pony | b24a39285fa9c5bb8efb507fea064c05e05ab994e6607fe55a085ccbb0619c69

Resubmissions

23-05-2024 17:52

240523-wf6fkaba5v 10

23-05-2024 17:50

240523-weypbsba2v 10

23-05-2024 17:42

240523-v99jmsah35 10

23-05-2024 17:38

240523-v778ssag66 10

Analysis

max time kernel
80s
max time network
471s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-05-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
Size

2.6MB
MD5

6bbd05b1405e17e9eade873efc9efdbe
SHA1

ba21b186744e4fb7b7a2dc7804d1f91d48181a22
SHA256

b24a39285fa9c5bb8efb507fea064c05e05ab994e6607fe55a085ccbb0619c69
SHA512

5420f76ffa9b231f408f4e816710dc80631ea8223846e0a97e121d1d84af2787686d86e81ab215f98ecc4ecb4c47b69512de4037e0f66c5a40ab7f443c8fcd04
SSDEEP

49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrl9:86SIROiFJiwp0xlrl9

Score

10^/10

pony evasion persistence rat spyware stealer

Malware Config

Extracted

Family

pony

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe

Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
rat spyware stealer pony

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR"	explorer.exe

Drops startup file 2 IoCs

Processes:

6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe

Executes dropped EXE 64 IoCs

Processes:

explorer.exeexplorer.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

pid	process
4372	explorer.exe
4044	explorer.exe
4544	explorer.exe
824	spoolsv.exe
3212	spoolsv.exe
5016	spoolsv.exe
3916	spoolsv.exe
4368	spoolsv.exe
3568	spoolsv.exe
3844	spoolsv.exe
200	spoolsv.exe
2972	spoolsv.exe
220	spoolsv.exe
3132	spoolsv.exe
2612	spoolsv.exe
3056	spoolsv.exe
3156	spoolsv.exe
5116	spoolsv.exe
1796	spoolsv.exe
2760	spoolsv.exe
5032	spoolsv.exe
2032	spoolsv.exe
5112	spoolsv.exe
3784	spoolsv.exe
4584	spoolsv.exe
5184	spoolsv.exe
5216	spoolsv.exe
5304	spoolsv.exe
5380	spoolsv.exe
5544	spoolsv.exe
5644	spoolsv.exe
5708	spoolsv.exe
5736	spoolsv.exe
5852	spoolsv.exe
5920	spoolsv.exe
5952	spoolsv.exe
6016	spoolsv.exe
6064	spoolsv.exe
6140	spoolsv.exe
4480	spoolsv.exe
5408	spoolsv.exe
5724	spoolsv.exe
5480	spoolsv.exe
5792	spoolsv.exe
5712	spoolsv.exe
5900	spoolsv.exe
5716	spoolsv.exe
6008	spoolsv.exe
6060	spoolsv.exe
6068	spoolsv.exe
6096	spoolsv.exe
1448	spoolsv.exe
5196	spoolsv.exe
5524	spoolsv.exe
5656	spoolsv.exe
2916	spoolsv.exe
5968	spoolsv.exe
6124	spoolsv.exe
5300	spoolsv.exe
5204	spoolsv.exe
2044	spoolsv.exe
4920	spoolsv.exe
5944	spoolsv.exe
5972	spoolsv.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	explorer.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exeexplorer.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

description	pid	process	target process
PID 3900 set thread context of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 set thread context of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 4372 set thread context of 4044	4372	explorer.exe	explorer.exe
PID 4044 set thread context of 4544	4044	explorer.exe	explorer.exe
PID 824 set thread context of 3212	824	spoolsv.exe	spoolsv.exe
PID 5016 set thread context of 3916	5016	spoolsv.exe	spoolsv.exe
PID 4368 set thread context of 3568	4368	spoolsv.exe	spoolsv.exe
PID 3844 set thread context of 200	3844	spoolsv.exe	spoolsv.exe
PID 2972 set thread context of 220	2972	spoolsv.exe	spoolsv.exe
PID 3132 set thread context of 2612	3132	spoolsv.exe	spoolsv.exe
PID 3056 set thread context of 3156	3056	spoolsv.exe	spoolsv.exe
PID 5116 set thread context of 1796	5116	spoolsv.exe	spoolsv.exe
PID 2760 set thread context of 5032	2760	spoolsv.exe	spoolsv.exe
PID 2032 set thread context of 5112	2032	spoolsv.exe	spoolsv.exe
PID 3784 set thread context of 4584	3784	spoolsv.exe	spoolsv.exe
PID 5184 set thread context of 5216	5184	spoolsv.exe	spoolsv.exe
PID 5304 set thread context of 5380	5304	spoolsv.exe	spoolsv.exe
PID 5544 set thread context of 5644	5544	spoolsv.exe	spoolsv.exe
PID 5708 set thread context of 5736	5708	spoolsv.exe	spoolsv.exe
PID 5852 set thread context of 5920	5852	spoolsv.exe	spoolsv.exe
PID 5952 set thread context of 6016	5952	spoolsv.exe	spoolsv.exe
PID 6064 set thread context of 6140	6064	spoolsv.exe	spoolsv.exe
PID 4480 set thread context of 5408	4480	spoolsv.exe	spoolsv.exe
PID 5724 set thread context of 5480	5724	spoolsv.exe	spoolsv.exe
PID 5792 set thread context of 5712	5792	spoolsv.exe	spoolsv.exe
PID 5900 set thread context of 5716	5900	spoolsv.exe	spoolsv.exe
PID 6008 set thread context of 6060	6008	spoolsv.exe	spoolsv.exe
PID 6068 set thread context of 6096	6068	spoolsv.exe	spoolsv.exe
PID 1448 set thread context of 5196	1448	spoolsv.exe	spoolsv.exe
PID 5524 set thread context of 5656	5524	spoolsv.exe	spoolsv.exe
PID 2916 set thread context of 5968	2916	spoolsv.exe	spoolsv.exe
PID 6124 set thread context of 5300	6124	spoolsv.exe	spoolsv.exe
PID 5204 set thread context of 2044	5204	spoolsv.exe	spoolsv.exe
PID 4920 set thread context of 5944	4920	spoolsv.exe	spoolsv.exe
PID 5972 set thread context of 5484	5972	spoolsv.exe	spoolsv.exe
PID 4668 set thread context of 5404	4668	spoolsv.exe	spoolsv.exe
PID 5392 set thread context of 6124	5392	spoolsv.exe	spoolsv.exe
PID 5972 set thread context of 5392	5972	spoolsv.exe	spoolsv.exe
PID 6180 set thread context of 6204	6180	spoolsv.exe	spoolsv.exe
PID 6260 set thread context of 6284	6260	spoolsv.exe	spoolsv.exe
PID 6336 set thread context of 6380	6336	spoolsv.exe	spoolsv.exe
PID 6436 set thread context of 6460	6436	spoolsv.exe	spoolsv.exe
PID 6540 set thread context of 6588	6540	spoolsv.exe	spoolsv.exe
PID 6632 set thread context of 6656	6632	spoolsv.exe	spoolsv.exe
PID 6712 set thread context of 6740	6712	spoolsv.exe	spoolsv.exe
PID 6824 set thread context of 6984	6824	spoolsv.exe	spoolsv.exe
PID 7016 set thread context of 7068	7016	spoolsv.exe	spoolsv.exe
PID 7096 set thread context of 7152	7096	spoolsv.exe	spoolsv.exe
PID 6184 set thread context of 6264	6184	spoolsv.exe	spoolsv.exe
PID 6372 set thread context of 6476	6372	spoolsv.exe	spoolsv.exe
PID 6560 set thread context of 6648	6560	spoolsv.exe	spoolsv.exe
PID 6732 set thread context of 6768	6732	spoolsv.exe	spoolsv.exe
PID 6892 set thread context of 6900	6892	spoolsv.exe	spoolsv.exe
PID 6828 set thread context of 7084	6828	spoolsv.exe	spoolsv.exe
PID 7148 set thread context of 6224	7148	spoolsv.exe	spoolsv.exe
PID 6336 set thread context of 6672	6336	spoolsv.exe	spoolsv.exe
PID 6916 set thread context of 7020	6916	spoolsv.exe	spoolsv.exe
PID 6828 set thread context of 6348	6828	spoolsv.exe	spoolsv.exe
PID 6340 set thread context of 6580	6340	spoolsv.exe	spoolsv.exe
PID 6452 set thread context of 7032	6452	spoolsv.exe	spoolsv.exe
PID 6916 set thread context of 7160	6916	spoolsv.exe	spoolsv.exe
PID 5248 set thread context of 5632	5248	spoolsv.exe	spoolsv.exe
PID 6268 set thread context of 6828	6268	spoolsv.exe	spoolsv.exe
PID 6336 set thread context of 6916	6336	spoolsv.exe	spoolsv.exe

Drops file in Windows directory 64 IoCs

Processes:

explorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exeexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

description	ioc	process
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	explorer.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	C:\Windows\Parameters.ini	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	spoolsv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 20 IoCs

Processes:

pid	pid_target	target process
37444	20924
26188	19656
36892	11104
37620	20160
38892	11656	spoolsv.exe
38900	11084	spoolsv.exe
24084	36216
7428	37072
29144	36884
27776	6888
37756	3468
11824	36960
13552	34376
8228	32960
27804	17804
27128	36724
6344	11464	spoolsv.exe
35724	31576
2356	196
35784	10576

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEEXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEchrome.exeEXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEPaintStudio.View.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e89f0f25b8a4c5439b64406049d0c7d300000000020000000000106600000001000020000000e026e46ba292e963a210b4e8b8d968332e7ad3cc181a58487a2eb80e8cdc178a000000000e8000000002000020000000b95fb6b6ed3ea6cca24638909d53af5746bdad75a4beadcf08055329f08c1ecd200000008c61e583a2c8e6832921fb5ff759693d1eef8a927796438e0e2ceb80ce70b4fd40000000e2082c4a566bb36cb06eb93b5bfe523095305109f565c1939b189ace5a9cc3fb9b95949bbfbf8382b3561b83bab5e0ee76f474652387978298ecd2500f044289	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0ce473f3aadda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1030853152"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1030853152"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31108410"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1030953001"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e89f0f25b8a4c5439b64406049d0c7d3000000000200000000001066000000010000200000008db138232bd37aa3776f7557b4d89925a0c11a28e309373708035e8ce89ed153000000000e8000000002000020000000389d4cc68ffbedb17c83e8472e39f5832f597ea0a48b0c04e582e5120a25a5602000000056c18bd8b1a2415186f29d87a67b1cf456bb6809640980ba3b1b58c4980408f04000000053c412307d66b95eb64616864593e8d430713dca9c78631893b4e3bfa9ff80aac59f91cdee4eb4464b641978467e65832b616fa566b819bca18ba93ff72dc94d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31108410"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0144c3f3aadda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1030953001"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31108410"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{690801D4-192D-11EF-92F7-DA737A3B0B0F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31108410"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609604469243491"	chrome.exe

Modifies registry class 13 IoCs

Processes:

PaintStudio.View.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

PaintStudio.View.exeEXCEL.EXEvlc.exe

pid process

4676 PaintStudio.View.exe
2884 EXCEL.EXE
3856 vlc.exe

pid	process
4676	PaintStudio.View.exe
2884	EXCEL.EXE
3856	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

mspaint.exePaintStudio.View.exe6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exeEXCEL.EXEexplorer.exechrome.exe

pid	process
3852	mspaint.exe
3852	mspaint.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
4372	EXCEL.EXE
4372	EXCEL.EXE
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
4544	explorer.exe
632	chrome.exe
632	chrome.exe
4544	explorer.exe
4544	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

vlc.exeexplorer.exe

pid process

3856 vlc.exe
4544 explorer.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

Processes:

PaintStudio.View.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4676	PaintStudio.View.exe
Token: SeDebugPrivilege	4676	PaintStudio.View.exe
Token: SeDebugPrivilege	4676	PaintStudio.View.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

vlc.exeiexplore.exechrome.exe

pid	process
3856	vlc.exe
3856	vlc.exe
3856	vlc.exe
3520	iexplore.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

vlc.exechrome.exe

pid	process
3856	vlc.exe
3856	vlc.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exeOpenWith.exemspaint.exePaintStudio.View.exe6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exeexplorer.exeEXCEL.EXEEXCEL.EXEvlc.exeiexplore.exeIEXPLORE.EXEexplorer.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exespoolsv.exe

pid	process
3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
2860	OpenWith.exe
3852	mspaint.exe
4676	PaintStudio.View.exe
4676	PaintStudio.View.exe
3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
4372	explorer.exe
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
4372	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
2884	EXCEL.EXE
3856	vlc.exe
3520	iexplore.exe
3520	iexplore.exe
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
4544	explorer.exe
4544	explorer.exe
824	spoolsv.exe
4544	explorer.exe
4544	explorer.exe
5016	spoolsv.exe
4368	spoolsv.exe
3844	spoolsv.exe
2972	spoolsv.exe
3132	spoolsv.exe
3056	spoolsv.exe
5116	spoolsv.exe
2760	spoolsv.exe
2032	spoolsv.exe
3784	spoolsv.exe
5184	spoolsv.exe
5304	spoolsv.exe
5544	spoolsv.exe
5708	spoolsv.exe
5852	spoolsv.exe
5952	spoolsv.exe
6064	spoolsv.exe
4480	spoolsv.exe
5724	spoolsv.exe
5792	spoolsv.exe
5900	spoolsv.exe
6008	spoolsv.exe
6068	spoolsv.exe
1448	spoolsv.exe
5524	spoolsv.exe
2916	spoolsv.exe
6124	spoolsv.exe
5204	spoolsv.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exeexplorer.exeiexplore.exeexplorer.exeexplorer.exespoolsv.exespoolsv.exe

description	pid	process	target process
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3900 wrote to memory of 5044	3900	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 wrote to memory of 4208	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	splwow64.exe
PID 5044 wrote to memory of 4208	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	splwow64.exe
PID 5044 wrote to memory of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 wrote to memory of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 wrote to memory of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 wrote to memory of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 5044 wrote to memory of 3116	5044	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
PID 3116 wrote to memory of 4372	3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	explorer.exe
PID 3116 wrote to memory of 4372	3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	explorer.exe
PID 3116 wrote to memory of 4372	3116	6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 4372 wrote to memory of 4044	4372	explorer.exe	explorer.exe
PID 3520 wrote to memory of 1536	3520	iexplore.exe	IEXPLORE.EXE
PID 3520 wrote to memory of 1536	3520	iexplore.exe	IEXPLORE.EXE
PID 3520 wrote to memory of 1536	3520	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 4544	4044	explorer.exe	explorer.exe
PID 4044 wrote to memory of 4544	4044	explorer.exe	explorer.exe
PID 4044 wrote to memory of 4544	4044	explorer.exe	explorer.exe
PID 4044 wrote to memory of 4544	4044	explorer.exe	explorer.exe
PID 4044 wrote to memory of 4544	4044	explorer.exe	explorer.exe
PID 4544 wrote to memory of 824	4544	explorer.exe	spoolsv.exe
PID 4544 wrote to memory of 824	4544	explorer.exe	spoolsv.exe
PID 4544 wrote to memory of 824	4544	explorer.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 824 wrote to memory of 3212	824	spoolsv.exe	spoolsv.exe
PID 4544 wrote to memory of 5016	4544	explorer.exe	spoolsv.exe
PID 4544 wrote to memory of 5016	4544	explorer.exe	spoolsv.exe
PID 4544 wrote to memory of 5016	4544	explorer.exe	spoolsv.exe
PID 5016 wrote to memory of 3916	5016	spoolsv.exe	spoolsv.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe"
  2⤵
  - Drops startup file
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6bbd05b1405e17e9eade873efc9efdbe_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3116
  - - \??\c:\windows\system\explorer.exe
      c:\windows\system\explorer.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4372
    - - \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:4044
      - \??\c:\windows\system\explorer.exe
        
        "c:\windows\system\explorer.exe"
        6⤵
        Modifies WinLogon for persistence
        Modifies visiblity of hidden/system files in Explorer
        Modifies Installed Components in the registry
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:824
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:3212
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:10356
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:10560
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:10692
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3916
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:10308
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:1408
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:10428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3568
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:4632
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:10372
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:4892
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3844
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:200
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:2984
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:220
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11360
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3132
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2612
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11548
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:11608
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:11688
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:3156
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:12284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:1796
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11308
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:11460
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:11596
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5032
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11884
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5112
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:5808
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3784
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:4584
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:2896
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:11280
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:7024
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5216
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:12072
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5304
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5380
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11340
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5544
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5644
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:12104
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5708
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5736
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11716
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5920
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:6468
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5952
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:6016
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:5308
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:6064
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:6140
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:5516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5408
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:3108
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:12076
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:8156
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5480
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5792
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5712
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11400
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5900
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5716
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:2748
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:6008
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:6060
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:6664
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:6068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:6096
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:18332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5196
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:11480
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:11868
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:12156
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5524
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5656
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:9188
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5968
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:4192
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:5828
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:4948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:6124
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5300
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5204
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:2044
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:19724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        Executes dropped EXE
        
        PID:5944
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:20200
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5484
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:9328
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:2924
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:5056
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:4668
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5404
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:6408
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        10⤵
        
        PID:19836
        
        \??\c:\windows\system\explorer.exe
        
        c:\windows\system\explorer.exe
        11⤵
        
        PID:20016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:5392
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6124
        
        \??\c:\windows\system\spoolsv.exe
        
        "c:\windows\system\spoolsv.exe"
        9⤵
        
        PID:1956
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:5972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5392
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6180
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6204
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6380
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6436
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6460
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6540
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6588
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6632
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6656
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6712
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6740
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6824
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6984
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:7016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:7096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6264
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6372
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6476
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6732
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6768
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6892
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6900
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7084
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:7148
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6224
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7020
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6348
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6340
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6580
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:6452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7160
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:5248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5632
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6268
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Suspicious use of SetThreadContext
        
        PID:6336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7148
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7188
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7300
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7364
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7400
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7444
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7496
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7524
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7660
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7700
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7740
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7776
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7816
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7896
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7940
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7964
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8028
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8052
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8084
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8140
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7172
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7228
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:4284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7304
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7436
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7600
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7640
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7704
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7800
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7956
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8124
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8172
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6052
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7300
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7548
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7720
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:500
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8048
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8128
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7280
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4272
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7904
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7800
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:3784
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7532
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5136
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7512
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7304
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8356
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8548
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8572
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8608
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8632
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8712
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8736
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8772
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8796
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8944
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8992
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9064
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9104
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:9144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9172
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9208
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8352
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8424
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8568
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8728
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8860
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8904
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8928
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9088
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:5576
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8244
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8256
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8552
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8612
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8776
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8868
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8940
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8912
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9200
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:8256
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8856
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8964
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5412
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7812
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8424
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8940
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9148
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6796
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:6976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6964
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:7732
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8688
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6932
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6932
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9288
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9328
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9356
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9384
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9404
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9548
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9572
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9640
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:9672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9696
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9748
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9780
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:9812
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9848
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:9900
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10008
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10044
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10092
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10140
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10164
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:10232
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9232
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9364
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9412
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9488
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9548
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:9752
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9832
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:10060
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10048
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10208
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:6972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9620
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        Drops file in Windows directory
        
        PID:10080
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10156
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9620
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10288
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10320
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10376
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10444
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10588
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10620
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10684
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10704
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10736
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10760
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10796
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10820
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10860
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10884
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10996
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11020
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11044
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11092
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11120
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11200
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11224
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10304
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6872
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10364
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10748
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10804
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10900
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10956
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10988
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10980
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11040
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11100
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11148
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10220
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6864
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10580
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10644
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10364
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10804
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10928
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11080
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11072
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10060
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:4888
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:1800
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:3852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6840
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10688
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10408
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10700
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10644
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11084
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11244
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10360
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10412
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10804
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11160
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10288
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11320
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11348
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11468
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11496
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11520
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11656
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11728
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11784
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12100
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12228
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11488
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11504
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11576
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12116
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11748
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11728
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7632
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11440
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11820
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11316
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8592
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7036
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6104
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5884
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7944
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5684
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4912
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11372
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:796
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8932
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6456
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8384
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11860
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11328
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11932
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7404
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5700
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6160
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:2700
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5956
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5156
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:3936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11296
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5128
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12228
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11396
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10020
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8680
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11820
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11464
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11756
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5752
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5952
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5660
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9864
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12180
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5372
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7760
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:1744
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9008
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9748
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9256
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11756
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11880
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10044
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9792
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10896
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:3936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12320
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12456
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12552
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12580
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12720
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12760
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12876
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12960
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13044
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13100
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13152
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13192
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13244
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12308
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12572
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13168
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:12652
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13132
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13472
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13588
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13664
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13732
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13772
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13832
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13856
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13952
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14008
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14048
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14088
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14112
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14168
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14196
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14224
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14332
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12656
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13556
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13620
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13872
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14108
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14172
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14240
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14280
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14268
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13596
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5532
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8012
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:8804
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11796
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13636
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13832
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:13852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5552
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8020
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13656
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14012
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5488
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13736
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11384
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14012
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14352
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14380
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14404
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14472
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14544
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14568
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14608
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14632
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14664
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14708
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14760
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14844
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14868
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14892
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15004
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15056
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15080
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15108
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15132
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15172
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15236
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15260
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15296
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15324
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11752
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14344
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14352
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6000
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14552
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14680
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14992
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15040
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15064
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:1088
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15196
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15344
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11384
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14424
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2752
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:4824
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14764
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14828
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14680
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14856
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14944
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15000
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5960
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:4456
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14472
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14804
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7000
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:792
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15296
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14840
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:14472
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5852
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11812
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6520
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6980
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11396
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2792
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:4108
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9868
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15396
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15460
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15492
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15540
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15608
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15672
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15740
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15776
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15812
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15836
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15908
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15972
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16040
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16080
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16108
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16168
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16212
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16236
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16272
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16308
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16348
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16376
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15380
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15408
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15468
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15588
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15624
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15708
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15772
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15844
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7232
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:312
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16220
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10140
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10960
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10608
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16272
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16356
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15444
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15596
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15824
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7232
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16264
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7752
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15416
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15712
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7408
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7628
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5236
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:5184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15396
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7136
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15452
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15660
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7400
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:312
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:12024
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:3720
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11780
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15708
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:7616
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:7728
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6236
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15824
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11956
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15964
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11976
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16392
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16432
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16596
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16636
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16676
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16728
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16912
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:17024
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:17224
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:17244
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16404
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16440
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16628
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16724
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16788
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16764
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16820
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16884
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18048
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18228
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18252
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18284
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18312
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18396
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18088
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18116
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:400
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11988
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18320
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18328
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:5292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18364
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18412
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:676
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:960
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:420
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:16936
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18240
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:3428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18344
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:1076
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4316
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:1288
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2032
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:696
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:812
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9952
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:2696
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:4308
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:380
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18028
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:2676
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:2908
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:17092
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9500
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10028
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:1388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6248
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9876
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:4348
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10028
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6168
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:8560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18336
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18112
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:676
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:9876
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:17216
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18480
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18516
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18556
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18580
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18620
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18644
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18680
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18720
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18848
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18912
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18944
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18980
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19124
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19200
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19256
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19292
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19324
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19348
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19404
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:9876
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11220
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18568
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:16028
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18604
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18868
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18932
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19144
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19428
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11220
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:18876
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19100
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19280
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19328
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11100
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:10636
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19256
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13792
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19280
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19460
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19484
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19508
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19532
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19552
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19580
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19600
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19628
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19648
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19676
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19696
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19916
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19940
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20012
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20036
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20068
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20096
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20160
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20184
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20324
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20360
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20432
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19536
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19612
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19668
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:6412
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19744
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19784
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19800
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19844
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19864
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19920
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20044
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20084
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20128
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20176
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:6512
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20224
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20268
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20344
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20400
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20448
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20416
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19560
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:10696
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19924
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11532
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20168
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20380
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:13960
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20424
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:11708
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:18024
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19684
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19704
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19860
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19836
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20052
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11544
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20324
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11908
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20424
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20388
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19808
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19864
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19948
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:19780
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20148
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:11544
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20468
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:15016
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:19820
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:14536
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:15120
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        7⤵
        
        PID:20520
        
        \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        8⤵
        
        PID:20540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\WatchSearch.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3852

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4676

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SelectBackup.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\TestFind.xla"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddMeasure.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3856

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3520 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1536
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3520 CREDAT:148482 /prefetch:2
  2⤵
  PID:12192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc75c29758,0x7ffc75c29768,0x7ffc75c29778
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4916 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6112 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6304 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5348 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:8000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6192 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5868 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:11828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6536 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:11836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5980 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:11640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3388 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:12100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5540 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:9312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6768 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7128 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:9008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5608 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:12424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5940 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:8168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:15916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:8960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5168 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:1
  2⤵
  PID:16472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6736 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:16892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:16900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5764 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:19828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6288 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:19780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7092 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:12208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5804 --field-trial-handle=2220,i,6060565607133298950,9113657197870287412,131072 /prefetch:8
  2⤵
  PID:15272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5080

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420
1⤵
PID:18212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
e4b75effc0b543b19e4d9552f6db8dc3

SHA1
a517b184c554851ccb68c08bd4032cfd267e42dc

SHA256
9d5be6893bcd19a0ef64f95a700eb6353008f4a6148426a650d2f1541ebc2e6c

SHA512
8819b5eda9837148c50d543e9315c0e950c5d2fe43a82313324b55c8c907a0af0c0738a025e1266c48e72cbaaff9fa75e16959a04d74687d7a8c018cff55448f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
fe22075bb218147210b7bb4dd710833a

SHA1
78f686a2f20d4d75584bbc10bcd628bbfc63e6ef

SHA256
8af80935a30543662e97103f2f1a1432e7ea3269e631d5d92e09f06bae026c2b

SHA512
becde4a65ac5cafe5b7a858b7907630a5060e29a35142639562c738457dbdf030ebc09352c589d3b267da204502bbdd405dc4b7e4280f67f8d621a3829de4f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
34KB

MD5
1f82a71bcd8c0398ef444db3082c0413

SHA1
04395103067040f3abafeea51559285d189632f4

SHA256
8b0037289483435119f1576303677d10e2ce17e26e91c6fbb95b962d846d68ba

SHA512
ab4910012a210c1c9b3d6eb64da466069e151007e2959bc19df7514ba9f1e08704166d315e415f83de45599d28410587df472aff65d840fa8e5587eda943b5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2443a296cbf9f286abae520efe2988a7

SHA1
d382ae7fdd0cb80bceee21a0d44ee162142595c3

SHA256
5ed08fd7ef7a615b1d8f6f89f0008d037d3a83e6ee4b346fb24aebcbd6459eac

SHA512
8001975e84179dd2a024b6626d0d35beec4848fc5dd7b8395cfdaad48627bfe9d5ea0cb504d1c0de6d8455f4b02fe6901f7e088c63e2fd6077709b83e3425098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
65bf13fd6f2f6f542849c71bba762a69

SHA1
85a43096c1722875db70be9f84c72d7e1e336f9e

SHA256
d49948ffe3f592852d76a138b90d51cb05ca0ea152d05693a04614da796a4df4

SHA512
87bb504546567d9770125e9751eb3bdc10af0e23bff88969caddaf142d9d97487780e769a29f2bc6ad5af2092e8e2b6e4d406a74c8508cd5e5e1d431c81f5b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea71fea973909cd4f2cdd97399fd9ae7

SHA1
59ddbc152918a15736ac354eb38cd89320fba652

SHA256
5d20245e2d2c63559576aef0559e0c6b548eece8cf7e2ad5bee15158ecae3dcb

SHA512
88280ce029eca3de2cd25194d9a9b59cacab931a3e79d861d03277b40c9b55666089a8ead9fc82e5cea50e05a245ce652e51e86c21e158548806ee7382f659d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
284da9add7a9000dd15fdeec7248eb3f

SHA1
6fd7388dfcfa7380c210d9fd663fe634ba871f28

SHA256
c59b6ad5e6a88cd356789c1a95b71ad100f6bdd5a349e288e93a678729216559

SHA512
1ce8bb49a71bd63a835be35d5f132b69b59f460578795dc01a970620c16846dc4226d913d4140be3790a05dd03abe2af30d3d2a513aed4bcac12047daa5ea4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
110b7c5c8a6e937052d3c77065539480

SHA1
c52f581a9eee7a8223cf31e032ca994e7ceeea56

SHA256
429fad8ce17e0cffaee4911094ca57e5e48dcd6bada0e95b2e1fd572a2c894f4

SHA512
afc490c10c95375ad2c05a3fe9f0b03ef4afa796b74d3bfd9036de2c73c3468720bf55bf9bba5cf1f2e5d415706759de9da1c0912b9dd6786c10c612357b2e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_trrqd.dwhitdoedsrag.org_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\62079f44-44f7-4a99-962a-c7f591be068d.tmp

Filesize
5KB

MD5
9c204f58b444ff2149eaa71382f7ce34

SHA1
673bb87d6b890958203b543b72658a8c31921668

SHA256
d76cece0ac24c848a7b979e132d5a1a97713d4078a0ac8b0f37910988d99b9e7

SHA512
9d0ee7d1e75c96916ee15150c178bd815c147135a9c7232b2b3f708c66cfdae9be5b2c214bca3a93ca004da51b7e13e9c3064fa126273b216f24cf50650f5a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
819f1b02dfa352e0a26c80bb2f445943

SHA1
75862ebac3a9c6bf093ab5d2b4fb0d4019190089

SHA256
bfca5586785383f9ffc167a8e227f4928f12bdfaed1200c58884fd3b80eb0430

SHA512
0ebdf73745bd5871211630a6e3e76ec88154dc494c43f10f5bad98f35f158c9fe63d6bd9de7e65b4b6a33cf8d07f8091942693d02d8280b231d0413e4dadb0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
554d445430da8b015d6394555c96bf4e

SHA1
0983a670fa2fbfa5b4039cba93b62d357adbf47f

SHA256
1e89728638d857fcbfe6aac6a3f1c874d39b1658d05cecc0a1ecc1829bf0ae25

SHA512
46cf4d7af1b2ad12baae59a7fe0279f5786c4f57f1c5388acfac0307fb7d0ce9fb9d1bf663b91c14fd50afac621110a9ee90099d303dd6d0902d603f030190cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4df86f07a2fbe2c0c5efeec2f46676f5

SHA1
a20a260adf4a3f4ea097f95f16abd07fafe72ba4

SHA256
4c9db5160d52c19fd259bcbe7841f174acb2510f6c779a3e81362ebcb3f159f4

SHA512
bc8f4109aea50a14250b948255cab24f26a633646f1863a697407f655751f9bc6b355b765673d7c5abf27041b6d868561aeb2a6057f17416cc1f71865f12f38f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ca77e791230be11a63de09cfc0bc204f

SHA1
e5d264d21d0287288dc8e16dc0f2269ad8e2a045

SHA256
d4b4a6215b293e61c46c5f1e8f69e032a78bb4117369022512fd64325f657c75

SHA512
33f82f2534932b3013b1c07ada115db7f8e355ed9fefa9b9b0d5a86249900097a5a67ac5204217f275fdb2370cf43c5bf65da7473d27b7b580c4e2e069d61a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
b06382d4af6b3a3d5e9c64d895511364

SHA1
b2a816700afc437e7def66983e237df94c75d0e1

SHA256
69cd771f65398e327316376339990010d4e174f2f6b7d97ed52f42eb60666c7a

SHA512
a2c6f4e264476aa5c91cad28fc6dbf99a087b79aeb39f4f0e328584e361e5aaa561ab7cfaca2ddd3871eaa775ba599db47a62f457dfb8129b815ea392105d038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
d72ec19fb598f986ba04ad3978258451

SHA1
4e8743f4524c0570b4bdd8b4d863ac31116aa94b

SHA256
c5db0fa6ff53a25ef4eff653950f7fe22ab0bbcdced763db54971e246be52672

SHA512
f0a66aaee7d3aa51aefcff98208770dfaca741830792e9c9d979dfa837cabbddee08e879ab4aa6e6b1050a6948b7f8d7c2299c27f5007b982c1194aa5fc4e321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6baf6e9b30d8295c04faa63c831ac5ca

SHA1
ad9a3cd966f199b87746bc02a875110ebf1bcd66

SHA256
8dd6b92b981d5550ea5c47c01836130f48e40a66d43c9d6db1e6f1d94abb47f7

SHA512
6d146c617e5e2886736cb902b797e70719e40a7f1094b1c0a8a8bc6a990f31a4058a0690cc5789e55c099ae929e11d63874c2d349387671913a2779ad2cb3537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
87d4794db8de92a9d58577674e9f4e94

SHA1
50ac911e1336a8ae94e78bddc751c4c02fcbf14f

SHA256
f786e73e7f67a20a1fe34f00fdccc39f3ac8ce882da1886da6f763adc6df0b79

SHA512
6ee6df0711d769d09508ebe804fad984e916dac6448f32bdc97584078730b3c9009b75789a32c398242012e2f920a6ebb036eaff6e73086ebd8af9ce4b941799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1fac291d6cf882f3f64a81de82527049

SHA1
66d73d7653c6687c8ebc108adb966fa2a480f0a4

SHA256
a922d207a2bc58849f78c8a693595e32a972ea54cce352e68f03447e6a2d6051

SHA512
3ed7e04d77ea274f4f07f1d7c93a18756c0224e795057b24e30758c51fd783c6434ff76a6ab5bae39f638c99de37bb91af2572695cf92ced4d09449c9e0fb601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2c679c7d08e971fca33335918904a7aa

SHA1
92771e77a9a16bf35379bfbedf04ddd0aeb2b607

SHA256
693c6e32144c5454e6cab31bcae10ef3df73ecae69499c18286408e2e216ed6f

SHA512
08e96f0d30a2f2bad360e5039ca453e9d0667a8fd9bda03fcedf2ab3160998beab4a2fe9120e240f978d66f83816ac91839e6fd20a2bb9893ccece7c810ae1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11c62b37a6fa404e6bc8ac5ff991f1be

SHA1
84484b59d7da61dc89fc413416e5ba301d794e1a

SHA256
4146b638f0b314149dbbff26cb2dbf48823369072fb1ac6af505918b5bf52487

SHA512
455226f12b3a2c9a17746f759d9b4bf41b592f71c749cc0cd9e734533c8028c7ea4443e8a3c4024361ea197125642681c648d754ec2e04b0844462a4c5cac3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d1a1a344de4d15a7f462b74ac05bebfd

SHA1
76f483727b8b64748012ef58739a2daf772377c4

SHA256
4d74859f2253744e27210f5bc3188677a24b166d4245e9ae34b7e589d2f8be1d

SHA512
e163bd75682c855d074b175c5bacc912f1bb691152c8b0483d5be0f996eaba8b8d0b249c06c838a9c393bfc5086cba172a6477b33ab2e574c06af6c36ff27873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0f11b3615193ecad3b266c1abec54259

SHA1
a4c31c8fd33840abd0028c8f85a3e97c8d3d88a9

SHA256
167b34736c1a78b083ba47f29ed5875e1a4e0019169fcb06e679d7efb30fddbb

SHA512
2f641cbc7796e1bd5407e84e62a0ea80b519aa8c7449d1b611a2d0f561f96dbb10437a5400ef47cecdd1be0b62fd7abeb7a2ace15136db0be7341835250969ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bbbfd667f8aeaf78b6dad64653e63d8d

SHA1
8f48a82c3ad21ee2782d679093bc3bb3ed3b4c90

SHA256
a75032cbf62e2ff44828f60b5f06017ec5ff491dd72d6b5a1866d044ce722f1e

SHA512
c3d8449a7dbdc5af1212b78ddc152c144382c72e855ec890d6f2cf9e81330d5b9524d18f59eb5730796f564dec67ec2880131dbe6a6c8e7460338f5f6fdf95d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e07f75b8cba5ec9a739d2d189aa85134

SHA1
ae986868528eafc67e8f1465b2cb30ce18fcc930

SHA256
116693774e66ec627f7458964860a2433320a7667ecc099222afffe4d3bfca6c

SHA512
24feda1475ca78261d4dc4eca913e7017324dcac64216652a2393461c975016dfdfa94a5bdba2071967b70d78658bc37ccea24ab1951e05a22a6bc414e54d892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
af0fd1602e9661350b3dd3a127286096

SHA1
04f7873d7df19a2aa6dbd9e8e3102a30276c90c5

SHA256
558eb647745e21db23014f4b2924480a544a5f84a3a9ad172445f343bee582ba

SHA512
b8967c472a6ca656b4b928d3f80ba8b8bf9e37021e7c845c48d40fd7bb1d15c57901f18eb04d51b3e1cbc649a257aa648ef453d715fac0963e28806aee5650a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
29fdc9b4e5d7ec0bd5560608599c627d

SHA1
9aed229524f6c2b27ae70e2c57142fc9fb49bde7

SHA256
6167d980c823d7b8597182d8f300f235d10aaf53e7c2132e5a6392e81641eeb0

SHA512
acae924f9bf4e91a7f3c1d13f49958398255bfa276fe7c04c23327284d352b789971c35f3a7af21868ff9bdc96a991d8306de9435baccb5d53f3106c8925373c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9a24a14a5ca92614b7e9d932219b5565

SHA1
f188834914a979546e65615d08b8cec1d4c73213

SHA256
10de8d07c0625ac296ec469ad24b68d88f15d2798d6f1fa3abf55cad04e3b28a

SHA512
a888e76a01aa0ee4ed037b4837494cec10b8a49aac3c7fe5b2ac8fab22a42df1771508a1ccd34e33fb9f96900e1ac572e77524b21edc9b90144c5989d2a8058e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
dfedd8b64309d0bd7194cf64ee5528ef

SHA1
104bd2677a978f0feec2fda72dabb5501a50a38c

SHA256
0f9872151309bdfab93d5b32c7a4249ad2eca948320245f9bdce21a3c6ed5c09

SHA512
e107e8e39a399d994e606235cfc4dacf23cd53ad693be5eecd00d65e4aae825c209f0c4b3066b851a6d62ac17ad0f001f271ea75978138648488b0f2b42d74ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
33440cf2c66a82beb9caa5c93b4a06a1

SHA1
094c72ba912edf93cc7ab811509069ce4d9500d4

SHA256
e14c0e6982177b2beddbcc0add79e3632fa97b5eab30b9bc4705e943080bd8f8

SHA512
7f376d3f5c67b1acb80b3e8b002ec551e5c57656c58dd5c3249395e2c4f24136b7610e86bf73c605aa57dfd8dd9026064bd204ad218b64e7e9988c8efd5ffb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
98d10932292c786cb351aa72d72546d2

SHA1
5d802eded82d0aa6b5e3eea8c76cd0866f05641a

SHA256
d2b49c732ad6b4679559ffc933f4a2157b482c95bd9a1d1555927671e9a9cdca

SHA512
819c1379fa85e37c1969bbee2b891dff8b82e1580465235797d5ae7d3e3db82dae641546d7cf6319faab0930c01c581f815e04578028b97932c728f970bf629a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d67c87e97273aeb3709829205564a613

SHA1
7f26be76eabbdb90611481050c6e99b68849d077

SHA256
f6e89f3990e3dfb230854bd1eed742a3cfa6e1875e2f453481f1efbb5de3b841

SHA512
dc3ea5f1b22a740dd59542b38f70e6b5971e01d8a08ba92846a7d60d1bacd6d5d38444753e85bdd5fee3af1b154e8cfdcd7859de8bda53d59a43d91e88796c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2d84b5b448ea4c344f180e429ebbdb5a

SHA1
67f4f152f4840b3fcb5397bed719832a72acb2b2

SHA256
9789410af86f6a337fd39e8acb03b6aa132e4104dbbec61038ae340f046cdda6

SHA512
454056c357ee14c498c904ff65af765a5b5236efed76968e2555137c727210e444872d08f86464cbb122efe393d025b393642667ee2d297ffbebda7903fa8b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8d3ea7cf761632d77ccc6f0e0615896a

SHA1
c6bb808b9ba1b4787a58ef682a4f95be894e1090

SHA256
acace6026f0a3e292af658dc504459280ef9061f7701af0023a8b28fbdc297a9

SHA512
c3394225e1283ccf4e614b8e03bb6f8dd7764e173f2fd10b633db6ca7a46700e9174751b7e44080743ec5ec99acedf99d30c31254687b4d3ef9704c3ca3318ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1f37917ca1428a0728d44eabf6452ac

SHA1
a25be0c81bce8532a9e61b1de6c48ad8cbeecac3

SHA256
f63e7c7ec0a9fac8c0500a8ada3341bd4369eaab73e99fd2319180414b83c23a

SHA512
52988c7453900661f133e714fcb425dec6ee01d09d3500ad8fa32dc79a214dfe278279d5ec0c2a99ac877db2b6cb5917b5e82b06d51d6229d42b67763b3b1dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97b39d6871d4c43fc05e2f03fed23bf4

SHA1
9e2f3156f6958df9811735f6770f8712b6cd6738

SHA256
79de414f28f4e2a16ec19684233097ec11d3b0f78a22920e42eac68c791dc303

SHA512
7b0d83fca709910336e44790eccf7f26873a61781da5caed0bb5d286b406dd7c86f134680e008dac0bbf8cf7060518e9ef7c5ce4b09717f10f6b5c82535d2a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c3eb808fe2939b3b1eae7114520122ed

SHA1
242405aa959c33695280e1fea47a312688c1589a

SHA256
88c01736df08f2f7622a942b00c2d8e08eeb2dd74470fda7410963c042293993

SHA512
2a50cbb52d5a3ba0c91cdeafb0bd59c7af8d45a379c39d93748bb3224ec2fcb32b03918eaf2998a447cff5ecbe2cabc40186e3b6379acf78749a864e102237e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
320e032c9f642914ebe2673a2e3ae3fc

SHA1
b40940e18281b88431a878dce3d117b76795d53f

SHA256
26a0d11770c44d457f5881ffe4dd808095d79e77b62adee155bdaa110bb3472e

SHA512
113e1cf9bb969d7ca59420f152bbaa858288b450f9d203788f506e09d948c1504e989c857559975513e3599bc26bd806cc0d3cfbca433bcffac829f62478e1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d35d74a069f7eaf5709836f1beb907f

SHA1
b0b817a1dc2a78d3ec4676a9d69c8cab93fcda3a

SHA256
7ad7eb5d2437bd371ed0bb62eb253150bc24b418c4e5496abe6f6b74b01fb991

SHA512
9fb3d5a5c8bc699b238be4560757a761e2c548f7a5dcb7ea001df8ba49cdd250e41c1276bd0284e78836956ad6467eedffb676305340d35ee01f6233292fdbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc37c33e585ab2e9d6f297dbba7b4f95

SHA1
c33454e47500ac1b7f1e0ca196ce025e9d7d0a44

SHA256
83d16701a151a769b3079a860d25ec5d4735a94b893b7b31580057db7549b360

SHA512
5de21a037a7dca4a28bc07d4f2c5e8bb317fe1badcc3a6e0bf0e69c86428825c356ae6ade00a6e82467d9a99e2f4359eaa2c1420ecedf7140e545bac8bf1e363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d92cc6ce9fdcd0063912c6b0ae9da34

SHA1
e4068c288b498051963c8cedd345721d41a34668

SHA256
90f2326a7423b4e406b181548c04b716ef25b617292dcd91b47e295a6b80e434

SHA512
851d9ebda494d8a6644a5dbc549c0ae38e5c1c6ee77730986a599dc5156d79cc85831104fdde0c41d75b29c10a689388db798b1dd7239b256833f92635438168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1767cdb9ecc41188d91386fba141860a

SHA1
a5175e082cdd6478b577be2e5b7d394f34adf321

SHA256
9ba41b9d6058e227f49a55eb3f1e94cfd8f73d12ffcc27fbbb6f148f6dd8aaae

SHA512
f3e2fa58dd6dd9cf819728b6a71ddede5a26e00de9c924e5ac2ac7b2ffe30f9ff488fde4d56dc3e059b39747fe38858aeda4d868bfd4717923c4c091dbfa2294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eedd6a592defd0a4ad58615ca7674515

SHA1
29fa3b023494c84165cb673b6e14da5509c70ab5

SHA256
9408a257f8aa05423cb2de808d09ce67a40c436e42550b7955eca1068869865e

SHA512
2941c325d2ff978f53c5a04bf6896d7bcd4b81cca71229ee25bf1bad2a2522c6ee63f4dfbf2e8522e9d6dfb72de91ca3b063d65ad4153fe36cdc2538ae2827cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
46df35755a1b6cb12afdca1f7fc6878b

SHA1
2b86a082772f1562646d43c26bac1980a19c6e61

SHA256
aedf3c1d0e20746553bd6bbebf594726b1cbc08106216fa937dd92ea4d5f8c74

SHA512
b2479bb030b1185b3aa102ff5da2f8877dc9f5aa3e93367819b223f914e184783d4f9859b783d8628a1c6cbe90b78677c09ee1d353274267b3bd04b96a1dd2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf8b27677c0e81a55c9102a7f9c9169c

SHA1
f1cfaafb3b349f501187d77b8e07d6728055f81a

SHA256
a70767698c6d04960d1f88ce9f61495e71a52180a62a9b6930705e4880edf3c8

SHA512
052a85fea061a9985b57836ff3b6e1975021e40d9abcbcc379ed68ea63bdf4e65f75736c0f43311f2080d6eafc333aeb06607e975312f7388fdb5ca4d76f4edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bd801b8833d4eee98e13d8b73c29ce85

SHA1
90e4d0c07f06ea3f4aa9418ae31292be80755cc5

SHA256
d07d62224bbff94ce94d62985ea8139ca79ee0dc67d485200d0e97d7f7480dad

SHA512
042ee50e8991af8de0f2c1d6b940a7272e3078ea0d4905b5bdbfbbc75f479e0fa262b87a47d7c3ad21dcfeb1e3f155e1633a0afddc4be531ccf6461c4139860e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ca6ed17cd04e199760102f15b95fe27d

SHA1
235a63be92fee65ded8ded4b5a769d9727d82ef0

SHA256
f6305ff1642d6c8d6118ba6df0ffd13ce0724fa7f48e6b5336fc814722143d86

SHA512
6a49f8ccf79b3cd623fe1169e88eb90bc3ca7f93016a215d425bc14ad0804b613b527c0274a937de5812e8d54155926d1b28d9ca5dd38644dac7a5f7f43f097b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
76ba29e1a974fd078ddc4c02e37ae391

SHA1
39cc52176c9067db766763e81d6dd17e1dfac337

SHA256
65764460b09810e9bdaacbe8bdba166e97852ac2ff046d3c710726fc409f9f3d

SHA512
60e21ea4c03d21070bc67a99a374b36ea487438863155a8d824dd1de813899e923efbba4e8a3dabf8b3fc01c120b622b5ecc4ce96ea2fbeb3811d530e96984be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
28KB

MD5
81f53eae8f4b48207238e7e8af7ee470

SHA1
b7bc98461358f99b07651ef50c4f6c783168178a

SHA256
6345279fcb0d69a5fc8b2a9eeb99f0961a9008cfee08d59304c1cc7525192e0d

SHA512
a92f6fbb51d03b49455b454346fd39b4e90b1360d29c4131404da67934330bd19d0f3a88868bb00ad2740df1605bc6573df00620b9964fc6c14933a640ad13e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b28019c5ac1cf94bb30d619ddb952a43

SHA1
3229efe1851b523e6e36d65c1c0b51169c02a39a

SHA256
b745946ee31d3ee96aaba32274cd9d4e9ef3336cdb492cca70c6bf050c218415

SHA512
499c5c1cbafa04acbecf17a976366fc8c3fb9b9236e1d46feb968d3d98af1c737589170cd2c2983022d8f9412e01d53c1be5580e82b89726e5506f2cc709c8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
885fc122a5b7c76469b329c14d81465d

SHA1
2305fc545815c2d5439f410ac8b771bc0a9bd45d

SHA256
d5fc04f324897c7f9e07360fbeda22b32663801d35d2bf506353bf841802a693

SHA512
fe327d637d4be7f87902e9d165c98a554f0017432ecab8ad8121c261be56935d3179b12e1e64aaec44666088d64efbd2c1686216b25ceb0d7795334a66a9172a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5afafb.TMP

Filesize
120B

MD5
0e5f4caf4d2252f18f2359ffaafd9f10

SHA1
c2ecfe949d928e13b50124b9337b70fce29c8ac0

SHA256
53e25fbd7daeecc76dd9883836e4af346eee5ba0b902a91bbc6de4c776b6b59c

SHA512
62d3054643205af791dcd4c116519591445ce9c426cf59bda08abbde7e92925caf5d334dc8543668e09917758386688064dde08d2505e45223d2e49a4a9482d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
079fe4e59842cdff7c3fd60b3e5bb508

SHA1
4abb966b1ba0adcf0e169fb73d9dc2e79d9f015a

SHA256
9a6c525ef90ba98bf24b5fbc1a5421eb32d3fe40391a2860dd1efbb636090364

SHA512
343da89df1a02e533350fcbe2e2e5fdbd4cd2ff61b5dba9117d5937a93d11ce48b7b59800323a8d4164de47e398578da4e80f564c3dbc05e773faeb796ab6a76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
92ef6b3e889f66b205768133fd055af7

SHA1
81810886b6cfb59e035372c44eaba8d13e8a8bfd

SHA256
ec607a99d89e44e74b2f4398a451cfa3bc36825133a89c74ed2fd1dca7d941f8

SHA512
6fc4f6f189ed363917636c01c7f7b6ecffab47aad6870ca2585f344c233c159feb7e647763a1c776138f279ad96bc123482f63ad7c88ef28b178e33ad4fd1442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
336B

MD5
c5d48ecb460f33dea9073fd64db5527a

SHA1
0b2243e307eb0fbe2d0ae33408255de23a5c348c

SHA256
522cdcff72b624c40d32a62604d1b5e304579854c65815d26f0f69b94e76d3cd

SHA512
17448451aff0c5ab2376ff8e153e33972e0a2b1080294c8acb35de9b7e991c744a325e0a581dffc48a5b9a600de4fbfeb51e4ba174fd4ad28c8e2d64034d3478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
54146d74bd03bb466679293fdbaa54ce

SHA1
3a4bc4dd9bbb33796f5c05a7ff639cd987a968ec

SHA256
cc6a8beecd04e450aaf6e1d59e8adeb38506ebf41b4cb77ba7c47fb153907df8

SHA512
b7a75d15c4dc2a7ff0dafa3bcdde0ba867670458d5eb87c761d05d985199c0c412f703c167db131dbc17c3b06abe2427fcb56529b307c98e343ad3a88c1be380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
336B

MD5
73872173f8b97a23e8fc4c1db00626b9

SHA1
b3ff1f114ac7bd34181632591344b33725291b24

SHA256
afb1b94ec6ecc3058c17ca1138913ded92a8c9aca59c16a10bc3d6584633a130

SHA512
1d647790b3b96a0fd73c5b41e5f5c5e305b3190fc909bc7194b0b3f623536cdca376489e32723f3ee9c586aade1e0f52b0eea05ac678f3264909a667e0b4dadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594f5e.TMP

Filesize
48B

MD5
66066a48ba994f0f47b35b8caf86815c

SHA1
96aef6df5d8cceb5d49ce4d03fae92724ec34fcd

SHA256
6945e442bdb8b8bbd98ac0965a9dc14762ff81f6f46b4d179b725da8f631abe2

SHA512
47ce8890c91b92744486e9d482ca3eb4bb765749db0816922880309e2c88643233d83d5773849c6c63d59a30219d92e07e44a27bebcdc08e26305312833f7878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
33b05e6ec5869b1e33fbcd4d69e35c27

SHA1
9777d0cacbca9fb6257a679b7c125224aba94bb5

SHA256
1dbcb3ec3ffffb8f16fe5382a0ba192537ff13acb9de5dbad549bbe6e9a400f5

SHA512
0aa5d7e0df2e6ffd52e151a9bd2d5578b5ca8517b95cdf7ba665daeabfac2c7bb8e2430b50e679d1c789b940cd0ce4439c01356325a707362f431e9506b62fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
0efbeaa356236e81662297c9e80711c1

SHA1
e606dda1a1037c0d9f42cd4c364e624c7eeef18b

SHA256
79b184f098860f57603082c281d4e5f7574eda98f269da0926d20bfcb30bf8dd

SHA512
0de752f5dc8aac798aef1e4d140f79b122adc39cf0f071fecf9fa3883eb97d882e760d5e7eec037eaf23a43ac1a0bf7f002ec067a99f95e9ff21aef7c2195094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
c323b73afd360afcc0204a5a53fb2a89

SHA1
c08aea954271f89801d6f1ca5a9b2d42a5c98a19

SHA256
81e88958aa7e26f6df86fc3a6ce3ddb862809b5ae6875d5d61ef2e5cfeb37584

SHA512
aec2f4700d1fa6712918cf2292524bfa65f98409480163394138571839b03d608cd47674911322e2312755a5c3ff77185b291e53d604967e91471ef33a89ac38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
1ee94bf8313db08d237c07dba3e2fc8b

SHA1
1d2414292cbf81fca4e2a6043f4f2c03e2636a5c

SHA256
8f5c53a53d3246a982f34453438069cfe743d63ff80845b9e56b92af856357a1

SHA512
1df264a8605d24eb92135207310089ab9b545601a07ce46d3228330099f355c35b38dd33401789295613cb863a7c91e138ce5002e54901c612872da5294e20fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
9e4e60d3cbb4bbddd14c01a0090db1e9

SHA1
24478dde616289d60750d27b27d02f0a0948a676

SHA256
1c89e961f26e063d1066bcbcd9623ea60aef72419e48925340ed29192878c616

SHA512
1bc093d9d40764563448822391f366152914851459b3190b9c484d67511f98f204f0abcf42a9ceac2ba1e873850072c3e329f3af2d89471674305f5cd3f3d347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
a5788d9cc3d212d0f9949036ea85b0b2

SHA1
ab7383ad5f78e41cf19606c0e1cea49e8e2dfa2d

SHA256
c584ada26c0ddf4b2b5bf6f4a364d61487d4f0a41e2d381886298c5d84954a00

SHA512
81807154d50d1676f2de6e819e494d00ff11418866d3afc5927ce2a2bc4f0f8d61cf21b9b541f418bf14c540ea25321fc686147a355256786d4b2f481edc609c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
6448bbbbe5cbb032beb03a83aa73dc6d

SHA1
30d6fdf9443ab6deda1bb0d3270da74ba1ed4d3e

SHA256
52678422a3bbb758a31dd6045dac8d0c09f72c764917c369a94a893104a0cec5

SHA512
63c9867d57336b866d9a6a497257fa034ad579055102789e928d82662ec478b116b364768a841fcdfbb1eb7296465d322bfdc456567089d4d2cee6bdb37daf47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
3b97fc9d162b2b591b49f491403eb195

SHA1
09bab7362e151cd400f3a77873e3e8d074ed73d5

SHA256
4a06372890a3fb89f552cc3f508a9efef934618eb88dd228c691aa81c8b71840

SHA512
7bdfe8f892131e5d23d0c6d4c7eafa000078859aa6973fb25e2f7878965583b1f81c0fc85cc2ebb9d6df4859e8358fa82b04ad0c2ec6a3d78439acd457fee6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
f8b71730e6a2b64aedb4162cda76771e

SHA1
2990ea826155703f6567206644747e1e68a2e399

SHA256
77b1a820c2ef3a0a31bd6ebe11dc45628c46bccf21f6edc7fdbd3eb5ee1ee909

SHA512
ae900fc9ea9c087b4ca50063caa935fea60a6ead419ac2a559878714bda018f43c1fee10b9ec85c056ad329a288170bcb3d0ef82f69a48d6887e16b10c522146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
650513cf296783ca7fc765798b83eb0d

SHA1
d71426227bdbe1a83064b92bf59b014fedd463a8

SHA256
acd67a16c368c321696102fcb502ff940bdb7faacea5fc480dd4136acc4c784e

SHA512
cd60472c7ec2cc1e3b2b3ac1f725ffe65aa64ac7e09ac1887779c85bf6d60749f1a5869de31c5ccf1b17e46c5ca762c9696231b08059afe0d3b518a7464ac659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5911b9.TMP

Filesize
100KB

MD5
4ac528b37d350699e4172f091719b647

SHA1
78afa94376abd8c2c1bb3a1e833cc65413fba11d

SHA256
41878474572a4ba4b4f3fb3e0e3f5e2ede44a8068978965ead538783ad4871e4

SHA512
a7ae8a374f0a2400f0b9ce5c8d5728516b60f1137f61a4e4039e34b086457a4bb204d85d9a0a3f7ffadef636f5f3a7e8d4bc4700671cf2a04a3b2191df1d691a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver8B24.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9E772AD1-510C-4064-A260-844634A362A0

Filesize
161KB

MD5
3f3170790867b0c4d78a6f593e34408d

SHA1
a5ad7027eca47762a4e487ba1c26fa8a4f0a1632

SHA256
127f3a26319c42253124520fb755cff7080c96b69ec30e7b511512158dbbbb91

SHA512
9188476731dbd4744202645499940336c1c482b14221c4cdda776618b50097dea8e9e8437a2807981ec93df36845f9a0f45dfe6633c0ea082cdd07f0d84c8a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
24KB

MD5
8665de22b67e46648a5a147c1ed296ca

SHA1
b289a96fee9fa77dd8e045ae8fd161debd376f48

SHA256
b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f

SHA512
bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
232B

MD5
108180e249c8432008439b2ffa242b51

SHA1
0c9ba61263d93bb1d9e39f1fa901a4cac60f40e9

SHA256
c012247ec022ea585f39e968b1cc694ac2cc71d7f396feb78c9fbb1500dfe986

SHA512
92839fa1f69c970f43dbe8c219af826dfe99ce7254eb62275a9c2ef2b25da50bd6e61109d65b74b341674cedf01c878df27b3a6a47e2e5d4ec37751d429ec53c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
233B

MD5
79a67786a293ae10b362b47eca9548ed

SHA1
cf7273e2ac0271ad551ce363922ac5c1d048228e

SHA256
4b35b068c8803736f2f2710092b64a67e3eb4952ca4feb035784a562baa946e0

SHA512
60863c48fba034c272519b555b2cd7063427aba3f69a477ff4f42ee662b5624d02564ab2207e836002677f47c63a89a57b3301e7a90d91747c8243b7c3472569

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
283B

MD5
a4e7d33a3c59fcadb745a3a5c1a71837

SHA1
195d8b74d129f2a9f85210b20f1bbc49e790db63

SHA256
794bee2679bb5f13ade113dd5d9eb71ff6de7f1699d9ef660d868ddc6c4c498e

SHA512
e629af25d425b08f3155f899c2f96924bf157923f3ddb0980b095bb20018e152bf98498bfecb7c240425107e0847dc50a98039ee3651dcc01276e8e15f66c49c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
253B

MD5
ff4cefda5bfc917db0f63142d1f7ca09

SHA1
43b86395e33291305c534040aad6c7bf9e4f171a

SHA256
2e54a03c1abafcf97728f763911b5677c2142f3129ec454b987753dfecf948fb

SHA512
f54b2fa3d44c5838c1ba2ac61e97ad8d76ed6c4105878b3e8a6842eff7ffc717ba6aeaf92f0f8a8558e9d34f763bd3ad4a9e21343d7652db4043fc0cb5a97fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
699091267d374e66aecd9550ba2c02ff

SHA1
13734a12e4befa5bb3613893cb98f5661d678871

SHA256
2e6c4f1c429cfca5683cffe5a86f8df4ba5f7197dfa3e48a1a81a71ca2788c0d

SHA512
3b593edb8b1de86819dcf3588b25ff90466aa8c191ab7df62db1160ec58e35c3138c6488e84eea65d95cbbb3b5255292e56ba2bb6c3418a487c3e77a33d1861e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
b76b0556362003dbc9029cb4639fd9b2

SHA1
6131f0aa821f726a713ed83916db4f8b7727ecda

SHA256
8b72545f28d4f882b4dabc61b1cb4290d62b4447423ee6bd54e3c1f48636572c

SHA512
606c1c61ce9682174ad6316def03b2af00a1b27452db1a32c6714c5e0843d8f2e59b33a1c50853c5a7de6135e9e5010b885dd80ce3603eb10286b7b1335c22ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
26157638b0c88e84e6814aaa89e0a706

SHA1
41aa777375265da2f0ccc18b06be2ff34e5299ab

SHA256
66317f65bcfcc78f35e8f441a662b8c59aab57250d148f502fa6a22635a6f155

SHA512
e0e50bace561ffd8d8101b0910abce79c3f1f1c7d9b6a5074b7ff38063fbfee17908476ccc88b038e3321199f14740d862b38da393700c92f33a600454dcceab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
272B

MD5
01dbb3e60a5b75d9f8d1b11360136b79

SHA1
faf41644e7b9a2b69ea658dc7d3f3fc452da2a4a

SHA256
3ab7eada600ff9a681cf6f4c7830fe1f20c590e3beb32641a5a5a71e74d6d00c

SHA512
708b17845c24fb4e1c65b4db6c1766736425c56d995528a91cc8f95e6a00e773f02862e53af47a26ef9cb67b84d5b3fa8382e1c7799fc9e53b486bd4b47c1e40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
acb98d3d4e718735b97cfa91dc502aeb

SHA1
169e52e36b0118c591b2c7c4566f7d24bb48a1fe

SHA256
d7f03e1c2f27c7dcae5c28ea3c52ddb1d5c8086870d28206e8afc039d6779ce5

SHA512
a8aa54bcc302f0e67fc2d856e540696259ef259dfc9ca8cf59a02a9552f86e004a251129ea53acd0109f6c6e10395003c884bf45a25424a93165b1b25b883227

Download Submit
C:\Users\Admin\Downloads\CompareRemove.vstx

Filesize
511KB

MD5
764b49a46634be3456651a2d2928dc3b

SHA1
6a148945b9fec11d1d932fcf2a7755843b13e994

SHA256
3d8990c17212fec6382382f25ef9edc1f0553353fdef7abd7db81c2600ace7e4

SHA512
15d5d0f27f89489144d7dfa4063f86194381509b0b24b01360885936552eae1b48fa9022b71064e22f064aefcfb8252822b6ec3f573055c640190feb8f6fa575

Download Submit
C:\Windows\Parameters.ini

Filesize
74B

MD5
6687785d6a31cdf9a5f80acb3abc459b

SHA1
1ddda26cc18189770eaaa4a9e78cc4abe4fe39c9

SHA256
3b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b

SHA512
5fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962

Download Submit
C:\Windows\System\explorer.exe

Filesize
2.6MB

MD5
04ee3e28b29b10340022de7107a3fbcf

SHA1
84f5c39671b11c3e72ac47245f759e95fc7fa0f8

SHA256
06ebfaaba90718de513a7549adefee93127dbf4a317dc2e7f82859f5d45d7560

SHA512
4c53b818cf9db4722b316b972b8e84018a30b1584c4d37a1bfa497ba06c2300c6022f2f222683a6a6c3d112597236da6860801273dcac764dd470ebfe98f3730

Download Submit
C:\Windows\System\spoolsv.exe

Filesize
2.6MB

MD5
5080e1e7c02ceb5d4585970693c90c12

SHA1
71a8308ef161f4005e6d2b5238cf5fbb9004591a

SHA256
6509f40abae51a409fd74c85109345725a0dd348a69b8b83aed12d9006a7a90f

SHA512
cb5bb3e22d3d308ac9411e6425c72a50349ff650de74a38a0571dc177933dceae9f77607db2913e34ff9c31ded64bebc730dd1f3f74b429bca7be513d5b8f94a

Download Submit
\??\pipe\crashpad_632_GTWJGZLEUKXMSLZU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1956-3969-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1956-3963-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1960-11228-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2748-6706-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2884-239-0x00007FFC53ED0000-0x00007FFC53EE0000-memory.dmp

Filesize
64KB

Download
memory/2884-238-0x00007FFC53ED0000-0x00007FFC53EE0000-memory.dmp

Filesize
64KB

Download
memory/2884-235-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/2884-234-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/2884-233-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/2884-232-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/2896-2458-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2896-2365-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2984-2096-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3108-2481-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3108-2562-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3116-168-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3116-190-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3116-171-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3856-647-0x00007FFC88240000-0x00007FFC88251000-memory.dmp

Filesize
68KB

Download
memory/3856-644-0x00007FFC79E60000-0x00007FFC7A116000-memory.dmp

Filesize
2.7MB

Download
memory/3856-661-0x00007FFC78320000-0x00007FFC78573000-memory.dmp

Filesize
2.3MB

Download
memory/3856-645-0x00007FFC89610000-0x00007FFC89628000-memory.dmp

Filesize
96KB

Download
memory/3856-642-0x00007FF7D1C50000-0x00007FF7D1D48000-memory.dmp

Filesize
992KB

Download
memory/3856-658-0x00007FFC87E10000-0x00007FFC87E21000-memory.dmp

Filesize
68KB

Download
memory/3856-655-0x00007FFC88140000-0x00007FFC88161000-memory.dmp

Filesize
132KB

Download
memory/3856-653-0x00007FFC78BA0000-0x00007FFC79C50000-memory.dmp

Filesize
16.7MB

Download
memory/3856-657-0x00007FFC87E30000-0x00007FFC87E41000-memory.dmp

Filesize
68KB

Download
memory/3856-656-0x00007FFC87E50000-0x00007FFC87E68000-memory.dmp

Filesize
96KB

Download
memory/3856-659-0x00007FFC873C0000-0x00007FFC873D1000-memory.dmp

Filesize
68KB

Download
memory/3856-654-0x00007FFC88170000-0x00007FFC881B1000-memory.dmp

Filesize
260KB

Download
memory/3856-648-0x00007FFC88220000-0x00007FFC88237000-memory.dmp

Filesize
92KB

Download
memory/3856-649-0x00007FFC88200000-0x00007FFC88211000-memory.dmp

Filesize
68KB

Download
memory/3856-651-0x00007FFC881C0000-0x00007FFC881D1000-memory.dmp

Filesize
68KB

Download
memory/3856-650-0x00007FFC881E0000-0x00007FFC881FD000-memory.dmp

Filesize
116KB

Download
memory/3856-660-0x00007FFC87090000-0x00007FFC870AB000-memory.dmp

Filesize
108KB

Download
memory/3856-646-0x00007FFC89110000-0x00007FFC89127000-memory.dmp

Filesize
92KB

Download
memory/3856-652-0x00007FFC79C50000-0x00007FFC79E5B000-memory.dmp

Filesize
2.0MB

Download
memory/3856-643-0x00007FFC88360000-0x00007FFC88394000-memory.dmp

Filesize
208KB

Download
memory/3900-2-0x0000000000407000-0x0000000000408000-memory.dmp

Filesize
4KB

Download
memory/4044-598-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/4044-665-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/4044-187-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/4192-2687-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4192-2700-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4372-537-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/4372-536-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/4372-539-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/4372-538-0x00007FFC572F0000-0x00007FFC57300000-memory.dmp

Filesize
64KB

Download
memory/4544-5171-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4632-2056-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4632-2068-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5044-176-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-5-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-4-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-6-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-3-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-7-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5044-38-0x0000000000400000-0x00000000005D3000-memory.dmp

Filesize
1.8MB

Download
memory/5308-2506-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5516-2503-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5808-2390-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/6408-4416-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/6408-4403-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/6468-2411-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/6664-2588-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/7996-6093-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/9188-2664-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/9276-9009-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/9328-3985-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/9988-10768-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/10308-1998-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/10308-1988-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/10356-1941-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/10356-1954-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11308-2261-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11308-2311-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11340-2395-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11360-2120-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11400-2573-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11480-2638-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11548-2158-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11560-2564-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11716-2446-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/11884-2298-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/12072-2327-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/12104-2343-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/12220-5701-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/12896-5772-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/14260-7805-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/14260-7823-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/15128-6165-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/16100-9365-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/16100-9392-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/16904-5257-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/17936-10911-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/18332-3897-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/18600-5357-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/18840-9121-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/19264-9222-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/19724-4240-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/20200-4300-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/20568-4538-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/20568-4521-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/20904-4559-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/22992-5198-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/23576-5479-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/25352-5957-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/25352-5943-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/26908-11352-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/27860-8820-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/28460-6627-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/28652-11405-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/28652-9094-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/28908-10556-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/28908-10547-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/29444-6974-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/30152-7105-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/30236-7268-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/30696-7140-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/31692-7644-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/31832-9104-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/31836-10011-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/31836-10025-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/32456-9060-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/33120-8250-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/33120-8266-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/34300-11131-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/35304-10950-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/35392-8765-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/35448-10166-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/35456-8693-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/35456-8711-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/38292-10146-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/38324-10192-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download