Overview

overview

10

Static

static

10

92bc0f250b...18.exe

windows7-x64

10

92bc0f250b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    83s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2024 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92bc0f250bdf3f87bc72ea5dde366ca2_JaffaCakes118.exe

  • Size

    270KB

  • MD5

    92bc0f250bdf3f87bc72ea5dde366ca2

  • SHA1

    0fd82210e2aa9b79887f9719843dbb0d5ff17704

  • SHA256

    fa2f583f55e313c18034f45c173858870ecb9c5fdb3df9d3ae38cea8f4a2d37a

  • SHA512

    3d58270637517735f9bb4a97f8d31b42f2ee17db2f2e52ea3fd5288d1307af30b954a66a2df423fb923481fdb694a7f57be7306f274cfefc64743bdf41bd862e

  • SSDEEP

    6144:Vz+ZIjb+ovOxtdbaXq38GH1WMYl3cZzhP8l403oJ5F:Vz+4XOQYrVNYl3cZzhPVJ

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 64 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 64 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 64 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Adds Run key to start application 2 TTPs 64 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 64 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92bc0f250bdf3f87bc72ea5dde366ca2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\92bc0f250bdf3f87bc72ea5dde366ca2_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • Adds Run key to start application
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3084
    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3256
      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
        3⤵
        • Modifies WinLogon for persistence
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4804
        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious use of WriteProcessMemory
          PID:884
          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
            5⤵
            • Executes dropped EXE
            • Checks processor information in registry
            • Enumerates system info in registry
            • Suspicious use of WriteProcessMemory
            PID:4864
            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2172
              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                7⤵
                • Executes dropped EXE
                • Adds Run key to start application
                • Checks processor information in registry
                • Suspicious use of WriteProcessMemory
                PID:2912
                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:4604
                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                    9⤵
                    • Modifies WinLogon for persistence
                    • Executes dropped EXE
                    • Adds Run key to start application
                    • Suspicious use of WriteProcessMemory
                    PID:1904
                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                      10⤵
                      • Executes dropped EXE
                      • Enumerates system info in registry
                      • Suspicious use of WriteProcessMemory
                      PID:4936
                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                        11⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • Enumerates system info in registry
                        • Suspicious use of WriteProcessMemory
                        PID:3988
                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                          12⤵
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Enumerates system info in registry
                          • Suspicious use of WriteProcessMemory
                          PID:752
                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                            13⤵
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Drops file in System32 directory
                            • Suspicious use of WriteProcessMemory
                            PID:988
                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                              14⤵
                              • Modifies WinLogon for persistence
                              • Executes dropped EXE
                              • Checks processor information in registry
                              • Enumerates system info in registry
                              • Suspicious use of WriteProcessMemory
                              PID:1864
                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                15⤵
                                • Modifies WinLogon for persistence
                                • Executes dropped EXE
                                • Adds Run key to start application
                                • Suspicious use of WriteProcessMemory
                                PID:3064
                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                  16⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Checks processor information in registry
                                  • Enumerates system info in registry
                                  • Suspicious use of WriteProcessMemory
                                  PID:2904
                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                    17⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • Drops file in System32 directory
                                    • System Location Discovery: System Language Discovery
                                    • Enumerates system info in registry
                                    • Suspicious use of WriteProcessMemory
                                    PID:2480
                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                      18⤵
                                      • Executes dropped EXE
                                      • Drops file in System32 directory
                                      • Enumerates system info in registry
                                      • Suspicious use of WriteProcessMemory
                                      PID:2492
                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                        19⤵
                                        • Modifies WinLogon for persistence
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • Enumerates system info in registry
                                        • Suspicious use of WriteProcessMemory
                                        PID:2224
                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                          20⤵
                                          • Checks computer location settings
                                          • Executes dropped EXE
                                          • Suspicious use of WriteProcessMemory
                                          PID:2496
                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                            21⤵
                                            • Executes dropped EXE
                                            • Adds Run key to start application
                                            • Checks processor information in registry
                                            • Suspicious use of WriteProcessMemory
                                            PID:4148
                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                              22⤵
                                              • Executes dropped EXE
                                              • Drops file in System32 directory
                                              • Enumerates system info in registry
                                              • Suspicious use of WriteProcessMemory
                                              PID:2812
                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                23⤵
                                                • Checks BIOS information in registry
                                                • Executes dropped EXE
                                                PID:4600
                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                  24⤵
                                                  • Modifies WinLogon for persistence
                                                  • Executes dropped EXE
                                                  PID:3852
                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                    25⤵
                                                    • Executes dropped EXE
                                                    • Drops file in System32 directory
                                                    • Checks processor information in registry
                                                    PID:4452
                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                      26⤵
                                                      • Modifies WinLogon for persistence
                                                      • Checks computer location settings
                                                      • Executes dropped EXE
                                                      PID:1476
                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                        27⤵
                                                        • Executes dropped EXE
                                                        PID:3456
                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                          28⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Checks processor information in registry
                                                          PID:1328
                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                            29⤵
                                                            • Modifies WinLogon for persistence
                                                            • Executes dropped EXE
                                                            PID:1868
                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                              30⤵
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              PID:1432
                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                31⤵
                                                                • Executes dropped EXE
                                                                • Adds Run key to start application
                                                                PID:5060
                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                  32⤵
                                                                  • Modifies WinLogon for persistence
                                                                  • Checks BIOS information in registry
                                                                  • Executes dropped EXE
                                                                  • Enumerates system info in registry
                                                                  PID:2808
                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                    33⤵
                                                                    • Checks BIOS information in registry
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Drops file in System32 directory
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Checks processor information in registry
                                                                    PID:1156
                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                      34⤵
                                                                      • Modifies WinLogon for persistence
                                                                      • Executes dropped EXE
                                                                      • Checks processor information in registry
                                                                      PID:3572
                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                        35⤵
                                                                        • Executes dropped EXE
                                                                        • Drops file in System32 directory
                                                                        • Enumerates system info in registry
                                                                        PID:3472
                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                          36⤵
                                                                          • Checks BIOS information in registry
                                                                          • Checks computer location settings
                                                                          • Executes dropped EXE
                                                                          • Adds Run key to start application
                                                                          PID:264
                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                            37⤵
                                                                            • Checks computer location settings
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            PID:1128
                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                              38⤵
                                                                              • Executes dropped EXE
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Enumerates system info in registry
                                                                              PID:1900
                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                39⤵
                                                                                • Checks BIOS information in registry
                                                                                • Checks computer location settings
                                                                                • Executes dropped EXE
                                                                                • Checks processor information in registry
                                                                                PID:3368
                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                  40⤵
                                                                                  • Modifies WinLogon for persistence
                                                                                  • Executes dropped EXE
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Checks processor information in registry
                                                                                  PID:2756
                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                    41⤵
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Checks processor information in registry
                                                                                    PID:2536
                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                      42⤵
                                                                                      • Modifies WinLogon for persistence
                                                                                      • Executes dropped EXE
                                                                                      • Enumerates system info in registry
                                                                                      PID:644
                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                        43⤵
                                                                                        • Checks BIOS information in registry
                                                                                        • Checks computer location settings
                                                                                        • Executes dropped EXE
                                                                                        • Enumerates system info in registry
                                                                                        PID:4640
                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                          44⤵
                                                                                          • Modifies WinLogon for persistence
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          • Adds Run key to start application
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:1752
                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                            45⤵
                                                                                            • Checks computer location settings
                                                                                            • Executes dropped EXE
                                                                                            • Adds Run key to start application
                                                                                            PID:4412
                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                              46⤵
                                                                                              • Modifies WinLogon for persistence
                                                                                              • Executes dropped EXE
                                                                                              • Adds Run key to start application
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              PID:5028
                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                47⤵
                                                                                                • Modifies WinLogon for persistence
                                                                                                • Executes dropped EXE
                                                                                                • Drops file in System32 directory
                                                                                                • Checks processor information in registry
                                                                                                PID:668
                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                  48⤵
                                                                                                  • Checks computer location settings
                                                                                                  • Executes dropped EXE
                                                                                                  • Enumerates system info in registry
                                                                                                  PID:1540
                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                    49⤵
                                                                                                    • Checks computer location settings
                                                                                                    • Executes dropped EXE
                                                                                                    • Drops file in System32 directory
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:312
                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                      50⤵
                                                                                                      • Modifies WinLogon for persistence
                                                                                                      • Executes dropped EXE
                                                                                                      • Enumerates system info in registry
                                                                                                      PID:1240
                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                        51⤵
                                                                                                        • Checks BIOS information in registry
                                                                                                        • Executes dropped EXE
                                                                                                        • Adds Run key to start application
                                                                                                        PID:4804
                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                          52⤵
                                                                                                          • Checks BIOS information in registry
                                                                                                          • Executes dropped EXE
                                                                                                          • Adds Run key to start application
                                                                                                          PID:2128
                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                            53⤵
                                                                                                            • Checks computer location settings
                                                                                                            • Executes dropped EXE
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:2188
                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                              54⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Checks processor information in registry
                                                                                                              PID:3688
                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                55⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Adds Run key to start application
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:1968
                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                  56⤵
                                                                                                                  • Checks BIOS information in registry
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:4688
                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                    57⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Enumerates system info in registry
                                                                                                                    PID:1876
                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                      58⤵
                                                                                                                      • Checks BIOS information in registry
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Adds Run key to start application
                                                                                                                      PID:4164
                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                        59⤵
                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                        • Executes dropped EXE
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:1812
                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                          60⤵
                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                          • Checks BIOS information in registry
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Checks processor information in registry
                                                                                                                          PID:1164
                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                            61⤵
                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                            • Checks BIOS information in registry
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Checks processor information in registry
                                                                                                                            PID:1528
                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                              62⤵
                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Enumerates system info in registry
                                                                                                                              PID:940
                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                63⤵
                                                                                                                                • Checks computer location settings
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Adds Run key to start application
                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                PID:3172
                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                  64⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in System32 directory
                                                                                                                                  PID:2756
                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                    65⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    PID:2536
                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                      66⤵
                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                      • Checks computer location settings
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:1504
                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                        67⤵
                                                                                                                                          PID:1860
                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                            68⤵
                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                            • Enumerates system info in registry
                                                                                                                                            PID:1044
                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                              69⤵
                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                              • Drops file in System32 directory
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              • Checks processor information in registry
                                                                                                                                              PID:4220
                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                70⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:2696
                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                  71⤵
                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  PID:2660
                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                    72⤵
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                    PID:4396
                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                      73⤵
                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                      PID:1688
                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                        74⤵
                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                        PID:1540
                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                          75⤵
                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                          PID:536
                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                            76⤵
                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                            PID:1020
                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                              77⤵
                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                              PID:4364
                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                78⤵
                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                PID:4128
                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                  79⤵
                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                  PID:4864
                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                    80⤵
                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                    PID:4436
                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                      81⤵
                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                      PID:3684
                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                        82⤵
                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                        PID:3892
                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                          83⤵
                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:2312
                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                            84⤵
                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                            PID:264
                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                              85⤵
                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                              PID:4696
                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                86⤵
                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                PID:400
                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                  87⤵
                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                  PID:1660
                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                    88⤵
                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                    PID:4224
                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                      89⤵
                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                      PID:2024
                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                        90⤵
                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                        PID:4952
                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                          91⤵
                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                          PID:4640
                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                            92⤵
                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                            PID:4160
                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                              93⤵
                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                              PID:2552
                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                94⤵
                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                PID:208
                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                  95⤵
                                                                                                                                                                                                    PID:5028
                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                      96⤵
                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                      PID:668
                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                        97⤵
                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                        PID:1508
                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                          98⤵
                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                          PID:4996
                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                            99⤵
                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                            PID:2080
                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                              100⤵
                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                              PID:3492
                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                101⤵
                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                PID:4116
                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                  102⤵
                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                  PID:2296
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                    103⤵
                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                    PID:2956
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                      104⤵
                                                                                                                                                                                                                        PID:800
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                          105⤵
                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                          PID:5048
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                            106⤵
                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                            PID:4936
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                              107⤵
                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                              PID:368
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                108⤵
                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                PID:3932
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                  109⤵
                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                  PID:1888
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                    110⤵
                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                    PID:1128
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                      111⤵
                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                      PID:2068
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                        112⤵
                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                        PID:2768
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                          113⤵
                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                          PID:1660
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                            114⤵
                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                            PID:1992
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                              115⤵
                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                              PID:548
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                116⤵
                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                PID:1308
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                  117⤵
                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                  PID:4560
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                    118⤵
                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                    PID:1156
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                      119⤵
                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                      PID:3124
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                        120⤵
                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                        PID:1584
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                          121⤵
                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                          PID:212
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                            122⤵
                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                            PID:4524
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                              123⤵
                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                              PID:4440
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                124⤵
                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                PID:3084
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                  125⤵
                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                  PID:4556
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                    126⤵
                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                    PID:4028
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                      127⤵
                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                      PID:744
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                        128⤵
                                                                                                                                                                                                                                                                          PID:1092
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                            129⤵
                                                                                                                                                                                                                                                                              PID:3476
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                130⤵
                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                PID:4984
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                  131⤵
                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                  PID:2940
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                    132⤵
                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                    PID:4292
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                      133⤵
                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      PID:3780
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                        134⤵
                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                        PID:5092
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                          135⤵
                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                          PID:2800
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                            136⤵
                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                            PID:656
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                              137⤵
                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                              PID:2904
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                138⤵
                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                PID:412
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                  139⤵
                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                  PID:632
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                    140⤵
                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                    PID:2768
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                      141⤵
                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                      PID:4520
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                        142⤵
                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                        PID:4492
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                          143⤵
                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                          PID:1828
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                            144⤵
                                                                                                                                                                                                                                                                                                              PID:3520
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                145⤵
                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                PID:1088
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                  146⤵
                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                  PID:3888
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                    147⤵
                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                    PID:2552
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                      148⤵
                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                      PID:2696
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                        149⤵
                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                        PID:2364
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                          150⤵
                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                          PID:224
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                            151⤵
                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                            PID:3776
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                              152⤵
                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                              PID:316
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                153⤵
                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                PID:2736
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                  154⤵
                                                                                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                  PID:1384
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                    155⤵
                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                    PID:2948
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                      156⤵
                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                      PID:1600
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                        157⤵
                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                        PID:3408
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                          158⤵
                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                          PID:4108
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                            159⤵
                                                                                                                                                                                                                                                                                                                                            • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                            PID:2912
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                              160⤵
                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                              PID:884
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                161⤵
                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                PID:4100
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                  162⤵
                                                                                                                                                                                                                                                                                                                                                    PID:1096
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                      163⤵
                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                      PID:1796
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                        164⤵
                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                        PID:2380
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                          165⤵
                                                                                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                          PID:3240
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                            166⤵
                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                            PID:1864
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                              167⤵
                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                              PID:956
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                168⤵
                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                PID:2852
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                  169⤵
                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                  PID:2400
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                    170⤵
                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                    PID:1660
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                      171⤵
                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                      PID:3744
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                        172⤵
                                                                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                        PID:644
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                          173⤵
                                                                                                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                          PID:624
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                            174⤵
                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                            PID:4152
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                              175⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:1596
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                  176⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:3128
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                      177⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                      PID:1804
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                        178⤵
                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                        PID:2932
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                          179⤵
                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                          PID:4460
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                            180⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                            PID:4788
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                              181⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                              PID:1540
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                182⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                PID:3580
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  183⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1240
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                    184⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                    • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                    PID:4976
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                      185⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                      PID:4804
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        186⤵
                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                        PID:1396
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          187⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2936
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                            188⤵
                                                                                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                            PID:2956
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              189⤵
                                                                                                                                                                                                                                                                                                                                                                                                              • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                              PID:4228
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                190⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                PID:4588
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  191⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3472
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                    192⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4948
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                      193⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1652
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        194⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3992
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                          195⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2380
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                            196⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3240
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              197⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1424
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                198⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:740
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                  199⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:772
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                    200⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2168
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      201⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3836
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                        202⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1084
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                          203⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1308
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                            204⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4560
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                              205⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1088
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                206⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5008
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  207⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4576
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      208⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4036
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                        209⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4340
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                            210⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:224
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                              211⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1588
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                212⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  213⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    214⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        215⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            216⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                217⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    218⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        219⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            220⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                221⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    222⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        223⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            224⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                225⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    226⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2396
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        227⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            228⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                229⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4552
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    230⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        231⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            232⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1724
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                233⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    234⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        235⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            236⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2704
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                237⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    238⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        239⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            240⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                241⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    242⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        243⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            244⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                245⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    246⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        247⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            248⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                249⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    250⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        251⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            252⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                253⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    254⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        255⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            256⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                257⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    258⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        259⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            260⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                261⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    262⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4552
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        263⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1672
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            264⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                265⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    266⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        267⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            268⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                269⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    270⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        271⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            272⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                273⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    274⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        275⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            276⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                277⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    278⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        279⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            280⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                281⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    282⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        283⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            284⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                285⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    286⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        287⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            288⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                289⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    290⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        291⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            292⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                293⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    294⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        295⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            296⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                297⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    298⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        299⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            300⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                301⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    302⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        303⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            304⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                305⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    306⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        307⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            308⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                309⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    310⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        311⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            312⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3928
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                313⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    314⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        315⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            316⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                317⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    318⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        319⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            320⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                321⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3332
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    322⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        323⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            324⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2904
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                325⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    326⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        327⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            328⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                329⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    330⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        331⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            332⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                333⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    334⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        335⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4324
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            336⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                337⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    338⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        339⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            340⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                341⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    342⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        343⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            344⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                345⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    346⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3416
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        347⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            348⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                349⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    350⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4936
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        351⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            352⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                353⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1368
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    354⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        355⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            356⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                357⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    358⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        359⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            360⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                361⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2716
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    362⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        363⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            364⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                365⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    366⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        367⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\System\ÚÈÏÇáÑÍãä.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            368⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3128
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\System32\mousocoreworker.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\mousocoreworker.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                  PID:3988
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                    PID:3688

                                                                                                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\System\ÚÈÏÇáÑÍãä.exe
                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    270KB

                                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                                    92bc0f250bdf3f87bc72ea5dde366ca2

                                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                                    0fd82210e2aa9b79887f9719843dbb0d5ff17704

                                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                                    fa2f583f55e313c18034f45c173858870ecb9c5fdb3df9d3ae38cea8f4a2d37a

                                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                                    3d58270637517735f9bb4a97f8d31b42f2ee17db2f2e52ea3fd5288d1307af30b954a66a2df423fb923481fdb694a7f57be7306f274cfefc64743bdf41bd862e

                                                                                                                                                                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                                                                                                                                                                  • memory/264-121-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/264-246-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/312-162-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/400-250-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/536-227-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/644-140-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/668-156-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/752-47-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/884-23-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/940-200-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/988-50-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1020-229-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1044-213-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1128-124-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1156-112-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1156-107-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1164-194-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1240-165-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1328-96-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1432-102-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1476-91-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1504-209-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1528-197-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1540-154-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1540-225-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1540-159-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1660-252-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1688-223-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1752-144-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1752-146-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1812-191-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1860-211-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1864-53-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1868-99-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1876-185-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1900-127-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1904-38-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/1968-179-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2128-171-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2172-29-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2188-174-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2224-68-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2312-244-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2480-62-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2492-65-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2496-71-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2536-207-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2536-134-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2536-137-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2660-219-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2696-217-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2756-133-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2756-205-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2808-109-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2812-77-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2904-59-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/2912-32-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3064-56-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3084-13-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3084-1-0x00000000022B0000-0x00000000022B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3084-0-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3172-203-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3256-14-0x0000000002750000-0x0000000002751000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3256-11-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3256-17-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3368-130-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3456-93-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3456-89-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3472-118-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3572-115-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3684-238-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3684-240-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3688-177-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3852-84-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3892-242-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/3988-44-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4128-233-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4148-74-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4164-188-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4220-215-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4224-254-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4364-231-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4396-221-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4412-149-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4436-237-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4452-87-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4452-82-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4600-80-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4604-35-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4640-143-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4688-182-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4696-248-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4804-168-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4804-20-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4864-235-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4864-26-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/4936-41-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/5028-152-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download

                                                                                                                                                                                                                                                                                                                                                  • memory/5060-105-0x0000000000400000-0x00000000004C5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                                    788KB

                                                                                                                                                                                                                                                                                                                                                    Download