                                                  PID:6752
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                  64⤵
                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                  PID:1088
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                  64⤵
                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                  PID:2472
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                    65⤵
                                                                                                                                                                                                                                                                                                                      PID:7380
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                      65⤵
                                                                                                                                                                                                                                                                                                                        PID:7328
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                        65⤵
                                                                                                                                                                                                                                                                                                                          PID:7484
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                            66⤵
                                                                                                                                                                                                                                                                                                                              PID:7732
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                              66⤵
                                                                                                                                                                                                                                                                                                                                PID:7708
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                66⤵
                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                PID:7836
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                  67⤵
                                                                                                                                                                                                                                                                                                                                    PID:7764
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                    67⤵
                                                                                                                                                                                                                                                                                                                                      PID:7976
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                      67⤵
                                                                                                                                                                                                                                                                                                                                        PID:8120
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                        67⤵
                                                                                                                                                                                                                                                                                                                                          PID:7888
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                            68⤵
                                                                                                                                                                                                                                                                                                                                              PID:8044
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                                                              68⤵
                                                                                                                                                                                                                                                                                                                                                PID:8124
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                68⤵
                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                PID:7216
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                  69⤵
                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                  PID:100
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                  69⤵
                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                  PID:7528
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                  69⤵
                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                  PID:7464
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                    70⤵
                                                                                                                                                                                                                                                                                                                                                      PID:7920
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                                                                                                      70⤵
                                                                                                                                                                                                                                                                                                                                                        PID:7992
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                        70⤵
                                                                                                                                                                                                                                                                                                                                                          PID:7212
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                            71⤵
                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                            PID:7888
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                            71⤵
                                                                                                                                                                                                                                                                                                                                                              PID:7680
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                              71⤵
                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                              PID:7928
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                72⤵
                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                PID:7920
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                72⤵
                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                PID:7484
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                72⤵
                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                PID:8116
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                  73⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:7396
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                    73⤵
                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                    PID:8044
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                    73⤵
                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                    PID:8252
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                                                                                                                      74⤵
                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                      PID:8304
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                      74⤵
                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                      PID:8316
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                      74⤵
                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                      PID:8396
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                        75⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:8440
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 72
                                                                                                                                                                                                                                                                                                                                                                            76⤵
                                                                                                                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                                                                                                                            PID:8888
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                          75⤵
                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                          PID:8452
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                          75⤵
                                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                          PID:8536
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                            76⤵
                                                                                                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                            PID:8604
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                            76⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:8592
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                              76⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:8692
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                76⤵
                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                PID:8684
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                  77⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:8748
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                    77⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:8736
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                      77⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                      PID:8832
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                        78⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:8872
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                          78⤵
                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                          PID:8884
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                          78⤵
                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                          PID:8976
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                            79⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:9028
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                              79⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                              PID:9040
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                              79⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                              PID:9120
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                80⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                PID:9172
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                80⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:9184
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                  80⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:8232
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                    80⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                    PID:6752
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                                                                                                                                                      81⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:8356
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        81⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:8344
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          81⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:8532
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                                                                                                                              82⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:8524
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                82⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                PID:8616
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                82⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                PID:8768
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                  83⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8688
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                    83⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8748
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                      83⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8840
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                        84⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9072
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                          84⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9012
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            84⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8208
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              84⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8220
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                85⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8376
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                85⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8468
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                  85⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8540
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                    86⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8532
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                    86⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8928
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      86⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9204
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        87⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7212
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                        87⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9048
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        87⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8788
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                          87⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8212
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                            88⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8800
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                              88⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8520
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                              88⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6864
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                  89⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9268
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    89⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9280
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    89⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9376
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      90⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9436
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                        90⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9424
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          90⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9552
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                            91⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9604
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                              91⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9616
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                91⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9704
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  91⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    92⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9752
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    92⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    92⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        93⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          93⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9904
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          93⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9456
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            98⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9756
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              98⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              98⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                99⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  99⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  99⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    100⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    100⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      100⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        101⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        101⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        101⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8928
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6728
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9724
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10416
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10464
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10756
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10360
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10672
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10416
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10296
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\SysWOW64\explorer.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\Windowssupdate.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        notepad
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Program crash
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        101⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        100⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        99⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        98⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        95⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        94⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        93⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        92⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      90⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9560
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      89⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      88⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    86⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    85⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  83⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  82⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  81⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                79⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                78⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                77⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              75⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              74⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              73⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              72⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              71⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7236
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              70⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              69⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              68⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            66⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            65⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7572
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            64⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            63⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            62⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            61⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7900
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          59⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          58⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          57⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        55⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        54⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  50⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  49⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  48⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                46⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5752
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                45⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              43⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              42⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              41⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              40⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              39⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              38⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            37⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          35⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      33⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:4680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    31⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    30⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    29⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                26⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                25⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                24⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                23⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                22⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                21⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                20⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                19⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                18⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                17⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                16⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              15⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              14⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4336
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\notepad.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5872 -ip 5872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 8440 -ip 8440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 11144 -ip 11144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11336

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MITRE ATT&CK Enterprise v6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\Windowssupdate.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    659KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    25c15339a4bc59109a702aea175a4278

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    b7f42b8830b228e3af0210f7fea252430eaaefe3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/956-151-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1020-464-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1132-185-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1132-187-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1164-168-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1512-310-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1708-261-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/1796-207-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/2440-314-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/2816-197-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/2916-242-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3076-290-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3344-284-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3364-278-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3364-282-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3364-304-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3496-233-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/3524-223-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4052-300-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4212-295-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4232-160-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4240-320-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4352-136-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4352-137-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4352-139-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4352-140-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4352-135-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4388-216-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4584-386-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4584-360-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4584-388-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4680-255-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4680-253-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4728-272-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4808-326-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4808-324-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/4920-176-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5228-331-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5360-366-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5424-335-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5468-381-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5564-459-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5604-340-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5688-438-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5744-345-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5828-371-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5828-370-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5888-350-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/5936-393-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6064-355-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6064-376-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6188-397-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6240-429-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6340-402-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6412-433-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6424-454-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6496-407-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6684-474-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6720-447-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6740-412-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6756-469-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6892-418-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6892-422-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6992-449-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/6992-448-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/7040-423-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • memory/7208-479-0x0000000013140000-0x00000000131F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    728KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Download