Analysis

  • max time kernel
    48s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 22:47

General

  • Target

    4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    4f7036c4e9f9908a8236e7d6b375cd5b

  • SHA1

    04763a9de555b49e6395402045bab7f65cf31e26

  • SHA256

    ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9

  • SHA512

    7dfa4356abc0639daf96be7893d071e97e1220117e0a42eab3406f789aafa03af653dc0d758fd26c5cc0fe9b2b9df18784625ae1a4d1f79a802ca5747fc547d2

  • SSDEEP

    24576:LRTtK4q3GZVHdl6BAiQ9DXaBNKBKlSY3BhC9zK1bcUiN36KLA4iKqdsveHM:LB9q3GZVH3YQ6jfvuK1YUicKk9+ves

Malware Config

Signatures

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 17 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Windows\SysWOW64\explorer.exe
      explorer C:\Users\Admin\AppData\Local\Temp\4f7036c4e9f9908a8236e7d6b375cd5b_JaffaCakes118
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3044
    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
      C:\Windows\system32\ADE119\E37CC5.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1244
      • C:\Windows\SysWOW64\explorer.exe
        explorer C:\Windows\SysWOW64\ADE119\E37CC5
        3⤵
          PID:2648
        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
          C:\Windows\system32\ADE119\E37CC5.EXE
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Writes to the Master Boot Record (MBR)
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Windows\SysWOW64\explorer.exe
            explorer C:\Windows\SysWOW64\ADE119\E37CC5
            4⤵
              PID:2584
            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
              C:\Windows\system32\ADE119\E37CC5.EXE
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Writes to the Master Boot Record (MBR)
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2776
              • C:\Windows\SysWOW64\explorer.exe
                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                5⤵
                • System Location Discovery: System Language Discovery
                PID:2716
              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                C:\Windows\system32\ADE119\E37CC5.EXE
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Writes to the Master Boot Record (MBR)
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:1976
                • C:\Windows\SysWOW64\explorer.exe
                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:2952
                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                  C:\Windows\system32\ADE119\E37CC5.EXE
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Writes to the Master Boot Record (MBR)
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:1980
                  • C:\Windows\SysWOW64\explorer.exe
                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                    7⤵
                      PID:2120
                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                      C:\Windows\system32\ADE119\E37CC5.EXE
                      7⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Writes to the Master Boot Record (MBR)
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:288
                      • C:\Windows\SysWOW64\explorer.exe
                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                        8⤵
                        • System Location Discovery: System Language Discovery
                        PID:1032
                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                        C:\Windows\system32\ADE119\E37CC5.EXE
                        8⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Writes to the Master Boot Record (MBR)
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:624
                        • C:\Windows\SysWOW64\explorer.exe
                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                          9⤵
                          • System Location Discovery: System Language Discovery
                          PID:2324
                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                          C:\Windows\system32\ADE119\E37CC5.EXE
                          9⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Writes to the Master Boot Record (MBR)
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of SetWindowsHookEx
                          PID:2148
                          • C:\Windows\SysWOW64\explorer.exe
                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                            10⤵
                              PID:772
                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                              C:\Windows\system32\ADE119\E37CC5.EXE
                              10⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Writes to the Master Boot Record (MBR)
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of SetWindowsHookEx
                              PID:1520
                              • C:\Windows\SysWOW64\explorer.exe
                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                11⤵
                                  PID:2156
                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                  11⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Writes to the Master Boot Record (MBR)
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2024
                                  • C:\Windows\SysWOW64\explorer.exe
                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                    12⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2640
                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                    12⤵
                                    • Executes dropped EXE
                                    • Writes to the Master Boot Record (MBR)
                                    • System Location Discovery: System Language Discovery
                                    PID:2824
                                    • C:\Windows\SysWOW64\explorer.exe
                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                      13⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2552
                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                      13⤵
                                      • Executes dropped EXE
                                      • Writes to the Master Boot Record (MBR)
                                      PID:1324
                                      • C:\Windows\SysWOW64\explorer.exe
                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                        14⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:2180
                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                        14⤵
                                        • Executes dropped EXE
                                        • Writes to the Master Boot Record (MBR)
                                        PID:1328
                                        • C:\Windows\SysWOW64\explorer.exe
                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                          15⤵
                                            PID:2876
                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                            15⤵
                                            • Executes dropped EXE
                                            • Writes to the Master Boot Record (MBR)
                                            PID:2944
                                            • C:\Windows\SysWOW64\explorer.exe
                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                              16⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:1580
                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                              16⤵
                                              • Executes dropped EXE
                                              • Writes to the Master Boot Record (MBR)
                                              PID:1244
                                              • C:\Windows\SysWOW64\explorer.exe
                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                17⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:2476
                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                17⤵
                                                • Executes dropped EXE
                                                • Writes to the Master Boot Record (MBR)
                                                PID:1032
                                                • C:\Windows\SysWOW64\explorer.exe
                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                  18⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2068
                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                  18⤵
                                                  • Executes dropped EXE
                                                  • Writes to the Master Boot Record (MBR)
                                                  PID:768
                                                  • C:\Windows\SysWOW64\explorer.exe
                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                    19⤵
                                                      PID:1868
                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                      19⤵
                                                      • Executes dropped EXE
                                                      • Writes to the Master Boot Record (MBR)
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1884
                                                      • C:\Windows\SysWOW64\explorer.exe
                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                        20⤵
                                                          PID:2968
                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                          20⤵
                                                          • Executes dropped EXE
                                                          • Writes to the Master Boot Record (MBR)
                                                          PID:2960
                                                          • C:\Windows\SysWOW64\explorer.exe
                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                            21⤵
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2928
                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                            21⤵
                                                            • Executes dropped EXE
                                                            • Writes to the Master Boot Record (MBR)
                                                            PID:1732
                                                            • C:\Windows\SysWOW64\explorer.exe
                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                              22⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2340
                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                              22⤵
                                                              • Executes dropped EXE
                                                              • Writes to the Master Boot Record (MBR)
                                                              PID:1944
                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                23⤵
                                                                  PID:1328
                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                  23⤵
                                                                  • Executes dropped EXE
                                                                  • Writes to the Master Boot Record (MBR)
                                                                  PID:2640
                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                    24⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:2296
                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                    24⤵
                                                                    • Executes dropped EXE
                                                                    • Writes to the Master Boot Record (MBR)
                                                                    PID:1644
                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                      25⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2664
                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                      25⤵
                                                                      • Executes dropped EXE
                                                                      • Writes to the Master Boot Record (MBR)
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:1868
                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                        26⤵
                                                                          PID:1716
                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                          26⤵
                                                                          • Executes dropped EXE
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:1324
                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                            27⤵
                                                                              PID:2664
                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                              27⤵
                                                                              • Executes dropped EXE
                                                                              • Writes to the Master Boot Record (MBR)
                                                                              PID:2432
                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                28⤵
                                                                                  PID:2876
                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                  28⤵
                                                                                  • Executes dropped EXE
                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                  PID:1644
                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                    29⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:3132
                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                    29⤵
                                                                                    • Executes dropped EXE
                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                    PID:3192
                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                      30⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:3304
                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                      30⤵
                                                                                      • Executes dropped EXE
                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:3344
                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                        31⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3436
                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                        31⤵
                                                                                        • Executes dropped EXE
                                                                                        • Writes to the Master Boot Record (MBR)
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3476
                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                          32⤵
                                                                                            PID:3556
                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                            32⤵
                                                                                            • Executes dropped EXE
                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:3608
                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                              33⤵
                                                                                                PID:3688
                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                33⤵
                                                                                                • Executes dropped EXE
                                                                                                • Writes to the Master Boot Record (MBR)
                                                                                                PID:3736
                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                  34⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:3844
                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                  34⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                  PID:3888
                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                    35⤵
                                                                                                      PID:3980
                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                      35⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                                      PID:4028
                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                        36⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:3128
                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                        36⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Writes to the Master Boot Record (MBR)
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:1540
                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                          37⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          PID:3352
                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                          37⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Writes to the Master Boot Record (MBR)
                                                                                                          PID:3308
                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                            38⤵
                                                                                                              PID:3460
                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                              38⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                              PID:1644
                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                39⤵
                                                                                                                  PID:3756
                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                  39⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:3688
                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                    40⤵
                                                                                                                      PID:3480
                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                      40⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:3088
                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                        41⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:3144
                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                        41⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Writes to the Master Boot Record (MBR)
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:3364
                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                          42⤵
                                                                                                                            PID:3888
                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                            42⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:2432
                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                              43⤵
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:3872
                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                              43⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                                              PID:4004
                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                44⤵
                                                                                                                                  PID:4052
                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                  44⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:2212
                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                    45⤵
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:3868
                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                    45⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:4036
                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                      46⤵
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:3440
                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                      46⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:3464
                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                        47⤵
                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                        PID:2960
                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                        47⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Writes to the Master Boot Record (MBR)
                                                                                                                                        PID:3984
                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                          48⤵
                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                          PID:4132
                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                          48⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Writes to the Master Boot Record (MBR)
                                                                                                                                          PID:4168
                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                            49⤵
                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                            PID:4244
                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                            49⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                                                                            PID:4284
                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                              50⤵
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:4372
                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                              50⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              PID:4416
                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                51⤵
                                                                                                                                                  PID:4484
                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                  51⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  PID:4520
                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                    52⤵
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    PID:4592
                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                    52⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                                                                                    PID:4632
                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                      53⤵
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:4708
                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                      53⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                                                                                      PID:4748
                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                        54⤵
                                                                                                                                                          PID:4836
                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                          54⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Writes to the Master Boot Record (MBR)
                                                                                                                                                          PID:4880
                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                            55⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:4968
                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                            55⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:5012
                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                              56⤵
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:5088
                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                              56⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                                                                              PID:4004
                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                57⤵
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                PID:4144
                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                57⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Writes to the Master Boot Record (MBR)
                                                                                                                                                                PID:4304
                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                  58⤵
                                                                                                                                                                    PID:4388
                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                    58⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:4544
                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                      59⤵
                                                                                                                                                                        PID:4600
                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                        59⤵
                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                        • Writes to the Master Boot Record (MBR)
                                                                                                                                                                        PID:4764
                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                          60⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:4932
                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                          60⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          PID:4636
                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                            61⤵
                                                                                                                                                                              PID:3964
                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                              61⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                                                                                              PID:4880
                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                62⤵
                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                PID:4172
                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                62⤵
                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                • Writes to the Master Boot Record (MBR)
                                                                                                                                                                                PID:4392
                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                  63⤵
                                                                                                                                                                                    PID:4900
                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                    63⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Writes to the Master Boot Record (MBR)
                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                    PID:4848
                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                      64⤵
                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                      PID:5012
                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                      64⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Writes to the Master Boot Record (MBR)
                                                                                                                                                                                      PID:4532
                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                        65⤵
                                                                                                                                                                                          PID:4768
                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                          65⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Writes to the Master Boot Record (MBR)
                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                          PID:4752
                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                            66⤵
                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                            PID:5148
                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                            66⤵
                                                                                                                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                                                                                                                            PID:5180
                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                              67⤵
                                                                                                                                                                                                PID:5264
                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                67⤵
                                                                                                                                                                                                  PID:5300
                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                    68⤵
                                                                                                                                                                                                      PID:5368
                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                      68⤵
                                                                                                                                                                                                        PID:5400
                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                          69⤵
                                                                                                                                                                                                            PID:5468
                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                            69⤵
                                                                                                                                                                                                              PID:5516
                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                70⤵
                                                                                                                                                                                                                  PID:5596
                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                  70⤵
                                                                                                                                                                                                                    PID:5628
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                      71⤵
                                                                                                                                                                                                                        PID:5708
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                        71⤵
                                                                                                                                                                                                                          PID:5744
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                            72⤵
                                                                                                                                                                                                                              PID:5812
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                              72⤵
                                                                                                                                                                                                                                PID:5844
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                  73⤵
                                                                                                                                                                                                                                    PID:5948
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                    73⤵
                                                                                                                                                                                                                                      PID:5980
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                        74⤵
                                                                                                                                                                                                                                          PID:6060
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                          74⤵
                                                                                                                                                                                                                                            PID:6100
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                              75⤵
                                                                                                                                                                                                                                                PID:4900
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                75⤵
                                                                                                                                                                                                                                                  PID:5244
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                    76⤵
                                                                                                                                                                                                                                                      PID:5288
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                      76⤵
                                                                                                                                                                                                                                                        PID:5332
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                          77⤵
                                                                                                                                                                                                                                                            PID:5180
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                            77⤵
                                                                                                                                                                                                                                                              PID:5304
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                78⤵
                                                                                                                                                                                                                                                                  PID:5784
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                  78⤵
                                                                                                                                                                                                                                                                    PID:5704
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                      79⤵
                                                                                                                                                                                                                                                                        PID:5632
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                        79⤵
                                                                                                                                                                                                                                                                          PID:5948
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                            80⤵
                                                                                                                                                                                                                                                                              PID:4532
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                              80⤵
                                                                                                                                                                                                                                                                                PID:4652
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                  81⤵
                                                                                                                                                                                                                                                                                    PID:5500
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                    81⤵
                                                                                                                                                                                                                                                                                      PID:5796
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                        82⤵
                                                                                                                                                                                                                                                                                          PID:6104
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                          82⤵
                                                                                                                                                                                                                                                                                            PID:5204
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                              83⤵
                                                                                                                                                                                                                                                                                                PID:6104
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                83⤵
                                                                                                                                                                                                                                                                                                  PID:6168
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                    84⤵
                                                                                                                                                                                                                                                                                                      PID:6248
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                      84⤵
                                                                                                                                                                                                                                                                                                        PID:6280
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                          85⤵
                                                                                                                                                                                                                                                                                                            PID:6368
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                            85⤵
                                                                                                                                                                                                                                                                                                              PID:6408
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                86⤵
                                                                                                                                                                                                                                                                                                                  PID:6500
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                  86⤵
                                                                                                                                                                                                                                                                                                                    PID:6540
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                      87⤵
                                                                                                                                                                                                                                                                                                                        PID:6624
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                        87⤵
                                                                                                                                                                                                                                                                                                                          PID:6664
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                            88⤵
                                                                                                                                                                                                                                                                                                                              PID:6748
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                              88⤵
                                                                                                                                                                                                                                                                                                                                PID:6796
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                  89⤵
                                                                                                                                                                                                                                                                                                                                    PID:6872
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                    89⤵
                                                                                                                                                                                                                                                                                                                                      PID:6920
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                        90⤵
                                                                                                                                                                                                                                                                                                                                          PID:7020
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                          90⤵
                                                                                                                                                                                                                                                                                                                                            PID:7060
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                              91⤵
                                                                                                                                                                                                                                                                                                                                                PID:7152
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                91⤵
                                                                                                                                                                                                                                                                                                                                                  PID:4652
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                    92⤵
                                                                                                                                                                                                                                                                                                                                                      PID:1988
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                      92⤵
                                                                                                                                                                                                                                                                                                                                                        PID:6416
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                          93⤵
                                                                                                                                                                                                                                                                                                                                                            PID:6480
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                            93⤵
                                                                                                                                                                                                                                                                                                                                                              PID:6556
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                94⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:6712
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                  94⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:6408
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                      95⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:6904
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                        95⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:6896
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                            96⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:6796
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                              96⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:6180
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                  97⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:6508
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                    97⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:6480
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                        98⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:6668
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                          98⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:2592
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                              99⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:6848
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                99⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:6508
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                    100⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:6556
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                      100⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:6816
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                          101⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:7236
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                            101⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:7280
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7352
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                  102⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7396
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                      103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7464
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                        103⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7500
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                            104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7576
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                              104⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7608
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                  105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7708
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                    105⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7748
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                        106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7824
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          106⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7856
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                              107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7944
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                107⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7976
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                    108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8052
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                      108⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8096
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                          109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8184
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                            109⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6668
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  110⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        111⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              112⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    113⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          114⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      116⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            117⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  118⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8380
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        119⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              120⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    121⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          122⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              123⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                123⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    124⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      124⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          125⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            125⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                126⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  126⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      127⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        127⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            128⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              128⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  129⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    129⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        130⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          130⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              131⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                131⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    132⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      132⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          133⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            133⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                134⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  134⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      135⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        135⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            136⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              136⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  137⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    137⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        138⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          138⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              139⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                139⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    140⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      140⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          explorer C:\Windows\SysWOW64\ADE119\E37CC5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          141⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1448
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\ADE119\E37CC5.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            141⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3276
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2864
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2668
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:1588
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2964
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2248
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:1564
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:268
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:800
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:1604
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:3000
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2644
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2880
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2936
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:2260
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                      PID:1608
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:1276
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        PID:2820
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:2652
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3016
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:1308
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3012
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        PID:2916
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:2452
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:1940
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:2172
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:784
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:2628
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3184
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3336
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3468
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        PID:3596
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3728
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                        PID:3880
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        PID:4040
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                        PID:3148
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                        PID:3324
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:3576
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                          PID:3720
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                          • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                          PID:4064
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:3736
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:3196
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:3200
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:3580
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:3204
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            PID:4052
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:3128
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            PID:4160
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:4276
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                            PID:4408
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:4512
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4624
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4740
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:4872
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:5004
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:3544
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:4296
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4536
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4732
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4960
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:4232
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                              PID:4372
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:4860
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:4396
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:4012
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:5192
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:5292
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:5392
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:5504
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:5620
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:5736
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:5836
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:5972
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:6092
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:5208
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:5416
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:5472
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:5712
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:5964
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:5452
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5992
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5316
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6160
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6272
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6400
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6532
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6656
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6788
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6912
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7052
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6156
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5732
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6548
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6672
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6908
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6224
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6172
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6940
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6560
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1424
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7272
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7388
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7492
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7600
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7832
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8484
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2832
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3668

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                212KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c8ee51a46296e396d4822f09eb9ed93f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                476c6f8176d910960698da7b5afe3c5e89f4fd98

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2e54f3fa93507f0e3a825d913c147bd646ccd8684eba788eca9cc795c56ecc9c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                bcfe1192e0397342b2bd462ccff78894286a4e4fc4275a1c91dceca91f318c5c0d48d7e6a3e55bf67216f7189750bd30201b75f5def5c742b2a21700df26f0fc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                316KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3bf9186e17b8bd593fd6f325b5b56df9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                473e42586cf6a6c7c82815f340e88db63cde3cd5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2dafd7252612582851c75c6ce6f0436c6013c23e313a22e22b6348d7d095e00c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                46f09b3623025d54ea0c474f4a881572ebaf3450d83dc0d7ef467e157e5bc6ecf507175244934e694670fefc7a6402969e5911d511bcc365e7912e834d0c4d76

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                180KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                726d6d25d017ed37e60d2b7fe73fefb2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b891331a0fe23d1dddd135e5329048a4890870ee

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2a3b8358245e618a0de8cc43e96f993f841238bfd49f72cb092e717b707c3bdc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ee6ceae7f438347c317a828834b23507740012604276e6a88159ad07c74822bad0621e2dc78160e04afecccd1e1b2b2e6d86d650ad6a36a858114a59be10df9d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e1adaec35e5e06073844b55ea8ed42e3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5d8097adc257207e9c3465c3de3d9cc7f3b73b7c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                56de11959e7b195cb17166b1cb62fdfcea8f02b0b54f17287e6722d03002dcb5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c9dcde2e326b18d322989fe3a181d272e42ddd287c475595a94badaa44a812ed10910983ee24cbbc8c761b81af082c5997c92d148474cdc70d5740ca450417e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • \Users\Admin\AppData\Local\Temp\E_4\com.run

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                264KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1efcd4efe04ec27a5d347cec716623f7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                50af11cd60a2a29ed3f70bb9eaff2a7373e77855

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                47d4cfb9858e3f2db6cfd8683a73064ab6a7717c6c54e9556ac06c15bd4d0b98

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                668e4457ac5fd250c80996f682b64820c1565e191d031c10bbb6c7909ac7870d644c4a7d4fde655cecee7dee205039ddd677faf437b77bdf77689494b6587c00

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • \Users\Admin\AppData\Local\Temp\E_4\dp1.fne

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                112KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2bea864617a808eb89b0cbe7a71c36d5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a7d25b584bfb97b596fb049d74ef1ecf36833dca

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7f8fe538d117f1a0822cf9ae3c0ec75ad0d2382e276ca4b5a3d1b9ae0c8846e3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                32befdd42623558f03622b1647122308da96a37127c5509fda763ad210bbaf668a3a2ed059aa220ea10d8b7f72107b6d15a8f22669e4e0a4c8adf6f637a4cc3d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • \Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d627c45ca4400f1f6b637316153006de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8577f00d70659febda48ea0d7de6de004e107f3a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                70fc9346af1a9063e632468838059532348db6f466e3b99c7f6985ba0eed3ba6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                fba654b3ae01fb85d64f1189dc9645074e1f3ce724b6104b10df6dff4f55fd381ccff90763e1628ebbc8e270e34247f7bf10490765ea6bafa6b4c37964b58874

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • \Users\Admin\AppData\Local\Temp\E_4\shell.fne

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                43cfb3234b1c5a3a992471cab87fd03b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                02875bcdcc9d29a063f2d6848839c9edba980498

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e05e9a3013cea90dfaae22792171dc0d4fe23a29dabc73d30569cfb1aec20d0d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                70459802c7de41b28e45a83ce4e0fa4155d781e8ea9606f2d7b5e18bf41d839bf5e9842b4ee02077a5928d086a572880dac0b844c551ac2453866ae9c90afdc5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • \Windows\SysWOW64\ADE119\E37CC5.EXE

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4f7036c4e9f9908a8236e7d6b375cd5b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                04763a9de555b49e6395402045bab7f65cf31e26

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ddb527fa24d05933be035b41451bff51537281ba5d014c1c1fbe98d82bd40da9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7dfa4356abc0639daf96be7893d071e97e1220117e0a42eab3406f789aafa03af653dc0d758fd26c5cc0fe9b2b9df18784625ae1a4d1f79a802ca5747fc547d2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-151-0x0000000000370000-0x0000000000381000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-155-0x0000000001F30000-0x0000000001F6E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-223-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-222-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-143-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-149-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/288-152-0x00000000003C0000-0x00000000003DE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-14-0x0000000000290000-0x00000000002DB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-30-0x0000000001DA0000-0x0000000001DDE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-0-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-140-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-29-0x0000000001DA0000-0x0000000001DDE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-20-0x00000000005F0000-0x000000000060E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-17-0x00000000005D0000-0x00000000005E1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-11-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/352-139-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-162-0x00000000003E0000-0x00000000003F1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-156-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-166-0x0000000000860000-0x000000000089E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-225-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-224-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-167-0x0000000000860000-0x000000000089E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-163-0x0000000000840000-0x000000000085E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/624-161-0x00000000005D0000-0x000000000061B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-46-0x0000000000230000-0x000000000027B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-154-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-45-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-52-0x00000000003A0000-0x00000000003BE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-51-0x0000000000380000-0x0000000000391000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-56-0x0000000000440000-0x000000000047E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1244-153-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1324-228-0x00000000005D0000-0x000000000060E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1324-226-0x00000000003C0000-0x00000000003D1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1324-227-0x00000000003E0000-0x00000000003FE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1324-221-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1324-216-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1328-236-0x0000000000490000-0x00000000004AE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1328-235-0x0000000000470000-0x0000000000481000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-184-0x00000000003B0000-0x00000000003C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-194-0x0000000000540000-0x000000000057E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-238-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-237-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-185-0x00000000003D0000-0x00000000003EE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1520-189-0x0000000000540000-0x000000000057E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-112-0x0000000000530000-0x000000000057B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-187-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-120-0x0000000002010000-0x000000000204E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-116-0x0000000001EE0000-0x0000000001EFE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-121-0x0000000002010000-0x000000000204E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-115-0x0000000000590000-0x00000000005A1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1976-188-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-141-0x0000000001E40000-0x0000000001E7E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-209-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-210-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-123-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-142-0x0000000001E40000-0x0000000001E7E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-134-0x0000000000220000-0x000000000026B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-138-0x0000000000460000-0x000000000047E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1980-137-0x0000000000440000-0x0000000000451000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-199-0x0000000000350000-0x000000000036E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-198-0x0000000000330000-0x0000000000341000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-200-0x0000000001E20000-0x0000000001E5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-201-0x0000000001E20000-0x0000000001E5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-196-0x00000000002A0000-0x00000000002EB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2024-195-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-233-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-173-0x0000000000540000-0x0000000000551000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-172-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-174-0x0000000000560000-0x000000000057E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-234-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-179-0x0000000001DC0000-0x0000000001DFE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2148-178-0x0000000001DC0000-0x0000000001DFE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-68-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-74-0x0000000000310000-0x000000000032E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-58-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-165-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-164-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-79-0x00000000003B0000-0x00000000003EE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-73-0x00000000002F0000-0x0000000000301000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2752-71-0x0000000000220000-0x000000000026B000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-89-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-101-0x0000000001E20000-0x0000000001E5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-175-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-100-0x0000000001E20000-0x0000000001E5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-93-0x0000000000290000-0x00000000002DB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-95-0x0000000000310000-0x0000000000321000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-96-0x0000000000330000-0x000000000034E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-176-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2776-90-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-212-0x0000000001F80000-0x0000000001F9E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-211-0x0000000000730000-0x0000000000741000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                68KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-208-0x00000000003A0000-0x00000000003EB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                300KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-206-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-207-0x0000000010000000-0x000000001011C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-213-0x0000000001FB0000-0x0000000001FEE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2824-214-0x0000000001FB0000-0x0000000001FEE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2864-53-0x0000000003AE0000-0x0000000003AF0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                64KB