68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8

Analysis

max time kernel
120s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
Size

299KB
MD5

054bc9652646ab416089132dab3972c0
SHA1

aaa19f65ee197db813429241924cf09097f93c63
SHA256

68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8
SHA512

1f2b90e37fb26ce2200e86c58ca0a2ac7d48ff92e70e4ab01d46f17594fa548e7d0218dcbb05d8a3b19dff7f6e3e7e037348f83108ad80906e4dd9de668455d9
SSDEEP

6144:L+k5XLaJbcplKJmxOYO3rLPFE2NJOdK/wmp:t+JbMJqfFE27P9p

Score

10^/10

discovery evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe

Executes dropped EXE 64 IoCs

pid	Process
2112	explorer.exe
1772	explorer.exe
5092	explorer.exe
3228	explorer.exe
3532	explorer.exe
4632	spoolsv.exe
2648	spoolsv.exe
220	spoolsv.exe
436	explorer.exe
5048	explorer.exe
2584	explorer.exe
2748	explorer.exe
2340	explorer.exe
4512	spoolsv.exe
4808	spoolsv.exe
3196	spoolsv.exe
3828	explorer.exe
508	spoolsv.exe
4948	explorer.exe
4192	explorer.exe
1548	explorer.exe
3092	explorer.exe
3824	spoolsv.exe
2996	spoolsv.exe
2400	spoolsv.exe
1800	spoolsv.exe
2928	spoolsv.exe
4200	spoolsv.exe
3444	spoolsv.exe
4480	spoolsv.exe
4504	spoolsv.exe
4052	explorer.exe
3724	spoolsv.exe
2856	explorer.exe
3644	explorer.exe
2876	spoolsv.exe
1252	spoolsv.exe
116	spoolsv.exe
224	spoolsv.exe
3944	spoolsv.exe
808	spoolsv.exe
364	spoolsv.exe
1256	spoolsv.exe
1644	spoolsv.exe
1176	spoolsv.exe
3492	explorer.exe
4880	spoolsv.exe
4600	explorer.exe
408	explorer.exe
3084	spoolsv.exe
4700	spoolsv.exe
832	spoolsv.exe
5048	spoolsv.exe
3268	spoolsv.exe
4800	explorer.exe
4168	spoolsv.exe
4492	explorer.exe
3892	explorer.exe
2892	spoolsv.exe
1524	spoolsv.exe
3488	spoolsv.exe
3092	spoolsv.exe
3204	spoolsv.exe
4472	spoolsv.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2252 set thread context of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2112 set thread context of 3532	2112	explorer.exe	93
PID 4632 set thread context of 220	4632	spoolsv.exe	96
PID 436 set thread context of 2748	436	explorer.exe	101
PID 4512 set thread context of 3196	4512	spoolsv.exe	104
PID 3828 set thread context of 3092	3828	explorer.exe	110
PID 508 set thread context of 2996	508	spoolsv.exe	112
PID 2400 set thread context of 4504	2400	spoolsv.exe	119
PID 4052 set thread context of 3644	4052	explorer.exe	125
PID 3724 set thread context of 1252	3724	spoolsv.exe	127
PID 116 set thread context of 364	116	spoolsv.exe	133
PID 1256 set thread context of 1176	1256	spoolsv.exe	140
PID 3492 set thread context of 408	3492	explorer.exe	144
PID 4880 set thread context of 4700	4880	spoolsv.exe	146
PID 832 set thread context of 3268	832	spoolsv.exe	149
PID 4800 set thread context of 3892	4800	explorer.exe	153
PID 4168 set thread context of 3092	4168	spoolsv.exe	157
PID 3204 set thread context of 2772	3204	spoolsv.exe	161
PID 4728 set thread context of 3856	4728	explorer.exe	169
PID 1416 set thread context of 2908	1416	spoolsv.exe	171
PID 916 set thread context of 3644	916	spoolsv.exe	178
PID 2260 set thread context of 1360	2260	explorer.exe	182
PID 4976 set thread context of 1744	4976	spoolsv.exe	184
PID 2992 set thread context of 5004	2992	spoolsv.exe	187
PID 940 set thread context of 1712	940	explorer.exe	199
PID 1196 set thread context of 5048	1196	spoolsv.exe	202
PID 2712 set thread context of 3824	2712	spoolsv.exe	207
PID 4492 set thread context of 832	4492	explorer.exe	210
PID 3092 set thread context of 3460	3092	spoolsv.exe	215
PID 384 set thread context of 2500	384	explorer.exe	218
PID 1784 set thread context of 4484	1784	spoolsv.exe	223
PID 2284 set thread context of 4292	2284	explorer.exe	227
PID 3124 set thread context of 4408	3124	spoolsv.exe	231
PID 4496 set thread context of 2728	4496	spoolsv.exe	234
PID 4976 set thread context of 2976	4976	explorer.exe	237
PID 2320 set thread context of 2844	2320	spoolsv.exe	240
PID 4656 set thread context of 3220	4656	spoolsv.exe	245
PID 2268 set thread context of 4928	2268	explorer.exe	248
PID 3008 set thread context of 3288	3008	spoolsv.exe	251
PID 796 set thread context of 3164	796	explorer.exe	254
PID 4576 set thread context of 1684	4576	spoolsv.exe	259
PID 3480 set thread context of 3860	3480	spoolsv.exe	264
PID 4276 set thread context of 316	4276	explorer.exe	267
PID 2516 set thread context of 2840	2516	spoolsv.exe	270
PID 4480 set thread context of 2132	4480	spoolsv.exe	275
PID 2908 set thread context of 4100	2908	explorer.exe	278
PID 1484 set thread context of 1272	1484	spoolsv.exe	283
PID 4816 set thread context of 4668	4816	spoolsv.exe	286
PID 1360 set thread context of 1708	1360	explorer.exe	289
PID 3424 set thread context of 3724	3424	spoolsv.exe	294
PID 2320 set thread context of 2428	2320	spoolsv.exe	297
PID 5084 set thread context of 408	5084	explorer.exe	302
PID 4884 set thread context of 1796	4884	spoolsv.exe	305
PID 864 set thread context of 4444	864	spoolsv.exe	308
PID 2584 set thread context of 1520	2584	explorer.exe	312
PID 3604 set thread context of 4320	3604	spoolsv.exe	314
PID 2872 set thread context of 3444	2872	spoolsv.exe	317
PID 2988 set thread context of 3480	2988	explorer.exe	324
PID 2840 set thread context of 3088	2840	spoolsv.exe	327
PID 944 set thread context of 2612	944	spoolsv.exe	330
PID 3000 set thread context of 4480	3000	explorer.exe	333
PID 4832 set thread context of 4580	4832	spoolsv.exe	338
PID 2724 set thread context of 60	2724	explorer.exe	342
PID 4124 set thread context of 2336	4124	spoolsv.exe	344

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	Process not Found
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.ex_	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	Process not Found
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.ex_	explorer.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	spoolsv.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
464	364	WerFault.exe	133
3884	4532	WerFault.exe	713

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2112	explorer.exe
2112	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe
3532	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3532	explorer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
3532	explorer.exe
3532	explorer.exe
220	spoolsv.exe
220	spoolsv.exe
2748	explorer.exe
2748	explorer.exe
3196	spoolsv.exe
3196	spoolsv.exe
3092	explorer.exe
3092	explorer.exe
2996	spoolsv.exe
2996	spoolsv.exe
4504	spoolsv.exe
4504	spoolsv.exe
3644	explorer.exe
3644	explorer.exe
1252	spoolsv.exe
1252	spoolsv.exe
1176	spoolsv.exe
1176	spoolsv.exe
408	explorer.exe
408	explorer.exe
4700	spoolsv.exe
4700	spoolsv.exe
3268	spoolsv.exe
3268	spoolsv.exe
3892	explorer.exe
3892	explorer.exe
3092	spoolsv.exe
3092	spoolsv.exe
2772	spoolsv.exe
2772	spoolsv.exe
3856	explorer.exe
3856	explorer.exe
2908	spoolsv.exe
2908	spoolsv.exe
3644	spoolsv.exe
3644	spoolsv.exe
1360	explorer.exe
1360	explorer.exe
1744	spoolsv.exe
1744	spoolsv.exe
5004	spoolsv.exe
5004	spoolsv.exe
1712	explorer.exe
1712	explorer.exe
5048	spoolsv.exe
5048	spoolsv.exe
3824	spoolsv.exe
3824	spoolsv.exe
832	explorer.exe
832	explorer.exe
3460	spoolsv.exe
3460	spoolsv.exe
2500	explorer.exe
2500	explorer.exe
4484	spoolsv.exe
4484	spoolsv.exe
4292	explorer.exe
4292	explorer.exe
4408	spoolsv.exe
4408	spoolsv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2132	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	85
PID 2252 wrote to memory of 2132	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	85
PID 2252 wrote to memory of 2132	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	85
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2252 wrote to memory of 2984	2252	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	86
PID 2984 wrote to memory of 2112	2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	89
PID 2984 wrote to memory of 2112	2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	89
PID 2984 wrote to memory of 2112	2984	68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe	89
PID 2112 wrote to memory of 1772	2112	explorer.exe	90
PID 2112 wrote to memory of 1772	2112	explorer.exe	90
PID 2112 wrote to memory of 1772	2112	explorer.exe	90
PID 2112 wrote to memory of 3228	2112	explorer.exe	91
PID 2112 wrote to memory of 3228	2112	explorer.exe	91
PID 2112 wrote to memory of 3228	2112	explorer.exe	91
PID 2112 wrote to memory of 5092	2112	explorer.exe	92
PID 2112 wrote to memory of 5092	2112	explorer.exe	92
PID 2112 wrote to memory of 5092	2112	explorer.exe	92
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 2112 wrote to memory of 3532	2112	explorer.exe	93
PID 3532 wrote to memory of 4632	3532	explorer.exe	94
PID 3532 wrote to memory of 4632	3532	explorer.exe	94
PID 3532 wrote to memory of 4632	3532	explorer.exe	94
PID 4632 wrote to memory of 2648	4632	spoolsv.exe	95
PID 4632 wrote to memory of 2648	4632	spoolsv.exe	95
PID 4632 wrote to memory of 2648	4632	spoolsv.exe	95
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 220 wrote to memory of 436	220	spoolsv.exe	97
PID 220 wrote to memory of 436	220	spoolsv.exe	97
PID 220 wrote to memory of 436	220	spoolsv.exe	97
PID 4632 wrote to memory of 220	4632	spoolsv.exe	96
PID 436 wrote to memory of 5048	436	explorer.exe	98

C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
"C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
  C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
  2⤵
  PID:2132
- C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
  C:\Users\Admin\AppData\Local\Temp\68586e9dedb08348033fd1b3c6a91d79476631a098401f51f4b858b342894bf8N.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Executes dropped EXE
      PID:1772
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Executes dropped EXE
      PID:3228
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Executes dropped EXE
      PID:5092
  - - \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      4⤵
      Modifies visiblity of hidden/system files in Explorer
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3532
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4632
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:220
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:5048
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:2584
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:2340
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4808
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3828
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4948
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4192
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:1548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3092
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3824
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2400
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:1800
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2928
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4200
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3444
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4480
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4052
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:2856
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2876
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:116
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:224
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:808
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 156
        7⤵
        Program crash
        
        PID:464
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1256
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:1644
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3492
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4880
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:832
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:5048
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4800
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        
        PID:4492
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3892
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4168
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:2892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:1524
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:3488
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3092
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3204
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Executes dropped EXE
        
        PID:4472
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4728
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1784
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2988
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4532
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4324
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3856
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4284
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2908
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4832
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1484
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3644
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2260
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1252
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1360
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4976
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1744
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2992
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1308
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1772
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1256
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3700
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3116
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1904
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1980
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1712
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1196
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5048
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2712
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3188
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3808
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2432
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3824
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4492
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2340
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:832
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3092
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4168
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2156
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3460
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:384
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3852
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2500
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1784
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2928
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4200
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4484
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4292
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1484
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4088
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4820
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4408
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1360
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2728
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4976
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2552
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2976
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:60
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2844
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4656
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:208
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1976
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5112
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3220
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2268
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2708
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4928
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3288
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:796
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1352
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3164
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4576
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4692
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3988
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1684
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3480
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3356
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3444
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3860
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:4276
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:316
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2840
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4480
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4696
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2132
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2136
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4100
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:1484
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4408
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:4816
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3316
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:1360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1708
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3424
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2744
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3724
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2428
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1736
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3152
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4332
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:408
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        
        PID:4884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1796
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:864
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4444
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2584
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1520
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:3604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2872
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3356
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3444
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2988
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3672
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1800
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:444
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3480
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:2840
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1864
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3088
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2612
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:3000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4292
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4480
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4832
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4820
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2116
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5024
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4580
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Suspicious use of SetThreadContext
        
        PID:2724
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4660
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:60
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Suspicious use of SetThreadContext
        
        PID:4124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4160
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2336
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4828
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1308
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4716
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4656
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4880
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4512
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3152
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4332
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4084
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4192
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3572
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5012
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3200
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2712
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1732
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4532
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1380
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:444
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3616
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4476
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1864
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2040
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2952
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4176
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1408
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4756
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3316
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:916
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1708
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2012
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:968
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2876
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4832
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4700
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3952
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4744
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1256
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:224
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3648
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2492
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4288
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4192
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2448
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3988
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4336
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:864
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1352
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:5096
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2712
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:264
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2028
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4696
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1800
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3120
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3360
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3088
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2920
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3204
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1380
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2872
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3672
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:5024
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1928
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1132
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1744
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2116
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3404
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:968
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3424
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5048
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2168
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2708
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4692
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1688
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3808
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1716
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1160
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2320
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3900
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1796
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2992
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1844
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2616
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:808
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4284
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2120
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4324
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4696
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:5008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3732
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4088
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1380
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5080
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1784
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:116
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3284
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4756
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:620
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4004
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1236
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2884
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3116
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:5000
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1348
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4952
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4168
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1684
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3188
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4192
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4344
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3780
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2712
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3640
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1664
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4324
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2028
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4408
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4176
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4088
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3632
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1408
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1820
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1928
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2496
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:64
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4160
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1772
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2432
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2872
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1256
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2876
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4804
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2448
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3756
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1912
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1580
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:864
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:920
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1716
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3988
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2992
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3356
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2492
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3596
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:232
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:216
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1800
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3436
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4176
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1272
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1756
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1408
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1820
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:648
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2244
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4616
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4456
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4004
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5104
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4604
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2892
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1040
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3224
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4168
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1976
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1684
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:5012
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1844
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4320
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:264
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4344
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2008
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1260
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2532
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1664
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4860
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4192
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3856
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2120
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1132
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3316
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4324
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1900
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4360
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3400
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2904
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3104
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3952
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4160
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4340
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1416
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5076
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3808
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4172
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1064
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1636
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1348
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:5000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3752
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2216
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1600
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3088
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:5008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1244
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4860
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:532
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3516
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4232
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1916
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2872
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2432
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2744
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2400
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3816
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1252
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3668
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2912
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2256
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1392
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4948
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4288
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:864
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1688
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3944
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2232
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1788
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3204
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3884
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2928
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1940
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4344
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2120
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2172
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4472
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4176
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2956
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2116
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3104
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3404
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1916
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:208
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2744
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4272
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2432
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:620
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1256
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2144
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4036
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4692
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3900
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1688
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4168
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2616
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1844
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2960
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4924
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 156
        7⤵
        Program crash
        
        PID:3884
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3640
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4384
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4476
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3852
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2120
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4860
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:60
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:632
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1484
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:208
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3816
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4496
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4272
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:552
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:752
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2400
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1544
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2744
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3488
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3952
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3224
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1196
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:5016
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4200
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1600
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4820
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4048
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3892
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4440
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3700
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4900
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:544
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4324
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2040
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1756
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3816
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4804
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2036
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3224
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1844
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1596
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1472
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2576
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4048
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4676
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4000
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3732
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:508
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3404
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:60
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:648
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1548
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2244
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2648
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1756
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4948
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4992
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3316
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:5112
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3100
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:864
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1980
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1040
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4184
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4896
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5016
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:2576
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3956
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:532
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3924
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2072
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:1604
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3700
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3632
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2808
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4360
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2996
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4292
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3320
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2116
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3420
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:216
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3456
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4992
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:5036
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2932
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4828
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4584
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1196
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2884
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:264
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2216
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4752
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4200
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3124
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1792
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4416
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:624
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1156
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4408
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:944
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1688
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2904
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3588
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4440
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2032
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2912
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4472
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4984
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:3392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1560
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2040
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:1960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3008
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4760
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4456
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3316
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4348
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3456
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3856
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3760
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3204
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2932
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4172
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4584
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1196
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3428
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3304
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2452
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4192
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:3124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:624
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1796
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2072
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4964
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4532
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1916
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1688
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1232
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1604
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2032
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4324
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3292
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2388
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:60
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3456
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2892
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1040
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4876
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1516
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2440
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4128
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2948
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3928
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2516
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2760
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2536
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4564
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4200
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:532
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1380
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1816
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2364
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4964
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4496
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4124
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1916
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1920
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3320
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1588
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1524
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4804
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4688
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:60
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4744
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3456
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2616
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3436
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3356
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:864
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4048
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3384
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3304
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2884
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3956
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3204
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1164
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4176
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:3084
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3664
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2936
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:764
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1796
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4360
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1076
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2348
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3724
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1904
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:208
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3284
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3396
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1716
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2504
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1220
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:552
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3848
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5092
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4348
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4508
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2008
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2280
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2616
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4300
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4372
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3404
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3224
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2452
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2948
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1380
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3928
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:5040
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3664
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3416
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3248
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1816
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:1520
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4964
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3796
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4392
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1240
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4316
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2032
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2348
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3392
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2912
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3592
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3396
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1756
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3320
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3420
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4984
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1524
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:920
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2172
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2280
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3384
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2960
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2616
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3732
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4300
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3304
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:944
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3924
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:3664
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4732
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1596
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4000
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4704
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1552
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:1900
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:760
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4248
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        Drops file in Windows directory
        
        PID:4360
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3760
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3856
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4688
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:2648
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2400
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1576
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3092
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1220
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1604
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:2628
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1524
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1560
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:4676
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:1544
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:432
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:4036
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4192
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4128
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2668
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3640
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4292
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2516
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4104
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3588
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3336
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4124
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:232
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4516
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        
        PID:2336
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1792
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1628
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        7⤵
        
        PID:2948
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:624
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:4564
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3956
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        8⤵
        
        PID:3892
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        Drops file in Windows directory
        
        PID:4960
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:2388
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:3324
    - - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:4044
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe
        6⤵
        
        PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 364 -ip 364
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4532 -ip 4532
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Resources\Themes\explorer.exe

Filesize
298KB

MD5
d557c22f0d30892eb579bec67ce240de

SHA1
b4579cfa70e7ad13fc8d7a44747447fea43cf2e9

SHA256
58c99b9bb7b46b0f4f2ebec9b801287071099c45f9c32d17ab262c0833eabac9

SHA512
2309bdff5a3333f35aa141d6ba59f7735c982950b7f2c5f5fffa5d1c3a0f820712a3848a0e00cc9173cefe7249f222281659946f1423d0d44638ad3496fc52d2

Download Submit
C:\Windows\Resources\spoolsv.exe

Filesize
299KB

MD5
b9e61a89aaa2081d523a2de14a9c632b

SHA1
eba0cad9616ad95a2c43fb4db137cff984058e53

SHA256
d42000a92e7b8617fd99b448eb02b281630b76e8770a1bece464f2e67de844d6

SHA512
541d45ec31fb7bf5bfc45d0a52118d8670dd64370219192a3d7565d2765754e1bf3cd709c2501402a9c256138d8e5f1f99cbcc95a1a12848fd62a0b547b699e5

Download Submit
memory/2252-0-0x0000000001710000-0x0000000001715000-memory.dmp

Filesize
20KB

Download
memory/2984-1-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2984-3-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download