Analysis Overview
SHA256
9b856c6a571edd8c70305158af1f1449e78ba9e1907a24790e2e7729c1fd2c3e
Threat Level: Known bad
The file 9bcee627a1e4caf0ce3fd76712c3a3d6 was found to be: Known bad.
Malicious Activity Summary
Modifies visiblity of hidden/system files in Explorer
Modifies WinLogon for persistence
Warzone RAT payload
WarzoneRat, AveMaria
Warzonerat family
Warzone RAT payload
Modifies Installed Components in the registry
Executes dropped EXE
UPX packed file
Drops startup file
Loads dropped DLL
Adds Run key to start application
Suspicious use of SetThreadContext
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-14 13:33
Signatures
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Warzonerat family
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-14 13:33
Reported
2024-02-14 13:36
Platform
win7-20231215-en
Max time kernel
121s
Max time network
117s
Command Line
Signatures
WarzoneRat, AveMaria
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\spoolsv.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\spoolsv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" | \??\c:\windows\system\explorer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2144 set thread context of 2520 | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe |
| PID 2520 set thread context of 2692 | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe |
| PID 2520 set thread context of 1948 | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | C:\Windows\SysWOW64\diskperf.exe |
| PID 3032 set thread context of 1692 | N/A | \??\c:\windows\system\explorer.exe | \??\c:\windows\system\explorer.exe |
| PID 1692 set thread context of 1356 | N/A | \??\c:\windows\system\explorer.exe | \??\c:\windows\system\explorer.exe |
| PID 1692 set thread context of 1860 | N/A | \??\c:\windows\system\explorer.exe | C:\Windows\SysWOW64\diskperf.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\explorer.exe | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| File opened for modification | \??\c:\windows\system\explorer.exe | \??\c:\windows\system\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\explorer.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\spoolsv.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\system\spoolsv.exe | N/A |
| N/A | N/A | \??\c:\windows\system\spoolsv.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
"C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\explorer.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
Network
Files
memory/2144-0-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2520-2-0x0000000000300000-0x0000000000400000-memory.dmp
memory/2520-3-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2144-4-0x00000000003A0000-0x00000000003E6000-memory.dmp
memory/2520-6-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-8-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-9-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-10-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-11-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-12-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-13-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-14-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-16-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-17-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-18-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-20-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-22-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-23-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-24-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2520-26-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-29-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-33-0x0000000000400000-0x0000000000628000-memory.dmp
memory/2144-32-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2520-31-0x0000000000400000-0x0000000000628000-memory.dmp
memory/2520-34-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-35-0x0000000000400000-0x0000000000628000-memory.dmp
memory/2520-36-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-37-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-38-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-39-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-40-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-42-0x0000000000400000-0x0000000000628000-memory.dmp
memory/2520-43-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-41-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-44-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2520-45-0x0000000000400000-0x0000000000628000-memory.dmp
memory/2520-47-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2692-58-0x0000000000400000-0x000000000043E000-memory.dmp
memory/2692-54-0x0000000000400000-0x000000000043E000-memory.dmp
memory/2520-62-0x0000000007200000-0x0000000007246000-memory.dmp
memory/1948-65-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2692-52-0x0000000000400000-0x000000000043E000-memory.dmp
memory/1948-67-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2692-50-0x0000000000400000-0x000000000043E000-memory.dmp
memory/1948-69-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2692-70-0x0000000000400000-0x000000000043E000-memory.dmp
memory/2520-73-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2520-75-0x0000000000400000-0x0000000000628000-memory.dmp
memory/1948-78-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Windows\system\explorer.exe
| MD5 | 0612afb3e27451c56aaaf412088db0bc |
| SHA1 | 8913d87d487bc94c91b045dfe6f64e16a16059ca |
| SHA256 | 97ac3821b5bbf7c56fd7d5e3f4f7a99859855a72c711259f5148739c1de64168 |
| SHA512 | 726fe4ada9f97ed88418086c872cd7bbb07c97c9b4f94eca72a9b583ff4cbeb013f9fb229183c51cf76d62c01965474e5486d0ddfac47230368176ad7c282f3f |
\Windows\system\explorer.exe
| MD5 | cf49da956bedd4089ec7a90413064f2d |
| SHA1 | 5992bf0356e7d7d38fe1968e39c120b2bda81b86 |
| SHA256 | ef61dfbf788742e51e1cc46d755fa60b484e1e41c86aa9063719929ca9c6b99c |
| SHA512 | ff30d8b203d8b47f6ccd0bdbf15f4691122128c6bee0af2589b228529dbce7ed3ede06110a7edaee012a6181a383015ace7e29188af9c36e89073f2c48ba5924 |
C:\Windows\system\explorer.exe
| MD5 | eb4ffa0a3988075ff10a40877b342593 |
| SHA1 | 72c3226072de364886658048b65d01780cb6a6c7 |
| SHA256 | 5942bead0c403c32cf4317062838146587b991fc53c97691b3b896e6d1556454 |
| SHA512 | d2e19abad69f5065fe325e84accd183fa0b6da80f41ebb63492ce07621e60ef2c14bd0888c42410e5895ff063563d8371965fe8ed2495849cbf4c532e56b0693 |
memory/3032-91-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2692-93-0x0000000001EE0000-0x0000000001F26000-memory.dmp
\??\c:\windows\system\explorer.exe
| MD5 | 1807925bb74d3ea25f20729902ee25fd |
| SHA1 | e76f325c6c50c655bd4ea55f474ae3ef26f49092 |
| SHA256 | 327b672e3d07f197e4d46ef0dfb240174960d520e3281d425368482884e7b205 |
| SHA512 | e7d47c94addcf054afe80dd3ec247ad39435e311e57553d45893d5b94db5cb726b3e2d58fc703e6135a579351dcd368f39e116081ac6ed1790286203969857bb |
\Windows\system\explorer.exe
| MD5 | c663ba8c701bcb066efdf27e9a64f837 |
| SHA1 | 2c926f2bd5d80e32dd09b54bd706b4be8aa3813a |
| SHA256 | 3263c643b73bcab1374273b0d653eb4059d2ce6a495706f20b9915ee487ddc72 |
| SHA512 | 6e0bfe2dce52bcc3716924758d6f5da8953dd05d891e6029491bfbf187b73332843236383a8ed89e99aea3f4b2d8b98c4148bac66f01e12e0415ff13e76ce11f |
memory/2692-85-0x0000000001EE0000-0x0000000001F26000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
| MD5 | 8445bfa5a278e2f068300c604a78394b |
| SHA1 | 9fb4eef5ec2606bd151f77fdaa219853d4aa0c65 |
| SHA256 | 5ddf324661da70998e89da7469c0eea327faae9216b9abc15c66fe95deec379c |
| SHA512 | 8ad7d18392a15cabbfd4d30b2e8a2aad899d35aba099b5be1f6852ca39f58541fb318972299c5728a30fd311db011578c3aaf881fa8b8b42067d2a1e11c50822 |
C:\Windows\system\explorer.exe
| MD5 | 91f6c745e0923e0abc76f13bd0f7174e |
| SHA1 | d13a2e519d2d93eb1d32b9019b680f9d0233ab4a |
| SHA256 | 39a2b346c41a34cdec1034b28c4f1be27f7c3d0bda79531c626245e463f34838 |
| SHA512 | 94b54173dbedeaa73fee40a872819bbc19b967c25d4e3a93561e92ff5e996663ca02f5c3ad59bb88fc1d403d491b052d9a272eaecb19c37a3d59e7d9d2b9e718 |
memory/1692-134-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2692-137-0x0000000000400000-0x000000000043E000-memory.dmp
memory/1948-139-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1692-144-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1692-153-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1692-156-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\system\explorer.exe
| MD5 | 3cfdf2ddf2e502abaf85d91b18546efe |
| SHA1 | 6eb2f2367135a2543258051cefe5c5aee7c32201 |
| SHA256 | 08b22cd89d1eecad9c21d8cf5ff3262b5475827dcca2a7a74b9eed12fd3d805a |
| SHA512 | ee7b44cd0899ec745f452ad03edbddac133ebcce90d8f3918fd60ff343e62d77ae3b368d29d5ba20d31e7849bbb15739cb1c09a32a680d164423b16cfba61d74 |
C:\Users\Admin\AppData\Local\Chrome\StikyNot.exe
| MD5 | e51597f0e28eb72c6d1afc5d68777e1a |
| SHA1 | 536ec194342d07cc58faff2c044e8b5e7c1bd40b |
| SHA256 | f6ffa8333e82869357ef5e427b24042fc0a307dfdfa03ce2beafbea18be2738b |
| SHA512 | 7377d41e0bb18b24fa7591a24361505663a0798e363de8ceab11ba1227105984ec7351819f6d065f19f57ce4ed9bdda5d0f3f73a5ba953d77d15d9f0b85c8177 |
C:\Users\Admin\AppData\Local\Temp\Disk.sys
| MD5 | 554e0cc02e3b13aaddda9196e706ee5a |
| SHA1 | af22fbdcce86868e68dbc2617fd584273d28bfe7 |
| SHA256 | d64d56bf07dfbe922eb1a7c1e8162ef29f9a8f2fab52f852748117bca5e4003d |
| SHA512 | f1bad9fed505c8f1182ca6e5e345a8db32d1ff5ccd010fab5276c332706beede2e3564ffd62f33b4a4b8e21e2fc28ac385be1c63e912cbdd26996ff75b095749 |
memory/1692-190-0x0000000000400000-0x0000000001990000-memory.dmp
memory/1860-191-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1692-194-0x0000000000400000-0x0000000001400000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 4c1d3970c98c93d2eebf059159e552a1 |
| SHA1 | e842f11a9936866633998467ada4cd5c2d2e87ec |
| SHA256 | 045c40743bc6572ed342e6e2db66cced79703b769ca5d17efe424fdad0fa1ff8 |
| SHA512 | 4ad1ac11d3bf6bed5714da05b0f7ec7d85c5ebff02c0836d436fb8e7d7073f23836fd4faa1e962a23b9af3266053881037dd87e03308f63319795cf3142cd875 |
\??\c:\windows\system\spoolsv.exe
| MD5 | 1a6486968aaf30e232975f485c5881af |
| SHA1 | 438913eaf133ea29f89405e3baee0e04d56a954e |
| SHA256 | dc910cd5534fafbd5c9794b91694b208fe2856b7978b84530e46a7464307009e |
| SHA512 | 4e62e7a48049956d83dcc41ea5274b4bbd4a6669f5bd2c6b0472cdb07a21bc6a7998b753b7047eb37cfd8020b35c93dae85f4f311cb9f585aecdfbfe7cb937df |
memory/1356-205-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/784-204-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | c3ad980436c63490c196f3ddee0aaf52 |
| SHA1 | 7c1c80aa8149a268cdb62105ffbaea1b214e279e |
| SHA256 | 4bd6f142fa0d784f18ed0ac5dcf44689ff10271eb3459e1a59628b3794ddf88f |
| SHA512 | 8f3c0b99d0b3aac5bfe0993e4df7c7239b40edffee683750c91385c223642a7ff42095723d75e1296fdaa474182fbb742f41166ac07d7028de353bbc50287201 |
memory/1356-201-0x0000000002B70000-0x0000000002BB6000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 8e3268c291d2f7e0017896e068ea4423 |
| SHA1 | dbeba471c9bb94ff943288969f6566e3ee0f7b08 |
| SHA256 | e4f7694871d4b8fbdbad44bcf1bb27c9a9b1c2cccd2e78ebc2917fbac6283756 |
| SHA512 | 7b6ca1e2babd539ae17a92fe53b526f5b78aeaff8d8c4f0490e73de83fdb444c9e4636d96ee6541d6e7d5fd47e2b3d7122d23143e560dceb981ebaee53721410 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
| MD5 | 13222a4bb413aaa8b92aa5b4f81d2760 |
| SHA1 | 268a48f2fe84ed49bbdc1873a8009db8c7cba66a |
| SHA256 | d170ac99460f9c1fb30717345b1003f8eb9189c26857ca26d3431590e6f0e23d |
| SHA512 | eee47ead9bef041b510ee5e40ebe8a51abd41d8c1fe5de68191f2b996feaa6cc0b8c16ed26d644fbf1d7e4f40920d7a6db954e19f2236d9e4e3f3f984f21b140 |
\Windows\system\spoolsv.exe
| MD5 | 261450513ead153a3ef7973a73dc19e4 |
| SHA1 | c1a39ec148c6f3a63ffde6cc174c365daf3bc65f |
| SHA256 | 1a5640b10413839409831ba7dfc24deb2b700181bc979a2375445615ef962897 |
| SHA512 | f0557eb8cd1c2d0107932b9360ef9e8d1fcf81224500e097dbace3dd230378fd4d80f9973d37eb4cdd4c1880cfdb5048d7a36bb1932ed2084dfb5db0b7d8a4cc |
C:\Windows\system\spoolsv.exe
| MD5 | a59c2a594f6335b30f0571787a9d0392 |
| SHA1 | ebf3d7b5b7640a29308ec03814a8a03d0018505c |
| SHA256 | cb4fec4f9ff29892026bcfffcb46a5324999bca01e807049aaaef4782de6b604 |
| SHA512 | fb7038998807e255ec356b8474e2dc2960d5c72fd36f346fa0f7f1a130bb2bc4ac9f842766a7a913f6de285052e54fc07d955eb670e83d36819aa41376601884 |
memory/1356-249-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/2828-251-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | ee21cd56a045cfe316c7051ef1927ab5 |
| SHA1 | 6c290f24c32e8d1db6d69c742c381568d364a881 |
| SHA256 | f72898b131edd832b8858470538acf70ee04d54f13a4dc1955042e330692ee26 |
| SHA512 | 43230b1502eada29245e72f6a868deaa1a58b2db8e777e78a9e672074721c7463fe236e1c2162d5148bc370ca0529f186429bbee30b2df4320f35a44d40a3e67 |
\Windows\system\spoolsv.exe
| MD5 | c2c41bb3a4d439d2126a5f48b83c3afb |
| SHA1 | cb6e6c6adaf1c531ce9b809ea14173f88dbd519e |
| SHA256 | 0e576adac3fe5f1d762aea9bf237ba10c7a4a27ee543b8aabac488b8206f6f3c |
| SHA512 | 4843abe2da92938872263ca65b7608010ad7b013537934acd20c7243b53146205b8eaf36de46e003431a84742d38b3b48bd6acf858c495f9fb83009ab8719c59 |
\Windows\system\spoolsv.exe
| MD5 | 41fb42cea18796fe6eaa84feb8feacfa |
| SHA1 | a9c82a87d7ee25c28d82373f82328b7eeaa929d8 |
| SHA256 | 7225a19bd5514c0c4ce0a9f8822fdfc225fbdf325162d0496ef76ae6e665a474 |
| SHA512 | 4d9ec0496487b3ae6719df7b671fdc710d09297f54f831f209f75726b2a9bbe5370ac8df32bea6793e683484a7bdbe95205fa590c5bc738c6730f1b15c9181c7 |
\Windows\system\spoolsv.exe
| MD5 | c0fa754bf5e9c2ed3c8c068e06bc2997 |
| SHA1 | 409cc2bdc454baec0cf851eefc6b997e4e6efa25 |
| SHA256 | f08d87b87e2d01c932597eb26947980ede10b690b589ee4468b96e9f916778b3 |
| SHA512 | 5ee297d8cc146c7b6cade32d8fd894b77eab11fabe53c91d5acf81bd52ae8b324ee7983b51618156884ad5b4f150f57256aed709422d2a3b296a03fc1ecc3e8d |
memory/876-263-0x00000000001B0000-0x00000000001B1000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | e4258c8a1d770eb96268155bf7b5ddef |
| SHA1 | 6a27590ab0c0a6c93c5afa23a89921e6690fc0c3 |
| SHA256 | b537804bebe4b0ba6640580ea9c8e6466c4bb87c637925f49c0c9b070a318255 |
| SHA512 | fa629a7022b6ebcf439cc5bb4007b803ff94acbb98a5ac1692bcf7149e4aab11f0411501a2b8046ce333e7684a05dfa16aafd8ddc47021c354afcbc100aa4ea6 |
C:\Windows\system\spoolsv.exe
| MD5 | 346d00cb7946fdfed4f96006f84f9487 |
| SHA1 | ae397ca8022de673f6a263e5b59ef317eae671e4 |
| SHA256 | 6b9415baaa568d295e68a02199403643e323e77c9e038c47dda738de2264ef93 |
| SHA512 | 8b7a6d66487de1e80a10fdcdae3ea8584bff0dc1a55a14c5ff7a9ad817fe68aad02833430c845a180ef5f9d204cf8bea7e1d93cc6208f209680b50aed4af41d2 |
memory/1572-299-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1356-301-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1356-296-0x0000000000400000-0x000000000043E000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 11ab8f692de1b684e544f44126612b59 |
| SHA1 | 4c67767db54988a5fda60b61c4a8ecb93d7a113c |
| SHA256 | de59f3aa113b68973094276a81a36e41b8abfd4ed38a54a7b1decf9c4a6b102e |
| SHA512 | 09adaf6a773a8e5850e9e6d0230a11a915fa4377227dfcb8476e81f0d7ad47b999053caf81390971130e0141b3d18dc090814d24b15d7c7737b0538bd393c08f |
\Windows\system\spoolsv.exe
| MD5 | 828fe96648dfa0a5db2be85de0f5755a |
| SHA1 | 620d8dd21781e4709c065fded80c28f4f3f3e8a3 |
| SHA256 | e14611cc62370f679d85560a4a12e50bfa1448bd82348c4f315f13530b8fe84a |
| SHA512 | 8db6395eb2757092c9805298f711053e35590f993b6bfb48242facadfdbec59ef14f176fff43df174a07648e77c500b3cab7743851907c2f2f99fde3fb17ddec |
\Windows\system\spoolsv.exe
| MD5 | 0ff4766c22e11d6046392c2a9a89c3cd |
| SHA1 | 31e55d650ee62528b13448fdc8cbb60e02f2de09 |
| SHA256 | 0cd2c22f08336621cc29ba02127a0d0e66cd72698ba5e3a48e73ab46d0f6e70a |
| SHA512 | b75deb86b025f3cf15604800dc31baa725b5904266aa0d2917809f3f1dd985b4894b6bf0a39ab7ac0b19e1af2bbe468b87e1b70b97df787d697609b0d07df4fe |
memory/2324-314-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1356-316-0x0000000002B70000-0x0000000002BB6000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | b25731b2df99798862b638df9d56156b |
| SHA1 | 047fdaddca9037a2d0081bdec9a3714305ec97d1 |
| SHA256 | 74be9e12d19e62266a3f642ebf6f503b4c42f9db55c1bbf39feab3d118038768 |
| SHA512 | dc15987554439991a5b0b35f3394bcbebde2ce53c22eece1824b625b0ec78bcd5df7e396531de1f1fcfbe5dfaf75424721585bfdafbae5fa69978083252cad65 |
\Windows\system\spoolsv.exe
| MD5 | 35b62fe6e4fa145bf5c3975dd7bab7f7 |
| SHA1 | ae9366831e07e30a4c846ad8025c1a1ae71cfa8e |
| SHA256 | a3df64e80ccb2c036dd4dcd1880ce457e30ddfa060cb2a7a70ff059ec8b38cb8 |
| SHA512 | 5bdb658869278f8d3ffc6462ad4d406afeccb17178f458b6caf954fc56b59d4f6a29c3a7788dda94c044c9845e914f2b54369716979525e328b4af8ef196e1d5 |
C:\Windows\system\spoolsv.exe
| MD5 | fe8538f851817f9214e3ccc2cd43ed7d |
| SHA1 | d921f600ee8af3299a4477e1e4b0b77420b9b902 |
| SHA256 | ad66a8cc4cc7908049dda37661e62eabdd5c8aa8f64333b5a3676cc37ea59676 |
| SHA512 | 0ef5a90ccff81783a6ccfc433a46a1d413813f5a25dc839a0971cef1f4f2f0b7adf03b4df6d4aceaf0a90f0711c0a760df29ead20ea76b8223d044c65ae04368 |
memory/1356-347-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1432-349-0x0000000000400000-0x0000000000446000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 78cec625bf6bab187e7234f775ddca98 |
| SHA1 | bbe867cef47008590d4711591cf5a3eedfd61940 |
| SHA256 | de3cf5c8d60533e09bf17c227f61e8cd98b0367a19196a838984761222afbaf5 |
| SHA512 | d6df53fee15d59ebeef30c4c1082a69db2c810d21992f642edb64fef5afbdcccf39dbe99df5cbccdc626f11ef43e5d437c919b53c74adcf7ebed19e59e7438eb |
memory/2660-361-0x0000000000220000-0x0000000000221000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 52968053b498baf5a00ad158d6b29a0b |
| SHA1 | 5086424034ce37c09cd3834ad7367f58fcd7782e |
| SHA256 | 4b2f63711e1a927d567859c39d80808c60ca473a3763ff344c97c8b179b5e060 |
| SHA512 | dfbd94f46773065af22009320d5ab5b34b599cd58e98657c7d3cafa87981da67664db1559366d9b2844b1ba67dadb52f3889466701671826d8cbc4c2558d9771 |
memory/1432-363-0x0000000000540000-0x0000000000586000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | 45d0d372ae0c1e980285a937333142f8 |
| SHA1 | 4304e1c40f36d7be514ce39b6e79f24c32e5ef2a |
| SHA256 | 478e019ae3ae3113770f60d3ff3af91c83d92bb1598d9044bbecc16cebc5d212 |
| SHA512 | 0bff6d5b62612fcf81e6379c3ca14ea4f460d4e4a705c4a6e789715e4270239e2fae45af74febfb7cef19e550f3d6dec8f7dd9c240fc6a2e6f6dde3b5a8e40a3 |
C:\Windows\system\spoolsv.exe
| MD5 | 8f545c49936fff8d3cb9150e5ff0387c |
| SHA1 | d1ee9bda31d940bdb7bc347bfe1a51a276e41d18 |
| SHA256 | 30e71427d46dcfbd994ebf373eb2ba6d6e5c0dcd79a745d1e346c35369ad3482 |
| SHA512 | 0b216bfdc31d50540e4d03db28928595aaebeafe82cf85c57a678167b723f40811e8b28d07d683b2fe77c1ec1a5d0f62ac93a28a12748ffb42097edb4d94036a |
memory/1356-405-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1744-408-0x0000000000400000-0x0000000000446000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 5209d93a7bea69bb9ffe40756be2469f |
| SHA1 | 6f98e244895bde957623776a17d0412b8edc0c6f |
| SHA256 | a9bc16093c2cc67ef40d69145b089e4bbd85f90b4a89f9ed07da5ddfb8555c90 |
| SHA512 | 88c1b5123766b8aa0f424325f19552564eb4e37181213a6d1eb79d1e54ec7b5e82f3bee371193bbb28cfe52be54aa615632084447f035a3a4a51636eee8d620b |
\Windows\system\spoolsv.exe
| MD5 | 7c2888502f68e88316216b63fb02ac83 |
| SHA1 | 8d8be8982e9d530efdd2e9583092e02bca44cbcc |
| SHA256 | fa83fe4dc454a78d90bf1bbc2f6aa2ee518ab17725499e39aad9134a762a1b42 |
| SHA512 | 198367f5ffa4f08754c6bd80390b580aa4472578fbfa6c42858616a95c1370cc8203c5bcc2664bbd7a687e803dae85b190ce363a470447f28155468ffee0652d |
\Windows\system\spoolsv.exe
| MD5 | 59195eb704fd8b7d558d49163813492a |
| SHA1 | a150ddc4a60947274ff9808820b13ee953f00a0f |
| SHA256 | 4104d3ea855c9ad57e529aca3729114f4d013c77a1a12b2e16f2cc89536f4354 |
| SHA512 | b236a00a87df5c6ecd1e56f7e56cea06876a69f2aaf06734cc4de564c94e180ee07c3bb0c9648aa8d627e39f1a092a467822b4612ade4995f92b68e17f22c0a0 |
memory/1708-425-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | 4c2073cb5b2db5384a2edbd3c05cf3bb |
| SHA1 | 94066a64a4c49cfd53b69e9c916fdcb74ed3bb07 |
| SHA256 | 2f06343c5e1279b6fff051d75400eaac463203c047c6e99730f4d7ba757f1762 |
| SHA512 | 884785403e90e2c145d35d60fb47e49f3c161c53d934c49f2c5e9065d230e18bb877f60a87ee1b5317b268bc95815cf05bc230855237bed568214332cebf4851 |
C:\Windows\system\spoolsv.exe
| MD5 | 1ec7a685caf8957c41d5b863178661d7 |
| SHA1 | add24d854865195387fb1ae4a79e7ce5b0535e27 |
| SHA256 | b4fb3710ff67b6f28acc7480d9d432b97677544466f3d13360ef5616e65d7cef |
| SHA512 | 8247e3b812459d2ed8abdf82c05ffa18821d22eb1c6d7ed73d8d98a620024b45e53033014d099ebd511d66e833c3d83223601f183c4442fa4322bed7c66bab95 |
memory/1752-462-0x0000000000400000-0x0000000000446000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 685c4ae9808913b8fc564a30d0603098 |
| SHA1 | 54b034f334e46eaf44798891da746510cfe0e136 |
| SHA256 | a4122bced20f32a7d8bdd3c2f962201d1bd6ede6feff9c9ecdac63777cc76b5a |
| SHA512 | 001ddd291167240cb149efcdf993fe6cfb84304f22c0b225574a31faf19293259d893820bd57506b98fece66b5b6ebcd94356ce48a761460bbce9732e2d3568f |
\Windows\system\spoolsv.exe
| MD5 | 55b9910ec40c4e30657c703d277c82ba |
| SHA1 | df464013d8d49a60ee03993d104ea24429e7f1e6 |
| SHA256 | 9f7cf4eb43c6832b9a7ceae6384b082eaba19bad93e1acf0dc7f3930950bbe88 |
| SHA512 | ccd35efe0fe59d253cf3360b9680ac2e983d795f38ca6e284997416c79080e58ddadf2e8debe7cebf1b7672573d29d9758123f9c0f6f4cb4cb4344b6b5e87313 |
\Windows\system\spoolsv.exe
| MD5 | b358ae84fe83a3c23081e908fdef0ce9 |
| SHA1 | b952bbcbecc86c33ab45f8620b7d9c10ab3f7ec0 |
| SHA256 | 35fcedb24e1648ff53da3e76a7d03cc01cdf91724fbe20300de62f9e3692cf99 |
| SHA512 | 132582b220c2bf17d65e0a145028450d4c4b328465ed0306c4fa7421a3038b56b151b154a5b7993c8b7b73cca4abe683d466b66360419392f98b1356c1d32566 |
memory/1716-475-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1752-480-0x00000000003B0000-0x00000000003F6000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | 23825000c3207a0c8ab43cb999a6d2e9 |
| SHA1 | fd4834e88052f7362076362d865fb3f5a41bba09 |
| SHA256 | 6790db02a4cd15b73f9efeaaafef1cf8b8e298fb88390e4423294a3586ed743f |
| SHA512 | 4bf78fadc6b4a5e3f80dc1935abbbd540cc488a1beaaf2ddea9214c24fa07f3eaf2bfe07c6760b7cb314f1820b083b523c556b7b77af0e8c33646414d333695b |
C:\Windows\system\spoolsv.exe
| MD5 | c4d3212fac72d954fc01752e156440bc |
| SHA1 | 388453e20a76cd61434ead2ad4b14dbef60f8a12 |
| SHA256 | 39cdbc79f341c72a04b2c317df0c530ab127b9ae1f205044282b893493d9e045 |
| SHA512 | dd9d87b1f081be07f7d8d0c702a872f06b80e7ff37c70003a817bdb456cad806e080efdd23453d96d2c89ef0f6ad57d0adc7eaa9460e85e8dbb364a7fadf0db5 |
\Windows\system\spoolsv.exe
| MD5 | 53ec4a0862a16190aa8836648b89a61b |
| SHA1 | f8bf624388e7642f68da7985d10e4f6eef3bc781 |
| SHA256 | f54879ba69fc28b0c22d55755bc67daa7f9eca1a7c23c57b7d75ed141612bf2e |
| SHA512 | d60eac5b8801c446edbda96ccfebb7217f8b6c17af1d028aeb2d2efc408d7f585e237e248a45084946554369ffd6cc71aad7dd873d49c2fda6a57f7d0a1c6c6d |
\Windows\system\spoolsv.exe
| MD5 | 187ea92a530d0f242f88bfa9d0d858c5 |
| SHA1 | abefef1f81279bdbf2985df8d0c9f341adda640b |
| SHA256 | 415c154aa31da595106c1ffd32aa0215c2c36e8fd5a5a5fc3e636c346d7bcc30 |
| SHA512 | 91af8b865408794321c6c96d854245e5d5e945da0b63ae40983dc9671192ae98985ea170f12c651ebe4d4fce6107259d06812d14d721c1c36bcb7ffd85830d3e |
memory/1356-523-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/2388-524-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1356-536-0x0000000002B70000-0x0000000002BB6000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 1a025d3e3db0b2efa77885d52bfb8b15 |
| SHA1 | faffd2d07a1bc7fdd82806af631b54d8582bdf01 |
| SHA256 | 53da34a063406ece5c5e5c8bccae6d9d23a407f180b50116a45c97a056563732 |
| SHA512 | e784410cbae40aa0ab3585cd734232436143717e9d581395572489dd9583561a254cda3d155eb69096b7a7abe310f174b9e3fe388d5f93414550493d7d90560f |
memory/2380-537-0x00000000001B0000-0x00000000001B1000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | 057db98cf909bc14c4fa812781557348 |
| SHA1 | c0b77d2209afe54efddd9edb2cb8e8efcb1b6bcf |
| SHA256 | ead8534aad895aad5ab439d39339681403a9a76d34640d8f4e11ab6d7b4cb7b1 |
| SHA512 | de4cb12cd3164db2b3b6ff3a855043150f5a4fdbb37e788d67a69096e6aa787c769e3cb1245b30d1aed45647cefbddfc3d8cc1de27abf34164a6bc37bdbc19fc |
memory/1356-577-0x0000000002B70000-0x0000000002BB6000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | cb2a78a14d3d94c17b3f9a8306819906 |
| SHA1 | f3cd7ec3048a76fe8c2489699c901c3e95d0666e |
| SHA256 | f1d4999c0b4d8a24da7b4f63299fac048efa9eb302a6ca98c4ff527877eae16e |
| SHA512 | ee6b271400de4074c2c6f3362462c0ccecc4293d2244710bed5f652b6bf459dff15472f88a777d7bd05c7ffd18dc6091d60c0ae3552f1642328f0ebaa40e4bc5 |
\Windows\system\spoolsv.exe
| MD5 | 1e4d8d8fedd87b6474bf4a9c0f19130e |
| SHA1 | b3ad1a7e9cf4bf344fdcf8781bf50565801cf324 |
| SHA256 | a52b7824fcdf838d2d1e95b49d7639a89b28f824940c0c389db4d257a9b1a490 |
| SHA512 | 8334f3df21a91b4b3036ca155130e0cd83f12b935d7b495a52dec69ecf55a5e3ed23aefd99fbd5acc947da38ac4e32ab6c11574ad9fae3ab353fa81d5d2b4ee2 |
\Windows\system\spoolsv.exe
| MD5 | 5b53da7e4c258245801e4bdcf1cfc350 |
| SHA1 | df7c2c032e54340b3b9dbbd2f5286c224a2d75fc |
| SHA256 | 086789aa53a2bffae7977aae51d912724cc95a698e42d2c73ac61b22e30faba3 |
| SHA512 | fe68710c3ad411359c9b3c66cbce9a691e84664030e5cacc4b3bf391657e230fd894a57f0c2d36d516f0d85f75a6d5a3b7c6623e5cc9925e563623bbf82b0049 |
memory/2748-581-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2020-580-0x0000000000400000-0x0000000001990000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 2bd81f8ec10438c465af48a55f7dcb5b |
| SHA1 | a0f9aea762966ee0addf8a37f9bbb484b13eed1f |
| SHA256 | 03e7054dd4ec7cb0a2cb53fecf561c886d0ce8907e057786e840372eec93afc5 |
| SHA512 | 34d47ef73b7b6d691ab776a94adf957bee93e4d39f91c8ebeff6d634ae38584967188aaa27d699decd17a1addf5872d10b0d248cdd2b11cd266ed75881e1e5ea |
C:\Windows\system\spoolsv.exe
| MD5 | d1cce2213e9abca81cb5616554d89fd6 |
| SHA1 | 681009b0f80a024749979ecb38c79e9036503b2f |
| SHA256 | 37ddafa420809fd7d748d13c1c1edc1a73e7dd6d0d239c19918fab3a9ce9bcdd |
| SHA512 | 1b215a6143b245ae070564bd04b9ff7bf5b86ea8c09554cb0f695f7f97d5e9eb20a9b5ecb8f28f453de13778f41e40d27fb0283b055d5f80682379bd8a239c9d |
\Windows\system\spoolsv.exe
| MD5 | ae852c3969b5057ed5f122c09b05c935 |
| SHA1 | 5e2c6d06cecc2af076ce37f577f3e9b42a845cb5 |
| SHA256 | 559ccfc5c0874879942a052103d925138d3a8a24997804654c0af3f59dd77e97 |
| SHA512 | c63dce914816213d1221db593e3b9ca037e2eec7cdaae7916bff0aad8e992d34325a293eab725f55e53e217ba84bbcce41c46bd9f15fee9ad19d3380a8c9be58 |
C:\Windows\system\spoolsv.exe
| MD5 | 4d7c27101f7001ec857444544b3b47e5 |
| SHA1 | 70f11834ce9c401a40158f6afdf5f4f5ff06b12b |
| SHA256 | 6df27f181633fffbe355c53214f7adc49f6da976908f2011e316c63290dd0fa2 |
| SHA512 | 46e2b754de79daf6c94a0dee4dd8dbf840f4c4de5a6c5f507efce6db76bc3d4026633733b05f4716bdba570563cb7f63700a3510a448a00398de6d3c84b16424 |
memory/2756-617-0x0000000000400000-0x0000000001990000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | c3205bd8833d875e9c7ad81e5a483061 |
| SHA1 | 836f8eae2805966574fc76b61f78c9b7ed20d1d8 |
| SHA256 | 41530644e994892a6a47cd5d7bc3142c41e9ccbe080d590e6eafbc631e95e185 |
| SHA512 | ffba48d96743c036b4dd87f9102f8966aafaaa7da28ceeb49149153efbd397b293008081ea038151043045f00e79408558068051e2a63ccf9defb524eb2b9953 |
memory/1356-625-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/2636-626-0x0000000000400000-0x0000000000446000-memory.dmp
\Windows\system\spoolsv.exe
| MD5 | 6d736264e30b8d3f206e9e2d646f991a |
| SHA1 | 1f37968d9f2b9e094a51535541add23663c7f36e |
| SHA256 | 8e2953c5add6eb2694c56c15bed6d5c67d9a9c0acc00c3b64875bdc67cf3170d |
| SHA512 | 1297944ef9d9109e97e729c33c3e63e79cd0bd734cedc6bda2bb34ad55e072e257f8edeaf37c0dafe8877c6111e63a6d55ccc393446b6156fea9cffe3143b4ed |
memory/2756-645-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Windows\system\spoolsv.exe
| MD5 | c1cbf8ce331be9ef1b34e788033d0cef |
| SHA1 | c9e53048b3dc59a4d578c9b1fa1368121f97f679 |
| SHA256 | 8eb73a22655059a8cc440787e75b6193ef51724db63258d378074477af8f2c34 |
| SHA512 | 7255d24dc45526ea1414b20e49752ba334308da01be908f215951e47934b9df31fa6c9f1d6122e3c2eeedf12ec452608cd436ddbffe14bf907413283076d9b04 |
memory/2796-678-0x0000000000400000-0x0000000000628000-memory.dmp
memory/1356-680-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1356-682-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1892-683-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2796-687-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1356-698-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/1356-700-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/2796-705-0x0000000000220000-0x0000000000221000-memory.dmp
memory/1356-729-0x0000000002B70000-0x0000000002BB6000-memory.dmp
memory/2564-730-0x0000000000400000-0x0000000000446000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-14 13:33
Reported
2024-02-14 13:36
Platform
win10v2004-20231222-en
Max time kernel
111s
Max time network
146s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe" | \??\c:\windows\system\explorer.exe | N/A |
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | \??\c:\windows\system\explorer.exe | N/A |
WarzoneRat, AveMaria
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} | \??\c:\windows\system\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR" | \??\c:\windows\system\explorer.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | \??\c:\windows\system\spoolsv.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO" | \??\c:\windows\system\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe" | \??\c:\windows\system\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO" | \??\c:\windows\system\explorer.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\system\explorer.exe | \??\c:\windows\system\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\explorer.exe | C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\explorer.exe | \??\c:\windows\system\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\system\spoolsv.exe | \??\c:\windows\system\spoolsv.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | \??\c:\windows\system\spoolsv.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | \??\c:\windows\system\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | \??\c:\windows\system\spoolsv.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | \??\c:\windows\system\explorer.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
"C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Users\Admin\AppData\Local\Temp\9bcee627a1e4caf0ce3fd76712c3a3d6.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\explorer.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4360 -ip 4360
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 504
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3316 -ip 3316
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 580
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\diskperf.exe
"C:\Windows\SysWOW64\diskperf.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\explorer.exe
c:\windows\system\explorer.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1552 -ip 1552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2524 -ip 2524
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 568
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\system32\dwm.exe
"dwm.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\system32\dwm.exe
"dwm.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe
C:\Windows\system32\dwm.exe
"dwm.exe"
\??\c:\windows\system\spoolsv.exe
c:\windows\system\spoolsv.exe SE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "c:\windows\system\spoolsv.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
memory/3820-0-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2996-2-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3820-4-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2996-3-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2996-5-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2996-6-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2996-7-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2996-8-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2996-9-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2996-10-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2996-11-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2996-12-0x00000000071D0000-0x00000000071D1000-memory.dmp
memory/2996-13-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2996-15-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2996-16-0x00000000071D0000-0x00000000071D1000-memory.dmp
memory/4088-19-0x0000000000400000-0x000000000043E000-memory.dmp
memory/4088-24-0x0000000000400000-0x000000000043E000-memory.dmp
memory/4580-23-0x0000000000400000-0x0000000000412000-memory.dmp
memory/4580-28-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2996-27-0x0000000000400000-0x0000000001400000-memory.dmp
memory/4580-31-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2996-30-0x0000000000400000-0x0000000001990000-memory.dmp
C:\Windows\System\explorer.exe
| MD5 | ec6adb808006fb0660bd42bf08a3194a |
| SHA1 | a3360feaeca9e9f32a008d70064c5dcb30de1fe7 |
| SHA256 | 3b82fbfa51ec7bbf79c652b92297d47398d359926b7b4fbf9a2bf1769ab022f8 |
| SHA512 | 1c555d10896eccbd2f8cdd3995a7b4f2bd9cdbbd390f0d68a3316ca3fa153f6060c30f07dbad6930778a9e1206fbb815b127d6f3533e8650bde7dc7727a975fd |
C:\Windows\System\explorer.exe
| MD5 | f7f5a7b850635e960778269eceae36ed |
| SHA1 | 588d3d9533630d643dc5f6be1c6df1db8a2ea1ab |
| SHA256 | 70f7d6cabf05dd521f8eb90f21197693fc321cf4c7f0949653610fa2028fb693 |
| SHA512 | 4f2859c60c5e9f94cd6a45d9d723f04f11f3049e3f7a761a362f32d2a966da3d628db42afe488230023a7d7211490dcce1fe65c04f1a114e51669656bbc77851 |
\??\c:\windows\system\explorer.exe
| MD5 | fc02368cd4b760076bff254a0f579e45 |
| SHA1 | 1844b96a117644cfbe52b692183bf077fa2ad4c4 |
| SHA256 | 03d72368e74c42dc851cf9458702f5fa41b6cc92fb51f2a0445c59f460d144c7 |
| SHA512 | 69daea7bec375b8a6e4556ba19e518edf907f640c08bb1f2b0ed41d99785cfca4b691b7fdd473f76c314061ff73caf4ed0ec71e8ae48a879500357cfc81937dd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
| MD5 | 8445bfa5a278e2f068300c604a78394b |
| SHA1 | 9fb4eef5ec2606bd151f77fdaa219853d4aa0c65 |
| SHA256 | 5ddf324661da70998e89da7469c0eea327faae9216b9abc15c66fe95deec379c |
| SHA512 | 8ad7d18392a15cabbfd4d30b2e8a2aad899d35aba099b5be1f6852ca39f58541fb318972299c5728a30fd311db011578c3aaf881fa8b8b42067d2a1e11c50822 |
C:\Windows\System\explorer.exe
| MD5 | 2106728edf3b5ffade51a96645878ea7 |
| SHA1 | dc0e5dc3f5e6b57eeee28515f68d84daee8743c6 |
| SHA256 | fcf4b713ea2e0a604864c187a993a75daa3a2c805ef3f9065e34bd75ab3b8d0b |
| SHA512 | 7c9a89e7f776e6b7d89fa5cd7299d5c421f2ce59bea96eeaf065aa2dd5c55cfe17f3e008103b7e07c2dcae343a6fc45f5710a2b1f3b8d21c96b6dfc858793473 |
memory/1784-45-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3788-46-0x0000000000400000-0x0000000000628000-memory.dmp
memory/3788-44-0x0000000000400000-0x0000000000628000-memory.dmp
memory/4088-47-0x0000000000400000-0x000000000043E000-memory.dmp
memory/3788-48-0x0000000000400000-0x0000000000628000-memory.dmp
memory/3788-43-0x0000000000400000-0x0000000000628000-memory.dmp
memory/3788-51-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3788-52-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3788-50-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3788-53-0x0000000000400000-0x0000000000628000-memory.dmp
memory/3788-54-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3788-55-0x0000000007230000-0x0000000007231000-memory.dmp
memory/3788-56-0x0000000000400000-0x0000000000628000-memory.dmp
memory/3788-58-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3788-59-0x0000000007230000-0x0000000007231000-memory.dmp
C:\Users\Admin\AppData\Local\Chrome\StikyNot.exe
| MD5 | bd5b19fd647476355dea52a80d2a5bb0 |
| SHA1 | 20c07c1c0aa2aa7e1367c7cb16933ab84e04bc73 |
| SHA256 | d7a5c7b01455f23c2135d46e490e54c595c67628ea62213daac901ff7facff5e |
| SHA512 | d147aeffdbca62635985992aff12744a129c116c562ca3fb0c4ae88e5cb7f01e64d60d3cb9319daa00fd85345f47e20a3a187775b144e41d56ec30ff518e71a4 |
memory/528-68-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Disk.sys
| MD5 | eaee85b7341d03d64f6df65fe77a15ac |
| SHA1 | 4670c6caf4a06f1208d48edbaac918054efab64b |
| SHA256 | 91336082c6ff98cc83ecddb09a7e27dfac94f0e514dd14c443d6d2c064b4e320 |
| SHA512 | c824a0e079aac52d0950210612258306537eda42c9ac777fff0f930d01c8b28e0fde7e4a446db7909503ad3fcfd557211bf4f330acbf1eb211d4c6ffb80190ca |
C:\Windows\System\explorer.exe
| MD5 | dd0efae47513c446142946f549e3f889 |
| SHA1 | 24f0542127e55a42d12b87555c69ebd12379bd98 |
| SHA256 | 646f52ffb733d2f0aa36eb6d302e904d3ed6e9071f45d6764d9e54ab0ef2aead |
| SHA512 | df5f78a308e9dc01c790ea9770e9692ff214ddb9d92efc2f38f28c2584d2936d4e76f2f489f5f900bca86f39cb99066e1cb33d05b41f97883a1c8ef2d5ff5329 |
memory/3788-74-0x0000000000400000-0x0000000001400000-memory.dmp
memory/868-79-0x0000000000400000-0x0000000000412000-memory.dmp
memory/3788-77-0x0000000000400000-0x0000000000628000-memory.dmp
\??\c:\windows\system\spoolsv.exe
| MD5 | f0d17369e60714d71d8b4990e4e3dcc6 |
| SHA1 | cb7850ad40f43b770a9778b4cad1f2b86ae407f8 |
| SHA256 | 5eeb9e15ee28bdc99dcb9dcc8b44257d9e1cab3bd5cae05c246b1791d84af8ea |
| SHA512 | c486ffe8ab832f92276e1c5360ef0141cc3865348f22e9f3ee6ef6be76dbcc97187fc9d390536f0b02cf4a7501e7c1ace67f8e9ab72eba7338801ef7cf39b223 |
C:\Windows\System\spoolsv.exe
| MD5 | f17f06712f31ceb6377c4edadfb88dc3 |
| SHA1 | 10a507e21e428514a8b595e17a138ad0a5949fe1 |
| SHA256 | f1c2401692200dbb2f4d52f0a8814ebeddc9ec2cd4e04e29973e9d8f7ceaebad |
| SHA512 | 72e73e8ff9e7f9f3b930606b926655add2dd4c9e3568b0626b4209cf88fe97728251139daa429b756b92ce5cdedb46dec1a41873e6d2a35fa8b57ebe00b91dfa |
memory/2748-85-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | e3deb109c419189a759b3240fa723e94 |
| SHA1 | 8402667484d7a517ebfb571a36b7a9b6732a961e |
| SHA256 | 4eee9c710137abc067b02148ce310861479f2d4133884c0e0a3f2a42883e491b |
| SHA512 | e0fda3225d88f16c1106e6ec167f647e16a5109eaa46d379f02fe3fd4eb9741b05ce5b33d3dbeb581da834d26f15c557e1124bb09ca07fab1e2fa3f66761d1d1 |
memory/2748-91-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3080-93-0x0000000000400000-0x0000000000628000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 67a965e20c4f6f7875a0bd59cef3f072 |
| SHA1 | 63b5531a8bd5c1c657ebc391f673cf8d2d2d3002 |
| SHA256 | ee97b476510eee782287725e0aefff7a14d21d75b51beddabecd06c70caf3bfe |
| SHA512 | 4755214fabe424f54f8bd82dda9840f3cf0cc2109feaf58f21265aad452ebaebfc4ae5d51c0c3e0c1cff714af9faaecd338e40ff7eeda2cfd03901866ce9227c |
memory/3080-95-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3080-96-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3080-97-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3080-99-0x0000000000400000-0x0000000000628000-memory.dmp
memory/4400-98-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
| MD5 | 13222a4bb413aaa8b92aa5b4f81d2760 |
| SHA1 | 268a48f2fe84ed49bbdc1873a8009db8c7cba66a |
| SHA256 | d170ac99460f9c1fb30717345b1003f8eb9189c26857ca26d3431590e6f0e23d |
| SHA512 | eee47ead9bef041b510ee5e40ebe8a51abd41d8c1fe5de68191f2b996feaa6cc0b8c16ed26d644fbf1d7e4f40920d7a6db954e19f2236d9e4e3f3f984f21b140 |
memory/3080-100-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3080-103-0x0000000007150000-0x0000000007151000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 2dda9be27a9c18d3f5b674099b811bd3 |
| SHA1 | ef96177c49a830120f76fee77aa5315bab5814fb |
| SHA256 | 0a432f2bf8e1277fc7a3b2136fa515e885c9afea76af04a0f86ac32213482809 |
| SHA512 | 429858db5e5b0b8681080b49c3bc5baf8b17f599597be5fbabd33c8e60b1c6ed73f7eabae27915ca58c100f248a39f521db47168ae4f23c302fa5385fa911131 |
memory/5012-109-0x0000000000400000-0x0000000000628000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 71103e754e8f6a51e030d97ffd9711ed |
| SHA1 | 2e2535601f88baa120adadc2a150c521f80ff2f9 |
| SHA256 | f7d33a87dd500616d1412460b86ed54dbe08dc6879ac0e08d8664f2d3680442a |
| SHA512 | ef0b3d408b6087cbce87465620aada96f818ac72df63d20dd152ac7a8801781af525b9805d5f52dc84a7ef2e0fefa7fe0f390e261d1acda42ab468b5083878a1 |
memory/5012-110-0x0000000000400000-0x0000000001400000-memory.dmp
memory/5012-112-0x0000000000400000-0x0000000001400000-memory.dmp
memory/5012-113-0x0000000000400000-0x0000000000628000-memory.dmp
memory/5012-115-0x0000000000400000-0x0000000001400000-memory.dmp
memory/5012-114-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2912-122-0x0000000000400000-0x0000000000446000-memory.dmp
memory/5012-119-0x0000000007310000-0x0000000007311000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 39e3a576359583419ca289eff51b6dd1 |
| SHA1 | d6a2bd290e2749464def747bc160a286b3cca088 |
| SHA256 | d66e8c5c3dbedac22322b601ad46e515dab16d6c144fe41d8986d030de024bba |
| SHA512 | 82eef930c75cff9a8bc47c44a7e2ee430b006a1ed738153db2af5aebbda5a7f835fe16ec9a9605070011f84718a1cced767014d18000ea38a1289ffce89155f5 |
memory/1904-125-0x0000000000400000-0x0000000001990000-memory.dmp
memory/1904-126-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1904-127-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1904-128-0x0000000000400000-0x0000000001400000-memory.dmp
memory/4520-135-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | d64579985be59941da25529f147aab92 |
| SHA1 | 47d17d23ee66de97c5ca876ae4cf11059f22e07a |
| SHA256 | a5af8e8c59c1ccaf9c261c755ba4c896d70fb982275fa3754fcfdb26f024cd3b |
| SHA512 | ce3e40096ade4afa69d4e19f9bc2105e1f9bb2e05d83d783620092440c4e0dfdc22781a76df2c47798758693871babaf3e46784ecfb9df4ffdc5a8ce03fd252f |
memory/528-132-0x0000000000400000-0x000000000043E000-memory.dmp
memory/1904-137-0x0000000007110000-0x0000000007111000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 63a3a954864aca34f057c15c02be6590 |
| SHA1 | cf3ede97211de5a9a72bc81639fcf0eeda600bc7 |
| SHA256 | 2d535fd771f6d837d4f98c4230884e25723c7b592c5c63bd76510c16d59efa04 |
| SHA512 | e295181e438faf76fed0fbf482b563ca95e9579404a6abfe97089a62a9ad270edd68058a7b7ac578c3bd156bde01564acbab0f9282e30275177a3f2b443c36af |
memory/3084-141-0x0000000000400000-0x0000000001990000-memory.dmp
memory/800-143-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3084-145-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | b0e1590486c4453ce8ac30a70d612d62 |
| SHA1 | c7e2722d8688c72d50e4fcada31cc502639a15e1 |
| SHA256 | a050f5a6e047c09e323bfc084947573e3887ed46e6d91adb51cd05cb90438b03 |
| SHA512 | 60d3316064e8a4f89650a9a62fb98aa4b2e79626f29c65fb199ab1424ddd4a347fbe24aeb1a584d10249228b70ba648fd8fa4707bba1446d9e64cb27bb3c944c |
memory/3084-151-0x0000000008C50000-0x0000000008C51000-memory.dmp
memory/3080-153-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 113183def317d6bebc3e747da8642b3f |
| SHA1 | 7fcfb6215e2a4e5c1f5d30237237df873e22e033 |
| SHA256 | 57719d6e40152a7042b8b7896ce8f821ebe01198ec01f19572d575eaad8e28d5 |
| SHA512 | 1013f3095f6e1434253f49aaf17de41e892e79d6d610e6bfdfd44037559fefe1cbbb3698dd29b77c24f9ba07e8ea859bfd6035a7d2bcb64edbdd849f5e7431b2 |
memory/4464-155-0x0000000000400000-0x0000000001990000-memory.dmp
memory/2028-158-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4464-163-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | dc815de4b487814c1b0bb56bf277b796 |
| SHA1 | 5bbf793a954aeecbea08bf8ddbe536433ab1f73a |
| SHA256 | 5c0a14b2f818f0b3e620fdda4e165bb6abb9252172190c64a89a86c58d09592d |
| SHA512 | b87e2f5243e0105cae92be92ff3cae89d76e1f1dd79e36f793e38a5cd00423c7c66ad3e89f3dc1052aa128068d53ff8bbde5cec872802c680c0d310bcebd9742 |
memory/4464-168-0x0000000007030000-0x0000000007031000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 9dcbcf11e81986399dd071284b517ad0 |
| SHA1 | f7b87968f329b71f24704e33e0a622c34153e359 |
| SHA256 | 5d0843a451c07ff70dec99dabfb374689497fb25c4dadb5d45143f48343b3875 |
| SHA512 | dabfd46670b670e3dbc2270ec016d16657000429b2c92fc3338e6fe2c6c5078a2b814e3aa7f29cc3242729e5352593da4d3dc8a07f682508519e580375da2241 |
memory/5012-176-0x0000000000400000-0x0000000001400000-memory.dmp
memory/4004-177-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | ce2f5b26ab560439558b299bd55d6d5c |
| SHA1 | 45ea0ec3e40402007fd92265707cd6aa76ce16eb |
| SHA256 | 5291e7f781394f161aa24313986d5df85a0154439ae324347b6fe55ca5430b29 |
| SHA512 | 992a8ddf55644f1e3c004ec0d2d707165c5685b3ae569eaf510991315d7f6366a1cce5ee9dad7144111c0b06ad0169534271a34189f97520452b832640a4fa8a |
memory/672-182-0x0000000007070000-0x0000000007071000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | d56c4265b79ac55551d9be733e758e75 |
| SHA1 | 3ee6dcc2322deb1ad10cfe885b917aafab5469b0 |
| SHA256 | 9a71c6608cf4af2f9c1267803744b9d998dcffc14a77001e565648a3302f718e |
| SHA512 | 064e8d8bf2d31a3284b08283c0a19f207cbfcb09f2789c80b98b293452c367855f02aa3b56918e97709a3576cbc579e8bc6cebaabe5b238aee17c77491ce4925 |
memory/1904-185-0x0000000000400000-0x0000000001400000-memory.dmp
memory/4540-188-0x0000000000400000-0x0000000001990000-memory.dmp
memory/3468-190-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 9047901f6be1841c6be69b587f9a9bef |
| SHA1 | 225663bfbb66f7d3bf47aacd3aeaf8d36419d4bc |
| SHA256 | 463bb774f64935229fd7657449f2dc4e2f50899a4497edf1b5cbae31b1fe016f |
| SHA512 | 7978402b9265ec861fe73df7d31cb7a7b8c6c2287e7661a28dfb036e22f283ae101bde13a4a4dcf975634ac76b4753fdbd474607d966ad380b05be87b696a20b |
memory/4540-196-0x0000000007080000-0x0000000007081000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3084-198-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3760-203-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4464-208-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 110d1852eca5e01976a6af67391b6505 |
| SHA1 | d5949f7c4bcfb8302df8c641744e4de8ceeeedd2 |
| SHA256 | 48f208df1cad1a92fb45975af94cc21abe3b7f5a933d94f9cbf05d39e4565900 |
| SHA512 | 7477b7e28533181ca693b43e43e79705f39c0b546a8a448eed457d6690a15e72b1f451f0a8ec1a104d3665e0b5eebe20a41e215c6069670ceb87174f1b638d1d |
C:\Windows\System\spoolsv.exe
| MD5 | 679ed6a4fc978b0a367ff37c9255c658 |
| SHA1 | dafceeab1f436049df898cb331c55ce758dc73f3 |
| SHA256 | a5e4fff1944b643b8b2a6709a36099df97381498e23636e974d63dbb3486f28c |
| SHA512 | c403dd519e866ebcd6c3ff952b22eaa8bb7fe9b215e3221c0bca514ef1cdee9cc4809a3483113c9fce8e0eac5eb22da29ea439e2b794e6ce69abbb573ea0b2c1 |
memory/2500-211-0x00000000072A0000-0x00000000072A1000-memory.dmp
memory/4300-215-0x0000000000400000-0x0000000000446000-memory.dmp
memory/672-222-0x0000000000400000-0x0000000001400000-memory.dmp
memory/4060-225-0x00000000071A0000-0x00000000071A1000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 1dfb8c9373e65d8f3885359015c7cf54 |
| SHA1 | 3554302584f899733f6f99f27ac15fb51dfd7183 |
| SHA256 | 57102bcbbd53a489c697f3429cc4036160398e857001128d570e13cb0f21f593 |
| SHA512 | 98ccc28bc6cbcb96121a61b14927d10a33d4f5b29a19bd950087bf8752505732d744769cd7b3f3ab85c5d6564342069071564692f9d222618fe81804af8214b8 |
memory/3568-233-0x0000000000400000-0x0000000000446000-memory.dmp
memory/452-236-0x0000000000400000-0x0000000001400000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 3f3aa9b577c080c4b6ad1ddfc7b74e8b |
| SHA1 | a3ec913d60fe1acf12fe2fb111fb8d89d2adedd2 |
| SHA256 | cb222f786bbe152e090ba62773c0b89570c4483ced6b0a2eb27b794d13355f85 |
| SHA512 | c845e74c72ce3727a0da910435a71a0969f6c128f73b56a309961f5fc2cb463d5acc090a65a51f463b4dda9f589b41970c15abd35726517ccd2626b77e40c09b |
memory/452-243-0x0000000007290000-0x0000000007291000-memory.dmp
memory/4540-242-0x0000000000400000-0x0000000001400000-memory.dmp
memory/3224-244-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2500-249-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1764-255-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2380-264-0x0000000000400000-0x0000000001400000-memory.dmp
memory/1764-265-0x0000000007110000-0x0000000007111000-memory.dmp
memory/2380-267-0x0000000000400000-0x0000000001990000-memory.dmp
memory/3756-269-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | ed54936ca172bfbf9ceac431749758f4 |
| SHA1 | 37295d6fd8f5a9ef06cf669ddbfac4b7461a3c7c |
| SHA256 | ba28a68a803a4b2a7501b56b74a6bb6ee34274afa5d5e4c53733d5cf129ef949 |
| SHA512 | 917d7f62f615b5add8c8506ef38f4e70890e8d226001524214166601e7409b7750b3ed0447a310c6469e81e6c146792a4766e36e75e3397ca4c296cf37f4d202 |
C:\Windows\System\spoolsv.exe
| MD5 | 86fa18f466804de9724d84a34f2d31ce |
| SHA1 | df356c7cd217a1472152f6c457e0de87810bfab9 |
| SHA256 | 03689da60498d8abcafb10c45670f3e35c7c6943e29a52736eb410ff653b284c |
| SHA512 | a962f40fa902110749f39851bd16f8d2f1a83cc98d3d9fabcaaee02d23efa3b31ea8b83d86234666b106fc0aee26ded78d42d0d5e491b1e8b5b6de73e1915ed3 |
memory/2380-276-0x0000000007250000-0x0000000007251000-memory.dmp
memory/4060-279-0x0000000000400000-0x0000000001400000-memory.dmp
memory/2340-280-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Windows\System\spoolsv.exe
| MD5 | 2e58e494c026b213e6853d4325da8d80 |
| SHA1 | 801f71379672036725993e466f713be5d8075162 |
| SHA256 | 191ffb41a39eb030570b928424a397f12aa8c6f5283e655afc827be14f861c1f |
| SHA512 | 61087a913822c375be87e2ed392a35c4063b6c753213d363c343c83c11c26608446d91b5a2dc3536d4fce070d98ed2aaa2a7c5abc3fbf06cc77433af5438255f |
C:\Windows\System\spoolsv.exe
| MD5 | 86655d237b733e457f2d800c047377e7 |
| SHA1 | b1e501d7ee4874f121b7a9eb1bf22ad9478159f0 |
| SHA256 | 988a599c295415b436806f6bdf38bc16dd947d78b749e4a60aaed45ef7ab404c |
| SHA512 | aa6a274679c9ceaa976f244479195e0fbfb002d190c3c01c295198a39299b5de6c1ae3a6aed54e51f77eec01aac781ab085e04d155edad3d6d1fb6b5feb3aaa5 |
C:\Windows\System\spoolsv.exe
| MD5 | 1244d6e88a75a3394b875278d8de8a4d |
| SHA1 | 9117282e939b9845a0fe2d06661bcc24455fcd0a |
| SHA256 | 2052525be98a2f344c42be99fd0f2ba770066586023a2d1410f24751bb916baf |
| SHA512 | 6b7793a2a2ca59c58ccbf8fba6639c1f54c3b3451b4a76c44d81e57a0898127b35663bf2ae048dd76a51cab67ecf340d2dcf021206ea622b78a1a980d085533c |
C:\Windows\System\spoolsv.exe
| MD5 | c5d72c28536baacde20b70968727e131 |
| SHA1 | fc3c4be1566cfa22720ac743566e2500f0cb5553 |
| SHA256 | b0c21af6eea9919144bc6b66b2af17e7edff6beace61c25bd57da2724d96a9e0 |
| SHA512 | 5e1fa7a82383ad3ee87e1d3f881593a92119fd26f6aaf9cfe6265f419b6acaf67b20229c10c0231fd728ff62444fcff9bd008c4c7e531b601a8fc15f29b37f76 |
C:\Windows\System\spoolsv.exe
| MD5 | 0d0a88bb5c196bfc0ed21daad31b6fcb |
| SHA1 | 1dbdd584dba079414296dd00412108829893f035 |
| SHA256 | c488fc0d364f0050d5aaa83b0e2b98a0b422d6dae57a8fc8f4c15516e7aa5436 |
| SHA512 | 8b455ab147f1917e4ae3fedc62df9388175899b058ac7113a57eb33fb7373bea1dde1e81c3f5bd0382feb75198b4b3031326d7acb2e7f7afafb501d9684e05c9 |
C:\Windows\System\spoolsv.exe
| MD5 | 274568f9e98573e73c22f68910fbf4c7 |
| SHA1 | e8d0ad885a6e7d9e10c94ec8098178db6db2c9a5 |
| SHA256 | 0ecfffa0af6bf48b3b6b1d40ca52fc43edf8bed5217b0855fc11bde771086bdb |
| SHA512 | 26ca4cc3f2ebc76de80d096e15a910fd48bf6f11a802ddc5039f898782f815cc7401464e75efe60d9274896300f927e8a51ea9971e5425ac7e18684424593f2e |
C:\Windows\System\spoolsv.exe
| MD5 | 2819a3291caf8d27b2f14d35c74df9f2 |
| SHA1 | 1c67ee5e5f5280b27e63c4c52427ab40b94f1046 |
| SHA256 | 6beafd5991720975b4834341fd8ae061257de3664b27713b58ab69543bee102e |
| SHA512 | 1b46dac0645545bf7664c7138f0570ab62929b9f4bc3a5716dd362c3854cced181fd9234e1b1622bbcde1e9971746b0f317b7eb03f56df37cf72c7af0beb41af |
C:\Windows\System\spoolsv.exe
| MD5 | bbfb6af6f900c82f18199d61a225d7af |
| SHA1 | a2df9185268702471311bf53207db23edc736ca1 |
| SHA256 | 191fbbd6f9dab025d5be3565daa597e7df855c21520f9d3aaabc3bca4f8cd500 |
| SHA512 | 93e30600a6684db26a21886d9e8ce5ff783904dfabfba7745c5203c26ac0d4b1cda7cb548852858f275c91af867f2259c83a5f56abef0d5324b5dccdeb99a878 |
C:\Windows\System\spoolsv.exe
| MD5 | c7ef59a0b18806495f37c9e6a0fefe80 |
| SHA1 | 4b7bf483e151bc378810b0df191f6604ca6f6f2b |
| SHA256 | 997f33de59707207b774a629124b71866bc66ac83333fd6a4a58ee68fc1c41c2 |
| SHA512 | 6da391a14e5666343865619b017a1e2e2741ccd97bfa0c784a82920c4a8f380b41d532b4a4a6eb01a040e04db7af3cd45a2732467b10594ff35b6ddbb560395c |
C:\Windows\System\spoolsv.exe
| MD5 | 9acfca49b330159a59ce6521cff1098a |
| SHA1 | 681f0ca0ec2b76c4ce362db6232db47dc1a09ae1 |
| SHA256 | 5eef7d637a1f7ad46222c6a1c8a28a2afe590cc4936b7cdfd3ddb7046d0ce1a4 |
| SHA512 | d7500fb301ba492ee3453211eda41c1ab7382f136fb2490ccef9c01fa2b3a606470986d43d744810fa8b50e18b4b091d42ff25f3854912d668f46bfd323a6b21 |
C:\Windows\System\spoolsv.exe
| MD5 | c1b5726190203157d840539691537197 |
| SHA1 | 49e7c485585b1e48738835360e8ced90d921d96c |
| SHA256 | c087c2c631c13da74e1ebaa5465f130cd3fa4948464ff45283b617a029aac96e |
| SHA512 | dea861e995624ab5b195a2cfbd2931114ac19c790b892e050ba1280b01944cc0427e9593049ffe1f89dd71252fa57880da20a883a5901843e32c21076fbfbced |
C:\Windows\System\spoolsv.exe
| MD5 | d8ef626f54a88d32a4d59c769fcfeca7 |
| SHA1 | 2119b7f1c3a7234d6507a8451b6102ac78f5d333 |
| SHA256 | 2d27e3badc7ee644e6e14453b05673aaaba6ed7251906e8bbbf79d4fc7adb4f0 |
| SHA512 | 3d1b7a4267708ebbc091211d3f22f754600097136a6894856760931879f93e32811644b16dff2d523fc7ac8e2e385e954ce9e7d5892554a5e7e8ca94dd3e1c4e |
C:\Windows\System\spoolsv.exe
| MD5 | 20ff1090235823ac206b87b8ac731061 |
| SHA1 | 264c054cc8dddbb00c27b4ef0d946818c0c3bbb3 |
| SHA256 | 9bce67318f3de955164578b20a81bbcef5f77b3d8dedb39ba7fd35c29694ff8b |
| SHA512 | 8b07e07b40e39e9efef3e7d42ca0f3223b1034fdb63137a0131385fff6ff5d6b62e0840c02a55b2c29d2e85b66c5abf1a278c07a1f00167c7449b47885468bc3 |
C:\Windows\System\spoolsv.exe
| MD5 | 5409186198e750e6829f723380c92f22 |
| SHA1 | 708e2a4ba1cf4c722fdbe34cf61b8378bcae4a8c |
| SHA256 | ba70e2ac454155d9e45cb59c7fb75d00c7ebcae2457c5bb61980977bbb05d440 |
| SHA512 | 02fedf7bbd43bf0168cf849aa6e76fc28b4877c8f93051a736dac3677d04b82ea476068272a7628e2cd391cca8b5fd9a55a6ffec44ea9da9751d620fbe0eda8d |
C:\Windows\System\spoolsv.exe
| MD5 | e301cca219b97af337bd64ba4a1ba905 |
| SHA1 | d90ebfd4a3926b43cfb9d77bd1aaf6522971db06 |
| SHA256 | a4f479c146803a8de17af96ce6e2261752ef5658f0fd6f363053676f57cd5fa8 |
| SHA512 | 0fd98e87c32d0579d760841c780f9774841d5cd726778747523a28e71216e3af940f6fe159ee116874b8eee36c708b78eafef8957af76584e51351ccf87083e7 |