f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aa

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
Size

299KB
MD5

cb9f01bf2c87d420400d81b50ef2ef10
SHA1

6696f4617d5c7b21f79c818955c265ac85524877
SHA256

f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aa
SHA512

18d814e022a7670e8e0891d8ac7150d1c5e6ab3cd89c624147dc31c08437a062ceb4d314344c6628e2966e79d00340946b3a89a89047b132eeba0034e5ab6dbd
SSDEEP

6144:L+k5XLaJbcplKJmxOYO3rLPFE2NJOdK/wmj:t+JbMJqfFE27P9j

Score

10^/10

discovery evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
3128	explorer.exe
4544	explorer.exe
3604	explorer.exe
3208	spoolsv.exe
2496	spoolsv.exe
3696	spoolsv.exe
4852	spoolsv.exe
220	spoolsv.exe
4560	explorer.exe
1456	explorer.exe
2952	explorer.exe
4580	spoolsv.exe
3264	spoolsv.exe
3080	spoolsv.exe
3436	spoolsv.exe
372	spoolsv.exe
2736	spoolsv.exe
1368	explorer.exe
1904	explorer.exe
960	explorer.exe
3752	spoolsv.exe
2676	spoolsv.exe
812	spoolsv.exe
2264	spoolsv.exe
456	spoolsv.exe
628	explorer.exe
4732	explorer.exe
3472	explorer.exe
3892	spoolsv.exe
4420	spoolsv.exe
4268	spoolsv.exe
8	spoolsv.exe
2232	spoolsv.exe
3996	spoolsv.exe
2380	explorer.exe
824	explorer.exe
440	explorer.exe
3588	explorer.exe
4476	explorer.exe
4664	explorer.exe
60	explorer.exe
4184	spoolsv.exe
2628	spoolsv.exe
2476	spoolsv.exe
2840	spoolsv.exe
1900	spoolsv.exe
3240	spoolsv.exe
1076	explorer.exe
5092	explorer.exe
468	explorer.exe
540	spoolsv.exe
1640	spoolsv.exe
4124	spoolsv.exe
2940	spoolsv.exe
4964	spoolsv.exe
2144	spoolsv.exe
1516	explorer.exe
3120	explorer.exe
4048	explorer.exe
4272	spoolsv.exe
5000	spoolsv.exe
4740	spoolsv.exe
64	spoolsv.exe
4720	spoolsv.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 4412 set thread context of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 3128 set thread context of 3604	3128	explorer.exe	86
PID 3208 set thread context of 220	3208	spoolsv.exe	91
PID 4560 set thread context of 2952	4560	explorer.exe	94
PID 4580 set thread context of 3080	4580	spoolsv.exe	97
PID 3436 set thread context of 2736	3436	spoolsv.exe	102
PID 1368 set thread context of 960	1368	explorer.exe	105
PID 3752 set thread context of 456	3752	spoolsv.exe	111
PID 628 set thread context of 3472	628	explorer.exe	115
PID 3892 set thread context of 4268	3892	spoolsv.exe	118
PID 8 set thread context of 3996	8	spoolsv.exe	121
PID 2380 set thread context of 60	2380	explorer.exe	128
PID 4184 set thread context of 2476	4184	spoolsv.exe	131
PID 2840 set thread context of 3240	2840	spoolsv.exe	134
PID 1076 set thread context of 468	1076	explorer.exe	137
PID 540 set thread context of 4124	540	spoolsv.exe	140
PID 2940 set thread context of 2144	2940	spoolsv.exe	144
PID 1516 set thread context of 4048	1516	explorer.exe	147
PID 4272 set thread context of 4740	4272	spoolsv.exe	150
PID 64 set thread context of 1416	64	spoolsv.exe	153
PID 4172 set thread context of 5048	4172	explorer.exe	156
PID 2824 set thread context of 3732	2824	spoolsv.exe	159
PID 4856 set thread context of 3872	4856	spoolsv.exe	162
PID 3204 set thread context of 4612	3204	explorer.exe	167
PID 2084 set thread context of 2496	2084	spoolsv.exe	170
PID 3492 set thread context of 3980	3492	spoolsv.exe	175
PID 1716 set thread context of 1436	1716	explorer.exe	180
PID 1904 set thread context of 2320	1904	spoolsv.exe	183
PID 1196 set thread context of 4732	1196	spoolsv.exe	190
PID 432 set thread context of 4268	432	explorer.exe	195
PID 4520 set thread context of 2632	4520	spoolsv.exe	200
PID 4712 set thread context of 2908	4712	explorer.exe	203
PID 4492 set thread context of 8	4492	spoolsv.exe	208
PID 1620 set thread context of 1020	1620	spoolsv.exe	211
PID 3280 set thread context of 1848	3280	explorer.exe	214
PID 4364 set thread context of 2288	4364	spoolsv.exe	219
PID 3232 set thread context of 760	3232	spoolsv.exe	222
PID 1952 set thread context of 2940	1952	explorer.exe	235
PID 4272 set thread context of 3212	4272	spoolsv.exe	238
PID 3840 set thread context of 1124	3840	spoolsv.exe	245
PID 4248 set thread context of 3184	4248	explorer.exe	248
PID 4752 set thread context of 1688	4752	spoolsv.exe	251
PID 1960 set thread context of 4020	1960	spoolsv.exe	254
PID 3728 set thread context of 4068	3728	explorer.exe	257
PID 4488 set thread context of 3300	4488	spoolsv.exe	260
PID 3092 set thread context of 2912	3092	explorer.exe	265
PID 4296 set thread context of 2320	4296	spoolsv.exe	268
PID 3404 set thread context of 1608	3404	spoolsv.exe	271
PID 4592 set thread context of 2208	4592	explorer.exe	274
PID 1760 set thread context of 816	1760	spoolsv.exe	279
PID 2040 set thread context of 2228	2040	explorer.exe	288
PID 4664 set thread context of 60	4664	spoolsv.exe	291
PID 1868 set thread context of 1744	1868	spoolsv.exe	294
PID 3312 set thread context of 1864	3312	explorer.exe	297
PID 3608 set thread context of 1628	3608	spoolsv.exe	302
PID 1620 set thread context of 716	1620	explorer.exe	305
PID 692 set thread context of 4008	692	spoolsv.exe	308
PID 3740 set thread context of 4056	3740	spoolsv.exe	313
PID 4048 set thread context of 1776	4048	explorer.exe	318
PID 5096 set thread context of 4348	5096	spoolsv.exe	321
PID 4688 set thread context of 4692	4688	spoolsv.exe	324
PID 2624 set thread context of 2824	2624	explorer.exe	327
PID 1356 set thread context of 4244	1356	spoolsv.exe	330
PID 3088 set thread context of 100	3088	spoolsv.exe	333

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
3128	explorer.exe
3128	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe
3604	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3604	explorer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
3604	explorer.exe
3604	explorer.exe
220	spoolsv.exe
220	spoolsv.exe
2952	explorer.exe
2952	explorer.exe
3080	spoolsv.exe
3080	spoolsv.exe
2736	spoolsv.exe
2736	spoolsv.exe
960	explorer.exe
960	explorer.exe
456	spoolsv.exe
456	spoolsv.exe
3472	explorer.exe
3472	explorer.exe
4268	spoolsv.exe
4268	spoolsv.exe
3996	spoolsv.exe
3996	spoolsv.exe
60	explorer.exe
60	explorer.exe
2476	spoolsv.exe
2476	spoolsv.exe
3240	spoolsv.exe
3240	spoolsv.exe
468	explorer.exe
468	explorer.exe
4124	spoolsv.exe
4124	spoolsv.exe
2144	spoolsv.exe
2144	spoolsv.exe
4048	explorer.exe
4048	explorer.exe
4740	spoolsv.exe
4740	spoolsv.exe
1416	spoolsv.exe
1416	spoolsv.exe
5048	explorer.exe
5048	explorer.exe
3732	spoolsv.exe
3732	spoolsv.exe
3872	spoolsv.exe
3872	spoolsv.exe
4612	explorer.exe
4612	explorer.exe
2496	spoolsv.exe
2496	spoolsv.exe
3980	spoolsv.exe
3980	spoolsv.exe
1436	explorer.exe
1436	explorer.exe
2320	spoolsv.exe
2320	spoolsv.exe
4732	spoolsv.exe
4732	spoolsv.exe
4268	explorer.exe
4268	explorer.exe
2632	spoolsv.exe
2632	spoolsv.exe
2908	explorer.exe
2908	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 4248	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	82
PID 4412 wrote to memory of 4248	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	82
PID 4412 wrote to memory of 4248	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	82
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 4312 wrote to memory of 3128	4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	84
PID 4312 wrote to memory of 3128	4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	84
PID 4312 wrote to memory of 3128	4312	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	84
PID 4412 wrote to memory of 4312	4412	NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe	83
PID 3128 wrote to memory of 4544	3128	explorer.exe	85
PID 3128 wrote to memory of 4544	3128	explorer.exe	85
PID 3128 wrote to memory of 4544	3128	explorer.exe	85
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 3604 wrote to memory of 3208	3604	explorer.exe	87
PID 3604 wrote to memory of 3208	3604	explorer.exe	87
PID 3604 wrote to memory of 3208	3604	explorer.exe	87
PID 3208 wrote to memory of 2496	3208	spoolsv.exe	88
PID 3208 wrote to memory of 2496	3208	spoolsv.exe	88
PID 3208 wrote to memory of 2496	3208	spoolsv.exe	88
PID 3208 wrote to memory of 3696	3208	spoolsv.exe	89
PID 3208 wrote to memory of 3696	3208	spoolsv.exe	89
PID 3208 wrote to memory of 3696	3208	spoolsv.exe	89
PID 3208 wrote to memory of 4852	3208	spoolsv.exe	90
PID 3208 wrote to memory of 4852	3208	spoolsv.exe	90
PID 3208 wrote to memory of 4852	3208	spoolsv.exe	90
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3208 wrote to memory of 220	3208	spoolsv.exe	91
PID 3128 wrote to memory of 3604	3128	explorer.exe	86
PID 220 wrote to memory of 4560	220	spoolsv.exe	92
PID 220 wrote to memory of 4560	220	spoolsv.exe	92
PID 220 wrote to memory of 4560	220	spoolsv.exe	92
PID 4560 wrote to memory of 1456	4560	explorer.exe	93
PID 4560 wrote to memory of 1456	4560	explorer.exe	93

C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
"C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
  C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
  2⤵
  PID:4248
- C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
  C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f067799255c37ab7b542d0e047e642aa8d5045026fae8d9b2661f5d9c8f3a1aaN.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4312
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3128
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Executes dropped EXE
      PID:4544
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Modifies visiblity of hidden/system files in Explorer
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3604
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3696
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4852
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:220
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4560
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:1456
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4580
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:372
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1368
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:1904
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3752
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:812
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2676
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4420
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4268
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:8
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3996
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2380
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:440
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:3588
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4476
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4664
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4184
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2476
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:2840
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:1900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3240
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1076
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:5092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:540
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:1640
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1516
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:3120
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4048
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:4272
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:5000
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:64
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4720
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4172
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1928
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5048
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2824
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3732
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3708
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3872
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3204
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3776
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4884
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4612
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2496
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3492
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3980
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:1716
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2912
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:372
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1436
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1196
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4592
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2312
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3968
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2328
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:432
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5024
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4420
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4268
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1888
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4712
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4460
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2908
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4492
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4780
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3180
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:8
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1620
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3280
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4380
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1848
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:4364
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1880
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2288
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:772
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:1952
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4056
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1896
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4132
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4524
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3952
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5088
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4716
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4972
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2940
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4272
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3212
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:3840
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2004
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3672
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1636
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1124
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4428
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3184
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4752
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3768
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4020
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3728
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:552
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4068
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4488
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5112
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3300
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:372
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4296
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3404
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4680
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1608
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4592
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2208
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1196
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4144
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:816
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2040
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3844
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3316
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2916
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4944
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2444
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3792
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:368
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2228
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:60
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1868
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3104
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3312
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3056
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1864
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3608
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4832
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:1620
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1700
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:716
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:692
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1292
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4008
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3156
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4056
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4048
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2880
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2324
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1776
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:5096
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5048
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4348
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:4688
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4692
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2624
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2824
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1356
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4244
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3088
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4612
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:552
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2052
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3548
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2692
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4032
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2384
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3524
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1400
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5100
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4580
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4296
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3928
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4476
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2352
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1612
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2592
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3420
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2468
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1088
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4528
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2908
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4492
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3180
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2900
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1092
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3056
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1848
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1868
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4500
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4832
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4424
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3396
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2388
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:692
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3688
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2940
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3656
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5028
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3840
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2004
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3672
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1928
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3612
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3696
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4204
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4012
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4620
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1584
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:224
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5112
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:812
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:372
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1872
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:464
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3892
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4812
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3392
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3600
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4476
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2860
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4460
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:368
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2908
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2680
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3784
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5092
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4616
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5000
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3616
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4832
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3260
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4416
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4936
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4260
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:804
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2324
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1636
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3724
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3824
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4428
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3768
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4696
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3184
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2156
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4752
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4412
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2220
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2692
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4032
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4384
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5112
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3472
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2804
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3468
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3424
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:624
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4792
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2384
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4144
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2468
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4900
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1256
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1588
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4476
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3972
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4300
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4944
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5092
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1152
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3404
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:716
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4276
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2392
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5036
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3120
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4716
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2880
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3232
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1636
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2336
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4720
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4572
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:640
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3768
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4372
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:400
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3548
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5068
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1436
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2236
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3228
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1924
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5112
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3088
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3524
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1888
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3080
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3140
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1304
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1644
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3596
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1452
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3588
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2208
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4488
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4144
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2860
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4460
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3564
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3784
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4476
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4616
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2432
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4124
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3200
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1088
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3904
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3404
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1640
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3820
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:540
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3992
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3056
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2160
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4008
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5072
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:772
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3480
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2544
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2880
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2676
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4992
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3612
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3724
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4260
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2532
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4688
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4620
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4392
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2012
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4496
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:400
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3968
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3748
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1888
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4760
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3424
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1304
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2444
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4780
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2712
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3180
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3736
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:824
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4804
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1948
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1864
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2432
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1164
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5092
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:896
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4972
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:632
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2944
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1104
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4524
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1292
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2880
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:212
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3824
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4720
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:5032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1776
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4620
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3696
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5104
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2968
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2692
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2012
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3680
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1612
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4820
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2700
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3472
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:936
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2080
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:372
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1452
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2148
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2008
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1680
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:60
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4896
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4268
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2240
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1868
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4616
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4288
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2680
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1088
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:692
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1052
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1336
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4972
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2428
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5036
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4416
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5048
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2412
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:212
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2532
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4272
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1032
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3696
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2496
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:428
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2604
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1400
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2416
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1612
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2804
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4820
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4756
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1196
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2700
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3328
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3520
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4528
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2228
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4460
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1880
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:896
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5000
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5088
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4052
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4288
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3732
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4764
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4348
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4972
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4908
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5048
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3212
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3308
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4620
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:208
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:212
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1584
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4856
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1980
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5112
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4420
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4572
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4040
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4452
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3664
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4596
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1028
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3172
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1452
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3460
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1364
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3564
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2312
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4528
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:468
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4616
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2548
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3144
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2368
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4132
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:632
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3244
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3260
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5028
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2336
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:772
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4720
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5060
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2880
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3696
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2412
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4408
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2864
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:656
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4024
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1428
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1612
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4452
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3664
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4488
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2700
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1588
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4884
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4508
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:8
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1256
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3844
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1880
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2320
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4124
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4256
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3512
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4268
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4616
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4516
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4104
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1068
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4060
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4764
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:712
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3572
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4288
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5092
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5096
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1640
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4740
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1928
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:208
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4392
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4936
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:428
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4680
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:552
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3812
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:656
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1888
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:448
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1644
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1428
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4696
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4452
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1560
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2080
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2052
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3504
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:644
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1196
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2804
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:440
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4756
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2148
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3424
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2840
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1868
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1736
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:536
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3404
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3460
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4460
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5040
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2392
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2288
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3512
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2756
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3520
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1336
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2072
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4776
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1356
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4492
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3684
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3992
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3820
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4272
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4992
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1696
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:884
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:32
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4260
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3004
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2864
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1980
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3936
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3812
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1888
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2272
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2244
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4456
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2352
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3524
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3504
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3588
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3172
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4044
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1700
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:896
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1036
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3028
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3608
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:8
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1764
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4268
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4300
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5072
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2756
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2060
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4376
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3792
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3404
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4736
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1504
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3244
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1152
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2548
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3992
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4796
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4748
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1792
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2252
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1032
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2720
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:212
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4936
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4812
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2216
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2660
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1920
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:552
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3936
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2052
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1304
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1680
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2804
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4468
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4420
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1452
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4756
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1868
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3736
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3172
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:716
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2152
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3028
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4428
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4380
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3392
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2680
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4516
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2228
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4104
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3492
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4268
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4288
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3252
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3840
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:556
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2384
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3572
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5060
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4360
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4416
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4524
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4260
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1928
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2720
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3308
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:756
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3680
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4796
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4684
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:656
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3720
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2660
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3004
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3488
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4604
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2444
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2804
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4892
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2052
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1256
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4124
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4984
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Resources\Themes\explorer.exe

Filesize
299KB

MD5
6626119625b28e6e5452a691b53f413b

SHA1
682558cf1419bae2ccc8db033afc6a983c4e184e

SHA256
32d9190c977cda8db55d2be8f971314c82a168448b41a53f437cbda89db79e3a

SHA512
573f7120ae2f10bb5b0a902d1399ff122f10f89f802735e7beb835df6205afebffbc69a7afa44ef5e5711d58cb016db8deaba4d8fe4b16e42fb56385841e40c2

Download Submit
C:\Windows\Resources\spoolsv.exe

Filesize
299KB

MD5
3dd44f1838e8faa0905ca070909ef2f5

SHA1
65fd1f78b24652c62a3ed0fdb4a4dd51b6552383

SHA256
41d12d53e6503b188f1e0d47c5e69fa3af632ebbb07159aedb94f5f3cc97817d

SHA512
f5baf2489a45e8425f7c97e9e23ed06a18368e7b9652eb86cd6eaf0ec0e71f0af8ee07072bc8719bf80b1396e6a31eff688a4a0cbc819838e50eba1e0c51b113

Download Submit
memory/4312-1-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4312-3-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4412-0-0x00000000009E0000-0x00000000009E5000-memory.dmp

Filesize
20KB

Download