metasploit | 434782669aae645047f93e2c0594167286f83633f25b6ddfefbe4bd3edfeb914

Analysis

max time kernel
11s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eb8849564cce6ae74801f923bc97e52.exe
Size

538KB
MD5

0eb8849564cce6ae74801f923bc97e52
SHA1

77e70d251573396481e0305908a83aa12082699a
SHA256

434782669aae645047f93e2c0594167286f83633f25b6ddfefbe4bd3edfeb914
SHA512

1bbd2627897dfe55574522408b15d86466bd8706dfdba9af9abacca22e11f9c11547dc7120545bba86e459bc18ec5f9cd3402ca9feb971891a7947c1311d082e
SSDEEP

12288:+NuaIsd+lbShO2PLOHKwsYyHBsU6lxSnyYxYKSCh3BeQs8D:+oaIzDWLO/sYyHBp6in1xcCh3BeQs8D

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 43 IoCs

pid	Process
2092	ogjidc.exe
2932	douijt.exe
2036	nvgfus.exe
3008	vdufoi.exe
2372	ckpxax.exe
2260	pxznob.exe
2756	wjgsdv.exe
2828	heyklp.exe
1896	tgeaec.exe
1220	efryoa.exe
1648	oevvzz.exe
916	vuqntp.exe
2524	gegtyf.exe
2620	cjbtfm.exe
2224	zklyay.exe
2544	hditkl.exe
2244	rcuquk.exe
1524	exegao.exe
384	owqdtn.exe
2876	tnnypb.exe
1992	dioiwv.exe
3064	kqjjql.exe
2632	xkpqcp.exe
1148	hrtwmo.exe
848	ulzdyb.exe
1604	uxmwmf.exe
2564	gcdyav.exe
2380	ryejqq.exe
2576	vobemw.exe
2848	iihtxi.exe
896	yupgbw.exe
2596	aldwzs.exe
1880	qboeyk.exe
312	zmeotn.exe
2272	erxwmp.exe
1872	gmazhp.exe
2480	wfxmrd.exe
2356	gpmrwb.exe
3000	trthhf.exe
2752	snfeew.exe
608	fmzhnf.exe
2892	ccghom.exe
1884	syohae.exe

Identifies Wine through registry keys 2 TTPs 45 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	heyklp.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	zklyay.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	tnnypb.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	xkpqcp.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	ulzdyb.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	vobemw.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	pxznob.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	efryoa.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	oevvzz.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	vydgit.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	exegao.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	iihtxi.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	aldwzs.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	snfeew.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	wjgsdv.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	vuqntp.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	rcuquk.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	syohae.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	gegtyf.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	hrtwmo.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	qboeyk.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	gmazhp.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	wfxmrd.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	ccghom.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	nvgfus.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	hditkl.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	kqjjql.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	erxwmp.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	gpmrwb.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	vdufoi.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	owqdtn.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	fmzhnf.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	0eb8849564cce6ae74801f923bc97e52.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	ogjidc.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	cjbtfm.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	dioiwv.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	ryejqq.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	yupgbw.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	zmeotn.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	trthhf.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	douijt.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	ckpxax.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	tgeaec.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	uxmwmf.exe
Key opened	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Wine	gcdyav.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	0eb8849564cce6ae74801f923bc97e52.exe
2232	0eb8849564cce6ae74801f923bc97e52.exe
2092	ogjidc.exe
2092	ogjidc.exe
2932	douijt.exe
2932	douijt.exe
2036	nvgfus.exe
2036	nvgfus.exe
3008	vdufoi.exe
3008	vdufoi.exe
2372	ckpxax.exe
2372	ckpxax.exe
2260	pxznob.exe
2260	pxznob.exe
2756	wjgsdv.exe
2756	wjgsdv.exe
2828	heyklp.exe
2828	heyklp.exe
1896	tgeaec.exe
1896	tgeaec.exe
1220	efryoa.exe
1220	efryoa.exe
1648	oevvzz.exe
1648	oevvzz.exe
916	vuqntp.exe
916	vuqntp.exe
2060	vydgit.exe
2060	vydgit.exe
2620	cjbtfm.exe
2620	cjbtfm.exe
2224	zklyay.exe
2224	zklyay.exe
2544	hditkl.exe
2544	hditkl.exe
2244	rcuquk.exe
2244	rcuquk.exe
1524	exegao.exe
1524	exegao.exe
384	owqdtn.exe
384	owqdtn.exe
2876	tnnypb.exe
2876	tnnypb.exe
1992	dioiwv.exe
1992	dioiwv.exe
3064	kqjjql.exe
3064	kqjjql.exe
2632	xkpqcp.exe
2632	xkpqcp.exe
1148	hrtwmo.exe
1148	hrtwmo.exe
848	ulzdyb.exe
848	ulzdyb.exe
1604	uxmwmf.exe
1604	uxmwmf.exe
2564	gcdyav.exe
2564	gcdyav.exe
2380	ryejqq.exe
2380	ryejqq.exe
2576	vobemw.exe
2576	vobemw.exe
2848	iihtxi.exe
2848	iihtxi.exe
896	yupgbw.exe
896	yupgbw.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\tgeaec.exe	heyklp.exe
File opened for modification	C:\Windows\SysWOW64\gegtyf.exe	vuqntp.exe
File created	C:\Windows\SysWOW64\hrtwmo.exe	xkpqcp.exe
File created	C:\Windows\SysWOW64\zmeotn.exe	qboeyk.exe
File created	C:\Windows\SysWOW64\ogjidc.exe	0eb8849564cce6ae74801f923bc97e52.exe
File opened for modification	C:\Windows\SysWOW64\ogjidc.exe	0eb8849564cce6ae74801f923bc97e52.exe
File opened for modification	C:\Windows\SysWOW64\nvgfus.exe	douijt.exe
File created	C:\Windows\SysWOW64\vdufoi.exe	nvgfus.exe
File opened for modification	C:\Windows\SysWOW64\ckpxax.exe	vdufoi.exe
File created	C:\Windows\SysWOW64\zklyay.exe	cjbtfm.exe
File opened for modification	C:\Windows\SysWOW64\gmazhp.exe	erxwmp.exe
File opened for modification	C:\Windows\SysWOW64\ccghom.exe	fmzhnf.exe
File created	C:\Windows\SysWOW64\nvgfus.exe	douijt.exe
File created	C:\Windows\SysWOW64\uxmwmf.exe	ulzdyb.exe
File created	C:\Windows\SysWOW64\douijt.exe	ogjidc.exe
File opened for modification	C:\Windows\SysWOW64\vobemw.exe	ryejqq.exe
File created	C:\Windows\SysWOW64\erxwmp.exe	zmeotn.exe
File created	C:\Windows\SysWOW64\fmzhnf.exe	snfeew.exe
File created	C:\Windows\SysWOW64\ccghom.exe	fmzhnf.exe
File opened for modification	C:\Windows\SysWOW64\xkpqcp.exe	kqjjql.exe
File opened for modification	C:\Windows\SysWOW64\uxmwmf.exe	ulzdyb.exe
File created	C:\Windows\SysWOW64\gcdyav.exe	uxmwmf.exe
File created	C:\Windows\SysWOW64\vobemw.exe	ryejqq.exe
File opened for modification	C:\Windows\SysWOW64\erxwmp.exe	zmeotn.exe
File opened for modification	C:\Windows\SysWOW64\pxznob.exe	ckpxax.exe
File created	C:\Windows\SysWOW64\cjbtfm.exe	vydgit.exe
File created	C:\Windows\SysWOW64\exegao.exe	rcuquk.exe
File created	C:\Windows\SysWOW64\iihtxi.exe	vobemw.exe
File opened for modification	C:\Windows\SysWOW64\yupgbw.exe	iihtxi.exe
File opened for modification	C:\Windows\SysWOW64\snfeew.exe	trthhf.exe
File created	C:\Windows\SysWOW64\snfeew.exe	trthhf.exe
File created	C:\Windows\SysWOW64\wjgsdv.exe	pxznob.exe
File created	C:\Windows\SysWOW64\tgeaec.exe	heyklp.exe
File created	C:\Windows\SysWOW64\efryoa.exe	tgeaec.exe
File opened for modification	C:\Windows\SysWOW64\owqdtn.exe	exegao.exe
File opened for modification	C:\Windows\SysWOW64\tnnypb.exe	owqdtn.exe
File created	C:\Windows\SysWOW64\dioiwv.exe	tnnypb.exe
File opened for modification	C:\Windows\SysWOW64\efryoa.exe	tgeaec.exe
File opened for modification	C:\Windows\SysWOW64\rcuquk.exe	hditkl.exe
File created	C:\Windows\SysWOW64\gpmrwb.exe	wfxmrd.exe
File created	C:\Windows\SysWOW64\hditkl.exe	zklyay.exe
File created	C:\Windows\SysWOW64\rcuquk.exe	hditkl.exe
File opened for modification	C:\Windows\SysWOW64\dioiwv.exe	tnnypb.exe
File created	C:\Windows\SysWOW64\ulzdyb.exe	hrtwmo.exe
File created	C:\Windows\SysWOW64\aldwzs.exe	yupgbw.exe
File opened for modification	C:\Windows\SysWOW64\zmeotn.exe	qboeyk.exe
File created	C:\Windows\SysWOW64\heyklp.exe	wjgsdv.exe
File created	C:\Windows\SysWOW64\oevvzz.exe	efryoa.exe
File created	C:\Windows\SysWOW64\owqdtn.exe	exegao.exe
File opened for modification	C:\Windows\SysWOW64\kqjjql.exe	dioiwv.exe
File opened for modification	C:\Windows\SysWOW64\fmzhnf.exe	snfeew.exe
File opened for modification	C:\Windows\SysWOW64\gpmrwb.exe	wfxmrd.exe
File created	C:\Windows\SysWOW64\trthhf.exe	gpmrwb.exe
File created	C:\Windows\SysWOW64\pxznob.exe	ckpxax.exe
File opened for modification	C:\Windows\SysWOW64\wjgsdv.exe	pxznob.exe
File opened for modification	C:\Windows\SysWOW64\cjbtfm.exe	vydgit.exe
File created	C:\Windows\SysWOW64\xkpqcp.exe	kqjjql.exe
File opened for modification	C:\Windows\SysWOW64\hrtwmo.exe	xkpqcp.exe
File opened for modification	C:\Windows\SysWOW64\wfxmrd.exe	gmazhp.exe
File created	C:\Windows\SysWOW64\tnnypb.exe	owqdtn.exe
File opened for modification	C:\Windows\SysWOW64\ulzdyb.exe	hrtwmo.exe
File opened for modification	C:\Windows\SysWOW64\qboeyk.exe	aldwzs.exe
File opened for modification	C:\Windows\SysWOW64\trthhf.exe	gpmrwb.exe
File opened for modification	C:\Windows\SysWOW64\douijt.exe	ogjidc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2092	2232	0eb8849564cce6ae74801f923bc97e52.exe	83
PID 2232 wrote to memory of 2092	2232	0eb8849564cce6ae74801f923bc97e52.exe	83
PID 2232 wrote to memory of 2092	2232	0eb8849564cce6ae74801f923bc97e52.exe	83
PID 2232 wrote to memory of 2092	2232	0eb8849564cce6ae74801f923bc97e52.exe	83
PID 2092 wrote to memory of 2932	2092	ogjidc.exe	70
PID 2092 wrote to memory of 2932	2092	ogjidc.exe	70
PID 2092 wrote to memory of 2932	2092	ogjidc.exe	70
PID 2092 wrote to memory of 2932	2092	ogjidc.exe	70
PID 2932 wrote to memory of 2036	2932	douijt.exe	63
PID 2932 wrote to memory of 2036	2932	douijt.exe	63
PID 2932 wrote to memory of 2036	2932	douijt.exe	63
PID 2932 wrote to memory of 2036	2932	douijt.exe	63
PID 2036 wrote to memory of 3008	2036	nvgfus.exe	17
PID 2036 wrote to memory of 3008	2036	nvgfus.exe	17
PID 2036 wrote to memory of 3008	2036	nvgfus.exe	17
PID 2036 wrote to memory of 3008	2036	nvgfus.exe	17
PID 3008 wrote to memory of 2372	3008	vdufoi.exe	55
PID 3008 wrote to memory of 2372	3008	vdufoi.exe	55
PID 3008 wrote to memory of 2372	3008	vdufoi.exe	55
PID 3008 wrote to memory of 2372	3008	vdufoi.exe	55
PID 2372 wrote to memory of 2260	2372	ckpxax.exe	54
PID 2372 wrote to memory of 2260	2372	ckpxax.exe	54
PID 2372 wrote to memory of 2260	2372	ckpxax.exe	54
PID 2372 wrote to memory of 2260	2372	ckpxax.exe	54
PID 2260 wrote to memory of 2756	2260	pxznob.exe	51
PID 2260 wrote to memory of 2756	2260	pxznob.exe	51
PID 2260 wrote to memory of 2756	2260	pxznob.exe	51
PID 2260 wrote to memory of 2756	2260	pxznob.exe	51
PID 2756 wrote to memory of 2828	2756	wjgsdv.exe	49
PID 2756 wrote to memory of 2828	2756	wjgsdv.exe	49
PID 2756 wrote to memory of 2828	2756	wjgsdv.exe	49
PID 2756 wrote to memory of 2828	2756	wjgsdv.exe	49
PID 2828 wrote to memory of 1896	2828	heyklp.exe	46
PID 2828 wrote to memory of 1896	2828	heyklp.exe	46
PID 2828 wrote to memory of 1896	2828	heyklp.exe	46
PID 2828 wrote to memory of 1896	2828	heyklp.exe	46
PID 1896 wrote to memory of 1220	1896	tgeaec.exe	44
PID 1896 wrote to memory of 1220	1896	tgeaec.exe	44
PID 1896 wrote to memory of 1220	1896	tgeaec.exe	44
PID 1896 wrote to memory of 1220	1896	tgeaec.exe	44
PID 1220 wrote to memory of 1648	1220	efryoa.exe	42
PID 1220 wrote to memory of 1648	1220	efryoa.exe	42
PID 1220 wrote to memory of 1648	1220	efryoa.exe	42
PID 1220 wrote to memory of 1648	1220	efryoa.exe	42
PID 1648 wrote to memory of 916	1648	oevvzz.exe	18
PID 1648 wrote to memory of 916	1648	oevvzz.exe	18
PID 1648 wrote to memory of 916	1648	oevvzz.exe	18
PID 1648 wrote to memory of 916	1648	oevvzz.exe	18
PID 916 wrote to memory of 2524	916	vuqntp.exe	19
PID 916 wrote to memory of 2524	916	vuqntp.exe	19
PID 916 wrote to memory of 2524	916	vuqntp.exe	19
PID 916 wrote to memory of 2524	916	vuqntp.exe	19
PID 2060 wrote to memory of 2620	2060	vydgit.exe	33
PID 2060 wrote to memory of 2620	2060	vydgit.exe	33
PID 2060 wrote to memory of 2620	2060	vydgit.exe	33
PID 2060 wrote to memory of 2620	2060	vydgit.exe	33
PID 2620 wrote to memory of 2224	2620	cjbtfm.exe	31
PID 2620 wrote to memory of 2224	2620	cjbtfm.exe	31
PID 2620 wrote to memory of 2224	2620	cjbtfm.exe	31
PID 2620 wrote to memory of 2224	2620	cjbtfm.exe	31
PID 2224 wrote to memory of 2544	2224	zklyay.exe	25
PID 2224 wrote to memory of 2544	2224	zklyay.exe	25
PID 2224 wrote to memory of 2544	2224	zklyay.exe	25
PID 2224 wrote to memory of 2544	2224	zklyay.exe	25

C:\Users\Admin\AppData\Local\Temp\0eb8849564cce6ae74801f923bc97e52.exe
"C:\Users\Admin\AppData\Local\Temp\0eb8849564cce6ae74801f923bc97e52.exe"
1⤵
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\ogjidc.exe
  C:\Windows\system32\ogjidc.exe 656 "C:\Users\Admin\AppData\Local\Temp\0eb8849564cce6ae74801f923bc97e52.exe"
  2⤵
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2092

C:\Windows\SysWOW64\vdufoi.exe
C:\Windows\system32\vdufoi.exe 692 "C:\Windows\SysWOW64\nvgfus.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\ckpxax.exe
  C:\Windows\system32\ckpxax.exe 708 "C:\Windows\SysWOW64\vdufoi.exe"
  2⤵
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2372

C:\Windows\SysWOW64\vuqntp.exe
C:\Windows\system32\vuqntp.exe 732 "C:\Windows\SysWOW64\oevvzz.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\gegtyf.exe
  C:\Windows\system32\gegtyf.exe 740 "C:\Windows\SysWOW64\vuqntp.exe"
  2⤵
  - Executes dropped EXE
  - Identifies Wine through registry keys
  PID:2524
- - C:\Windows\SysWOW64\vydgit.exe
    C:\Windows\system32\vydgit.exe 752 "C:\Windows\SysWOW64\gegtyf.exe"
    3⤵
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Windows\SysWOW64\cjbtfm.exe
      C:\Windows\system32\cjbtfm.exe 616 "C:\Windows\SysWOW64\vydgit.exe"
      4⤵
      Executes dropped EXE
      Identifies Wine through registry keys
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2620

C:\Windows\SysWOW64\rcuquk.exe
C:\Windows\system32\rcuquk.exe 756 "C:\Windows\SysWOW64\hditkl.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
PID:2244
- C:\Windows\SysWOW64\exegao.exe
  C:\Windows\system32\exegao.exe 760 "C:\Windows\SysWOW64\rcuquk.exe"
  2⤵
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:1524
- - C:\Windows\SysWOW64\owqdtn.exe
    C:\Windows\system32\owqdtn.exe 768 "C:\Windows\SysWOW64\exegao.exe"
    3⤵
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Drops file in System32 directory
    PID:384
  - - C:\Windows\SysWOW64\tnnypb.exe
      C:\Windows\system32\tnnypb.exe 772 "C:\Windows\SysWOW64\owqdtn.exe"
      4⤵
      Executes dropped EXE
      Identifies Wine through registry keys
      Loads dropped DLL
      Drops file in System32 directory
      PID:2876
    - - C:\Windows\SysWOW64\dioiwv.exe
        
        C:\Windows\system32\dioiwv.exe 788 "C:\Windows\SysWOW64\tnnypb.exe"
        5⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1992
      - C:\Windows\SysWOW64\kqjjql.exe
        
        C:\Windows\system32\kqjjql.exe 628 "C:\Windows\SysWOW64\dioiwv.exe"
        6⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:3064
        
        C:\Windows\SysWOW64\xkpqcp.exe
        
        C:\Windows\system32\xkpqcp.exe 776 "C:\Windows\SysWOW64\kqjjql.exe"
        7⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\hrtwmo.exe
        
        C:\Windows\system32\hrtwmo.exe 784 "C:\Windows\SysWOW64\xkpqcp.exe"
        8⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1148
        
        C:\Windows\SysWOW64\ulzdyb.exe
        
        C:\Windows\system32\ulzdyb.exe 796 "C:\Windows\SysWOW64\hrtwmo.exe"
        9⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:848
        
        C:\Windows\SysWOW64\uxmwmf.exe
        
        C:\Windows\system32\uxmwmf.exe 624 "C:\Windows\SysWOW64\ulzdyb.exe"
        10⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1604
        
        C:\Windows\SysWOW64\gcdyav.exe
        
        C:\Windows\system32\gcdyav.exe 800 "C:\Windows\SysWOW64\uxmwmf.exe"
        11⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        
        PID:2564
        
        C:\Windows\SysWOW64\ryejqq.exe
        
        C:\Windows\system32\ryejqq.exe 808 "C:\Windows\SysWOW64\gcdyav.exe"
        12⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\vobemw.exe
        
        C:\Windows\system32\vobemw.exe 664 "C:\Windows\SysWOW64\ryejqq.exe"
        13⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2576
        
        C:\Windows\SysWOW64\iihtxi.exe
        
        C:\Windows\system32\iihtxi.exe 816 "C:\Windows\SysWOW64\vobemw.exe"
        14⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2848
        
        C:\Windows\SysWOW64\yupgbw.exe
        
        C:\Windows\system32\yupgbw.exe 812 "C:\Windows\SysWOW64\iihtxi.exe"
        15⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:896
        
        C:\Windows\SysWOW64\aldwzs.exe
        
        C:\Windows\system32\aldwzs.exe 652 "C:\Windows\SysWOW64\yupgbw.exe"
        16⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:2596
        
        C:\Windows\SysWOW64\qboeyk.exe
        
        C:\Windows\system32\qboeyk.exe 824 "C:\Windows\SysWOW64\aldwzs.exe"
        17⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:1880
        
        C:\Windows\SysWOW64\zmeotn.exe
        
        C:\Windows\system32\zmeotn.exe 828 "C:\Windows\SysWOW64\qboeyk.exe"
        18⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:312
        
        C:\Windows\SysWOW64\erxwmp.exe
        
        C:\Windows\system32\erxwmp.exe 832 "C:\Windows\SysWOW64\zmeotn.exe"
        19⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:2272
        
        C:\Windows\SysWOW64\gmazhp.exe
        
        C:\Windows\system32\gmazhp.exe 640 "C:\Windows\SysWOW64\erxwmp.exe"
        20⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:1872
        
        C:\Windows\SysWOW64\wfxmrd.exe
        
        C:\Windows\system32\wfxmrd.exe 840 "C:\Windows\SysWOW64\gmazhp.exe"
        21⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:2480
        
        C:\Windows\SysWOW64\gpmrwb.exe
        
        C:\Windows\system32\gpmrwb.exe 844 "C:\Windows\SysWOW64\wfxmrd.exe"
        22⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:2356
        
        C:\Windows\SysWOW64\trthhf.exe
        
        C:\Windows\system32\trthhf.exe 836 "C:\Windows\SysWOW64\gpmrwb.exe"
        23⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:3000
        
        C:\Windows\SysWOW64\snfeew.exe
        
        C:\Windows\system32\snfeew.exe 620 "C:\Windows\SysWOW64\trthhf.exe"
        24⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:2752
        
        C:\Windows\SysWOW64\fmzhnf.exe
        
        C:\Windows\system32\fmzhnf.exe 856 "C:\Windows\SysWOW64\snfeew.exe"
        25⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        Drops file in System32 directory
        
        PID:608
        
        C:\Windows\SysWOW64\ccghom.exe
        
        C:\Windows\system32\ccghom.exe 660 "C:\Windows\SysWOW64\fmzhnf.exe"
        26⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        
        PID:2892
        
        C:\Windows\SysWOW64\syohae.exe
        
        C:\Windows\system32\syohae.exe 864 "C:\Windows\SysWOW64\ccghom.exe"
        27⤵
        Executes dropped EXE
        Identifies Wine through registry keys
        
        PID:1884
        
        C:\Windows\SysWOW64\cgteld.exe
        
        C:\Windows\system32\cgteld.exe 820 "C:\Windows\SysWOW64\syohae.exe"
        28⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\zsozbf.exe
        
        C:\Windows\system32\zsozbf.exe 684 "C:\Windows\SysWOW64\cgteld.exe"
        29⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\dlwzaq.exe
        
        C:\Windows\system32\dlwzaq.exe 648 "C:\Windows\SysWOW64\zsozbf.exe"
        30⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\tftujd.exe
        
        C:\Windows\system32\tftujd.exe 880 "C:\Windows\SysWOW64\dlwzaq.exe"
        31⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\ysmucn.exe
        
        C:\Windows\system32\ysmucn.exe 716 "C:\Windows\SysWOW64\tftujd.exe"
        32⤵
        
        PID:992
        
        C:\Windows\SysWOW64\nljpmb.exe
        
        C:\Windows\system32\nljpmb.exe 888 "C:\Windows\SysWOW64\ysmucn.exe"
        33⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\nshudr.exe
        
        C:\Windows\system32\nshudr.exe 676 "C:\Windows\SysWOW64\nljpmb.exe"
        34⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\clehnf.exe
        
        C:\Windows\system32\clehnf.exe 900 "C:\Windows\SysWOW64\nshudr.exe"
        35⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\pkykvn.exe
        
        C:\Windows\system32\pkykvn.exe 892 "C:\Windows\SysWOW64\clehnf.exe"
        36⤵
        
        PID:864
        
        C:\Windows\SysWOW64\xsukqd.exe
        
        C:\Windows\system32\xsukqd.exe 908 "C:\Windows\SysWOW64\pkykvn.exe"
        37⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\birxmj.exe
        
        C:\Windows\system32\birxmj.exe 904 "C:\Windows\SysWOW64\xsukqd.exe"
        38⤵
        
        PID:560
        
        C:\Windows\SysWOW64\rmzsiw.exe
        
        C:\Windows\system32\rmzsiw.exe 916 "C:\Windows\SysWOW64\birxmj.exe"
        39⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\oghshg.exe
        
        C:\Windows\system32\oghshg.exe 804 "C:\Windows\SysWOW64\rmzsiw.exe"
        40⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\gnjfmz.exe
        
        C:\Windows\system32\gnjfmz.exe 912 "C:\Windows\SysWOW64\oghshg.exe"
        41⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\qmvdwy.exe
        
        C:\Windows\system32\qmvdwy.exe 924 "C:\Windows\SysWOW64\gnjfmz.exe"
        42⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\pihatp.exe
        
        C:\Windows\system32\pihatp.exe 672 "C:\Windows\SysWOW64\qmvdwy.exe"
        43⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\hfgfdr.exe
        
        C:\Windows\system32\hfgfdr.exe 932 "C:\Windows\SysWOW64\pihatp.exe"
        44⤵
        
        PID:788
        
        C:\Windows\SysWOW64\seklop.exe
        
        C:\Windows\system32\seklop.exe 928 "C:\Windows\SysWOW64\hfgfdr.exe"
        45⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\wrekhz.exe
        
        C:\Windows\system32\wrekhz.exe 680 "C:\Windows\SysWOW64\seklop.exe"
        46⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\pqgyms.exe
        
        C:\Windows\system32\pqgyms.exe 952 "C:\Windows\SysWOW64\wrekhz.exe"
        47⤵
        
        PID:888
        
        C:\Windows\SysWOW64\zbvizv.exe
        
        C:\Windows\system32\zbvizv.exe 944 "C:\Windows\SysWOW64\pqgyms.exe"
        48⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\mrqlid.exe
        
        C:\Windows\system32\mrqlid.exe 948 "C:\Windows\SysWOW64\zbvizv.exe"
        49⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\wqciac.exe
        
        C:\Windows\system32\wqciac.exe 960 "C:\Windows\SysWOW64\mrqlid.exe"
        50⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\jsiymh.exe
        
        C:\Windows\system32\jsiymh.exe 956 "C:\Windows\SysWOW64\wqciac.exe"
        51⤵
        
        PID:452
        
        C:\Windows\SysWOW64\vuofxt.exe
        
        C:\Windows\system32\vuofxt.exe 968 "C:\Windows\SysWOW64\jsiymh.exe"
        52⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\lcaned.exe
        
        C:\Windows\system32\lcaned.exe 940 "C:\Windows\SysWOW64\vuofxt.exe"
        53⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\nmavql.exe
        
        C:\Windows\system32\nmavql.exe 688 "C:\Windows\SysWOW64\lcaned.exe"
        54⤵
        
        PID:304
        
        C:\Windows\SysWOW64\emadpu.exe
        
        C:\Windows\system32\emadpu.exe 668 "C:\Windows\SysWOW64\nmavql.exe"
        55⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\davtoy.exe
        
        C:\Windows\system32\davtoy.exe 612 "C:\Windows\SysWOW64\emadpu.exe"
        56⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\uelokc.exe
        
        C:\Windows\system32\uelokc.exe 644 "C:\Windows\SysWOW64\davtoy.exe"
        57⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\orzwei.exe
        
        C:\Windows\system32\orzwei.exe 764 "C:\Windows\SysWOW64\uelokc.exe"
        58⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\fqzecr.exe
        
        C:\Windows\system32\fqzecr.exe 792 "C:\Windows\SysWOW64\orzwei.exe"
        59⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\hpozmv.exe
        
        C:\Windows\system32\hpozmv.exe 636 "C:\Windows\SysWOW64\fqzecr.exe"
        60⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\wfgcuv.exe
        
        C:\Windows\system32\wfgcuv.exe 852 "C:\Windows\SysWOW64\hpozmv.exe"
        61⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\ismkgb.exe
        
        C:\Windows\system32\ismkgb.exe 780 "C:\Windows\SysWOW64\wfgcuv.exe"
        62⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\rcaknz.exe
        
        C:\Windows\system32\rcaknz.exe 860 "C:\Windows\SysWOW64\ismkgb.exe"
        63⤵
        
        PID:816
        
        C:\Windows\SysWOW64\tqlfcu.exe
        
        C:\Windows\system32\tqlfcu.exe 872 "C:\Windows\SysWOW64\rcaknz.exe"
        64⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\kqmniv.exe
        
        C:\Windows\system32\kqmniv.exe 868 "C:\Windows\SysWOW64\tqlfcu.exe"
        65⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\mdpixi.exe
        
        C:\Windows\system32\mdpixi.exe 896 "C:\Windows\SysWOW64\kqmniv.exe"
        66⤵
        
        PID:960
        
        C:\Windows\SysWOW64\iufssb.exe
        
        C:\Windows\system32\iufssb.exe 920 "C:\Windows\SysWOW64\mdpixi.exe"
        67⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\saiood.exe
        
        C:\Windows\system32\saiood.exe 848 "C:\Windows\SysWOW64\iufssb.exe"
        68⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\jzivve.exe
        
        C:\Windows\system32\jzivve.exe 936 "C:\Windows\SysWOW64\saiood.exe"
        69⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\krxvnv.exe
        
        C:\Windows\system32\krxvnv.exe 884 "C:\Windows\SysWOW64\jzivve.exe"
        70⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\nqmywi.exe
        
        C:\Windows\system32\nqmywi.exe 976 "C:\Windows\SysWOW64\krxvnv.exe"
        71⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\felehj.exe
        
        C:\Windows\system32\felehj.exe 1048 "C:\Windows\SysWOW64\nqmywi.exe"
        72⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\rgrlso.exe
        
        C:\Windows\system32\rgrlso.exe 1044 "C:\Windows\SysWOW64\felehj.exe"
        73⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\zkbybz.exe
        
        C:\Windows\system32\zkbybz.exe 1060 "C:\Windows\SysWOW64\rgrlso.exe"
        74⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\osngiq.exe
        
        C:\Windows\system32\osngiq.exe 1064 "C:\Windows\SysWOW64\zkbybz.exe"
        75⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\wllmfk.exe
        
        C:\Windows\system32\wllmfk.exe 744 "C:\Windows\SysWOW64\osngiq.exe"
        76⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\ghmwnf.exe
        
        C:\Windows\system32\ghmwnf.exe 1016 "C:\Windows\SysWOW64\wllmfk.exe"
        77⤵
        
        PID:972
        
        C:\Windows\SysWOW64\ysaovc.exe
        
        C:\Windows\system32\ysaovc.exe 1080 "C:\Windows\SysWOW64\ghmwnf.exe"
        78⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\iupzif.exe
        
        C:\Windows\system32\iupzif.exe 1076 "C:\Windows\SysWOW64\ysaovc.exe"
        79⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\sfejdi.exe
        
        C:\Windows\system32\sfejdi.exe 1072 "C:\Windows\SysWOW64\iupzif.exe"
        80⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\pgnemf.exe
        
        C:\Windows\system32\pgnemf.exe 984 "C:\Windows\SysWOW64\sfejdi.exe"
        81⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\hraetl.exe
        
        C:\Windows\system32\hraetl.exe 1092 "C:\Windows\SysWOW64\pgnemf.exe"
        82⤵
        
        PID:412
        
        C:\Windows\SysWOW64\uhdzcl.exe
        
        C:\Windows\system32\uhdzcl.exe 1088 "C:\Windows\SysWOW64\hraetl.exe"
        83⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\evwwas.exe
        
        C:\Windows\system32\evwwas.exe 1096 "C:\Windows\SysWOW64\uhdzcl.exe"
        84⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\oviukr.exe
        
        C:\Windows\system32\oviukr.exe 1084 "C:\Windows\SysWOW64\evwwas.exe"
        85⤵
        
        PID:348
        
        C:\Windows\SysWOW64\btdwtz.exe
        
        C:\Windows\system32\btdwtz.exe 1104 "C:\Windows\SysWOW64\oviukr.exe"
        86⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\onjmee.exe
        
        C:\Windows\system32\onjmee.exe 1108 "C:\Windows\SysWOW64\btdwtz.exe"
        87⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\yuvjpc.exe
        
        C:\Windows\system32\yuvjpc.exe 1112 "C:\Windows\SysWOW64\onjmee.exe"
        88⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\ozvetq.exe
        
        C:\Windows\system32\ozvetq.exe 1100 "C:\Windows\SysWOW64\yuvjpc.exe"
        89⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\pxjurm.exe
        
        C:\Windows\system32\pxjurm.exe 1012 "C:\Windows\SysWOW64\ozvetq.exe"
        90⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\hmizbo.exe
        
        C:\Windows\system32\hmizbo.exe 1128 "C:\Windows\SysWOW64\pxjurm.exe"
        91⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\ucdckw.exe
        
        C:\Windows\system32\ucdckw.exe 1124 "C:\Windows\SysWOW64\hmizbo.exe"
        92⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\ejhzuv.exe
        
        C:\Windows\system32\ejhzuv.exe 1136 "C:\Windows\SysWOW64\ucdckw.exe"
        93⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\swypiz.exe
        
        C:\Windows\system32\swypiz.exe 1140 "C:\Windows\SysWOW64\ejhzuv.exe"
        94⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\uvmegd.exe
        
        C:\Windows\system32\uvmegd.exe 980 "C:\Windows\SysWOW64\swypiz.exe"
        95⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\mvokdw.exe
        
        C:\Windows\system32\mvokdw.exe 1144 "C:\Windows\SysWOW64\uvmegd.exe"
        96⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\zxvzob.exe
        
        C:\Windows\system32\zxvzob.exe 1160 "C:\Windows\SysWOW64\mvokdw.exe"
        97⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\avjpmf.exe
        
        C:\Windows\system32\avjpmf.exe 1028 "C:\Windows\SysWOW64\zxvzob.exe"
        98⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\tdlury.exe
        
        C:\Windows\system32\tdlury.exe 1156 "C:\Windows\SysWOW64\avjpmf.exe"
        99⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\dfafeb.exe
        
        C:\Windows\system32\dfafeb.exe 1164 "C:\Windows\SysWOW64\tdlury.exe"
        100⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\phguyo.exe
        
        C:\Windows\system32\phguyo.exe 1152 "C:\Windows\SysWOW64\dfafeb.exe"
        101⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\duqkek.exe
        
        C:\Windows\system32\duqkek.exe 1168 "C:\Windows\SysWOW64\phguyo.exe"
        102⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\nxnurn.exe
        
        C:\Windows\system32\nxnurn.exe 1148 "C:\Windows\SysWOW64\duqkek.exe"
        103⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\akxkxr.exe
        
        C:\Windows\system32\akxkxr.exe 1176 "C:\Windows\SysWOW64\nxnurn.exe"
        104⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\mmdaid.exe
        
        C:\Windows\system32\mmdaid.exe 1172 "C:\Windows\SysWOW64\akxkxr.exe"
        105⤵
        
        PID:552
        
        C:\Windows\SysWOW64\rzwibf.exe
        
        C:\Windows\system32\rzwibf.exe 876 "C:\Windows\SysWOW64\mmdaid.exe"
        106⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\rvifyw.exe
        
        C:\Windows\system32\rvifyw.exe 1000 "C:\Windows\SysWOW64\rzwibf.exe"
        107⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\jfwxgt.exe
        
        C:\Windows\system32\jfwxgt.exe 1196 "C:\Windows\SysWOW64\rvifyw.exe"
        108⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\weraob.exe
        
        C:\Windows\system32\weraob.exe 1200 "C:\Windows\SysWOW64\jfwxgt.exe"
        109⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\dabngm.exe
        
        C:\Windows\system32\dabngm.exe 1204 "C:\Windows\SysWOW64\weraob.exe"
        110⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\nlqxtq.exe
        
        C:\Windows\system32\nlqxtq.exe 1208 "C:\Windows\SysWOW64\dabngm.exe"
        111⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\vpadlj.exe
        
        C:\Windows\system32\vpadlj.exe 972 "C:\Windows\SysWOW64\nlqxtq.exe"
        112⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\kixymw.exe
        
        C:\Windows\system32\kixymw.exe 1216 "C:\Windows\SysWOW64\vpadlj.exe"
        113⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\ulmiha.exe
        
        C:\Windows\system32\ulmiha.exe 1212 "C:\Windows\SysWOW64\kixymw.exe"
        114⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\hntyte.exe
        
        C:\Windows\system32\hntyte.exe 1224 "C:\Windows\SysWOW64\ulmiha.exe"
        115⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\uaknzi.exe
        
        C:\Windows\system32\uaknzi.exe 1192 "C:\Windows\SysWOW64\hntyte.exe"
        116⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\hqfqhq.exe
        
        C:\Windows\system32\hqfqhq.exe 1228 "C:\Windows\SysWOW64\uaknzi.exe"
        117⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\rbcaut.exe
        
        C:\Windows\system32\rbcaut.exe 1232 "C:\Windows\SysWOW64\hqfqhq.exe"
        118⤵
        
        PID:644
        
        C:\Windows\SysWOW64\dviioy.exe
        
        C:\Windows\system32\dviioy.exe 1220 "C:\Windows\SysWOW64\rbcaut.exe"
        119⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\qudlwg.exe
        
        C:\Windows\system32\qudlwg.exe 1236 "C:\Windows\SysWOW64\dviioy.exe"
        120⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\ybrljv.exe
        
        C:\Windows\system32\ybrljv.exe 1248 "C:\Windows\SysWOW64\qudlwg.exe"
        121⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\lstgrd.exe
        
        C:\Windows\system32\lstgrd.exe 1240 "C:\Windows\SysWOW64\ybrljv.exe"
        122⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\vcjqmh.exe
        
        C:\Windows\system32\vcjqmh.exe 1252 "C:\Windows\SysWOW64\lstgrd.exe"
        123⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\htetvh.exe
        
        C:\Windows\system32\htetvh.exe 1260 "C:\Windows\SysWOW64\vcjqmh.exe"
        124⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\xjpbcy.exe
        
        C:\Windows\system32\xjpbcy.exe 1264 "C:\Windows\SysWOW64\htetvh.exe"
        125⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\hlmlpb.exe
        
        C:\Windows\system32\hlmlpb.exe 1256 "C:\Windows\SysWOW64\xjpbcy.exe"
        126⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\mywbvx.exe
        
        C:\Windows\system32\mywbvx.exe 1272 "C:\Windows\SysWOW64\hlmlpb.exe"
        127⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\zacqgk.exe
        
        C:\Windows\system32\zacqgk.exe 1268 "C:\Windows\SysWOW64\mywbvx.exe"
        128⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\ywoolb.exe
        
        C:\Windows\system32\ywoolb.exe 992 "C:\Windows\SysWOW64\zacqgk.exe"
        129⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\qhcgly.exe
        
        C:\Windows\system32\qhcgly.exe 1280 "C:\Windows\SysWOW64\ywoolb.exe"
        130⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\dgejug.exe
        
        C:\Windows\system32\dgejug.exe 1284 "C:\Windows\SysWOW64\qhcgly.exe"
        131⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\nfjgmf.exe
        
        C:\Windows\system32\nfjgmf.exe 1292 "C:\Windows\SysWOW64\dgejug.exe"
        132⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\avdjvn.exe
        
        C:\Windows\system32\avdjvn.exe 1288 "C:\Windows\SysWOW64\nfjgmf.exe"
        133⤵
        
        PID:624
        
        C:\Windows\SysWOW64\nbvljw.exe
        
        C:\Windows\system32\nbvljw.exe 1296 "C:\Windows\SysWOW64\avdjvn.exe"
        134⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\xwwwqq.exe
        
        C:\Windows\system32\xwwwqq.exe 1276 "C:\Windows\SysWOW64\nbvljw.exe"
        135⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cnsrme.exe
        
        C:\Windows\system32\cnsrme.exe 1312 "C:\Windows\SysWOW64\xwwwqq.exe"
        136⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\juojhu.exe
        
        C:\Windows\system32\juojhu.exe 1004 "C:\Windows\SysWOW64\cnsrme.exe"
        137⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\ccqwen.exe
        
        C:\Windows\system32\ccqwen.exe 1304 "C:\Windows\SysWOW64\juojhu.exe"
        138⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\ohhrsd.exe
        
        C:\Windows\system32\ohhrsd.exe 1316 "C:\Windows\SysWOW64\ccqwen.exe"
        139⤵
        
        PID:576
        
        C:\Windows\SysWOW64\ydibhy.exe
        
        C:\Windows\system32\ydibhy.exe 1324 "C:\Windows\SysWOW64\ohhrsd.exe"
        140⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\inxmvt.exe
        
        C:\Windows\system32\inxmvt.exe 1328 "C:\Windows\SysWOW64\ydibhy.exe"
        141⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\ysyhzg.exe
        
        C:\Windows\system32\ysyhzg.exe 1320 "C:\Windows\SysWOW64\inxmvt.exe"
        142⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\lxpjnp.exe
        
        C:\Windows\system32\lxpjnp.exe 1332 "C:\Windows\SysWOW64\ysyhzg.exe"
        143⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\vwthxo.exe
        
        C:\Windows\system32\vwthxo.exe 1308 "C:\Windows\SysWOW64\lxpjnp.exe"
        144⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\hyzwra.exe
        
        C:\Windows\system32\hyzwra.exe 1344 "C:\Windows\SysWOW64\vwthxo.exe"
        145⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\sxlubz.exe
        
        C:\Windows\system32\sxlubz.exe 1336 "C:\Windows\SysWOW64\hyzwra.exe"
        146⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\icmpfe.exe
        
        C:\Windows\system32\icmpfe.exe 1348 "C:\Windows\SysWOW64\sxlubz.exe"
        147⤵
        
        PID:800
        
        C:\Windows\SysWOW64\jbaedj.exe
        
        C:\Windows\system32\jbaedj.exe 988 "C:\Windows\SysWOW64\icmpfe.exe"
        148⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\ruhpmk.exe
        
        C:\Windows\system32\ruhpmk.exe 1020 "C:\Windows\SysWOW64\jbaedj.exe"
        149⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\vrcpzh.exe
        
        C:\Windows\system32\vrcpzh.exe 1032 "C:\Windows\SysWOW64\ruhpmk.exe"
        150⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\nnsubi.exe
        
        C:\Windows\system32\nnsubi.exe 1376 "C:\Windows\SysWOW64\vrcpzh.exe"
        151⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\xqqxxl.exe
        
        C:\Windows\system32\xqqxxl.exe 1364 "C:\Windows\SysWOW64\nnsubi.exe"
        152⤵
        
        PID:944
        
        C:\Windows\SysWOW64\kdzuch.exe
        
        C:\Windows\system32\kdzuch.exe 1372 "C:\Windows\SysWOW64\xqqxxl.exe"
        153⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\uopfqk.exe
        
        C:\Windows\system32\uopfqk.exe 1360 "C:\Windows\SysWOW64\kdzuch.exe"
        154⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cvkxka.exe
        
        C:\Windows\system32\cvkxka.exe 1116 "C:\Windows\SysWOW64\uopfqk.exe"
        155⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\omfati.exe
        
        C:\Windows\system32\omfati.exe 1384 "C:\Windows\SysWOW64\cvkxka.exe"
        156⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\ecziza.exe
        
        C:\Windows\system32\ecziza.exe 1380 "C:\Windows\SysWOW64\omfati.exe"
        157⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\oeoknv.exe
        
        C:\Windows\system32\oeoknv.exe 1392 "C:\Windows\SysWOW64\ecziza.exe"
        158⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\ylspxt.exe
        
        C:\Windows\system32\ylspxt.exe 1400 "C:\Windows\SysWOW64\oeoknv.exe"
        159⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\azvssu.exe
        
        C:\Windows\system32\azvssu.exe 1008 "C:\Windows\SysWOW64\ylspxt.exe"
        160⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\snuxdv.exe
        
        C:\Windows\system32\snuxdv.exe 1396 "C:\Windows\SysWOW64\azvssu.exe"
        161⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cuyvnu.exe
        
        C:\Windows\system32\cuyvnu.exe 1404 "C:\Windows\SysWOW64\snuxdv.exe"
        162⤵
        
        PID:704
        
        C:\Windows\SysWOW64\sygqrh.exe
        
        C:\Windows\system32\sygqrh.exe 1416 "C:\Windows\SysWOW64\cuyvnu.exe"
        163⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\zkfvob.exe
        
        C:\Windows\system32\zkfvob.exe 1412 "C:\Windows\SysWOW64\sygqrh.exe"
        164⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\nxokuf.exe
        
        C:\Windows\system32\nxokuf.exe 996 "C:\Windows\SysWOW64\zkfvob.exe"
        165⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\zzcafj.exe
        
        C:\Windows\system32\zzcafj.exe 1424 "C:\Windows\SysWOW64\nxokuf.exe"
        166⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\mpxdos.exe
        
        C:\Windows\system32\mpxdos.exe 1432 "C:\Windows\SysWOW64\zzcafj.exe"
        167⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\ufkvih.exe
        
        C:\Windows\system32\ufkvih.exe 1428 "C:\Windows\SysWOW64\mpxdos.exe"
        168⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\bnedpr.exe
        
        C:\Windows\system32\bnedpr.exe 1440 "C:\Windows\SysWOW64\ufkvih.exe"
        169⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\osnxdh.exe
        
        C:\Windows\system32\osnxdh.exe 1452 "C:\Windows\SysWOW64\bnedpr.exe"
        170⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\bjqamq.exe
        
        C:\Windows\system32\bjqamq.exe 1420 "C:\Windows\SysWOW64\osnxdh.exe"
        171⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\fwkifr.exe
        
        C:\Windows\system32\fwkifr.exe 1068 "C:\Windows\SysWOW64\bjqamq.exe"
        172⤵
        
        PID:592
        
        C:\Windows\SysWOW64\xkanit.exe
        
        C:\Windows\system32\xkanit.exe 1444 "C:\Windows\SysWOW64\fwkifr.exe"
        173⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\ifbyxn.exe
        
        C:\Windows\system32\ifbyxn.exe 1460 "C:\Windows\SysWOW64\xkanit.exe"
        174⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\uhhnja.exe
        
        C:\Windows\system32\uhhnja.exe 1464 "C:\Windows\SysWOW64\ifbyxn.exe"
        175⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\hycqra.exe
        
        C:\Windows\system32\hycqra.exe 1468 "C:\Windows\SysWOW64\uhhnja.exe"
        176⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\orjvoc.exe
        
        C:\Windows\system32\orjvoc.exe 1472 "C:\Windows\SysWOW64\hycqra.exe"
        177⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\twudzd.exe
        
        C:\Windows\system32\twudzd.exe 1180 "C:\Windows\SysWOW64\orjvoc.exe"
        178⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\mdeiew.exe
        
        C:\Windows\system32\mdeiew.exe 1480 "C:\Windows\SysWOW64\twudzd.exe"
        179⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\wciopv.exe
        
        C:\Windows\system32\wciopv.exe 1476 "C:\Windows\SysWOW64\mdeiew.exe"
        180⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\iiailm.exe
        
        C:\Windows\system32\iiailm.exe 1488 "C:\Windows\SysWOW64\wciopv.exe"
        181⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\yuadhr.exe
        
        C:\Windows\system32\yuadhr.exe 1492 "C:\Windows\SysWOW64\iiailm.exe"
        182⤵
        
        PID:680
        
        C:\Windows\SysWOW64\doqdgj.exe
        
        C:\Windows\system32\doqdgj.exe 1484 "C:\Windows\SysWOW64\yuadhr.exe"
        183⤵
        
        PID:480
        
        C:\Windows\SysWOW64\qbabmf.exe
        
        C:\Windows\system32\qbabmf.exe 1500 "C:\Windows\SysWOW64\doqdgj.exe"
        184⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\fuwovb.exe
        
        C:\Windows\system32\fuwovb.exe 1504 "C:\Windows\SysWOW64\qbabmf.exe"
        185⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mgvtsv.exe
        
        C:\Windows\system32\mgvtsv.exe 1456 "C:\Windows\SysWOW64\fuwovb.exe"
        186⤵
        
        PID:824
        
        C:\Windows\SysWOW64\czsocj.exe
        
        C:\Windows\system32\czsocj.exe 1512 "C:\Windows\SysWOW64\mgvtsv.exe"
        187⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\mvtykd.exe
        
        C:\Windows\system32\mvtykd.exe 1508 "C:\Windows\SysWOW64\czsocj.exe"
        188⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\wufwuc.exe
        
        C:\Windows\system32\wufwuc.exe 1520 "C:\Windows\SysWOW64\mvtykd.exe"
        189⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\bkcrqq.exe
        
        C:\Windows\system32\bkcrqq.exe 1524 "C:\Windows\SysWOW64\wufwuc.exe"
        190⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\oaetzq.exe
        
        C:\Windows\system32\oaetzq.exe 1516 "C:\Windows\SysWOW64\bkcrqq.exe"
        191⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\bvojeu.exe
        
        C:\Windows\system32\bvojeu.exe 1532 "C:\Windows\SysWOW64\oaetzq.exe"
        192⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\lcpgcc.exe
        
        C:\Windows\system32\lcpgcc.exe 1536 "C:\Windows\SysWOW64\bvojeu.exe"
        193⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\yxgwif.exe
        
        C:\Windows\system32\yxgwif.exe 1528 "C:\Windows\SysWOW64\lcpgcc.exe"
        194⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\krmeuk.exe
        
        C:\Windows\system32\krmeuk.exe 1544 "C:\Windows\SysWOW64\yxgwif.exe"
        195⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\xphgcs.exe
        
        C:\Windows\system32\xphgcs.exe 1548 "C:\Windows\SysWOW64\krmeuk.exe"
        196⤵
        
        PID:656
        
        C:\Windows\SysWOW64\kgcjla.exe
        
        C:\Windows\system32\kgcjla.exe 1552 "C:\Windows\SysWOW64\xphgcs.exe"
        197⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\rrioiu.exe
        
        C:\Windows\system32\rrioiu.exe 1540 "C:\Windows\SysWOW64\kgcjla.exe"
        198⤵
        
        PID:856
        
        C:\Windows\SysWOW64\hhuwpd.exe
        
        C:\Windows\system32\hhuwpd.exe 1496 "C:\Windows\SysWOW64\rrioiu.exe"
        199⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\oohobt.exe
        
        C:\Windows\system32\oohobt.exe 1188 "C:\Windows\SysWOW64\hhuwpd.exe"
        200⤵
        
        PID:876
        
        C:\Windows\SysWOW64\zkihiv.exe
        
        C:\Windows\system32\zkihiv.exe 1132 "C:\Windows\SysWOW64\oohobt.exe"
        201⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\oktuys.exe
        
        C:\Windows\system32\oktuys.exe 1568 "C:\Windows\SysWOW64\zkihiv.exe"
        202⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\bjwwos.exe
        
        C:\Windows\system32\bjwwos.exe 1572 "C:\Windows\SysWOW64\oktuys.exe"
        203⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\liauzr.exe
        
        C:\Windows\system32\liauzr.exe 1580 "C:\Windows\SysWOW64\bjwwos.exe"
        204⤵
        
        PID:860
        
        C:\Windows\SysWOW64\ykgjkd.exe
        
        C:\Windows\system32\ykgjkd.exe 1564 "C:\Windows\SysWOW64\liauzr.exe"
        205⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\aqvmav.exe
        
        C:\Windows\system32\aqvmav.exe 964 "C:\Windows\SysWOW64\ykgjkd.exe"
        206⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\sbiehs.exe
        
        C:\Windows\system32\sbiehs.exe 1588 "C:\Windows\SysWOW64\aqvmav.exe"
        207⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\camksr.exe
        
        C:\Windows\system32\camksr.exe 1596 "C:\Windows\SysWOW64\sbiehs.exe"
        208⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\pcsrdd.exe
        
        C:\Windows\system32\pcsrdd.exe 1600 "C:\Windows\SysWOW64\camksr.exe"
        209⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\zficyz.exe
        
        C:\Windows\system32\zficyz.exe 1604 "C:\Windows\SysWOW64\pcsrdd.exe"
        210⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\mvlehh.exe
        
        C:\Windows\system32\mvlehh.exe 1584 "C:\Windows\SysWOW64\zficyz.exe"
        211⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\clwmgq.exe
        
        C:\Windows\system32\clwmgq.exe 1608 "C:\Windows\SysWOW64\mvlehh.exe"
        212⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\lwlxbt.exe
        
        C:\Windows\system32\lwlxbt.exe 1592 "C:\Windows\SysWOW64\clwmgq.exe"
        213⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\vybhox.exe
        
        C:\Windows\system32\vybhox.exe 1616 "C:\Windows\SysWOW64\lwlxbt.exe"
        214⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\gxnfhv.exe
        
        C:\Windows\system32\gxnfhv.exe 1624 "C:\Windows\SysWOW64\vybhox.exe"
        215⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\kwihpd.exe
        
        C:\Windows\system32\kwihpd.exe 1636 "C:\Windows\SysWOW64\gxnfhv.exe"
        216⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\yjzxvh.exe
        
        C:\Windows\system32\yjzxvh.exe 1612 "C:\Windows\SysWOW64\kwihpd.exe"
        217⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\klfngm.exe
        
        C:\Windows\system32\klfngm.exe 1620 "C:\Windows\SysWOW64\yjzxvh.exe"
        218⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\xbahpu.exe
        
        C:\Windows\system32\xbahpu.exe 1640 "C:\Windows\SysWOW64\klfngm.exe"
        219⤵
        
        PID:768
        
        C:\Windows\SysWOW64\fjoijj.exe
        
        C:\Windows\system32\fjoijj.exe 1340 "C:\Windows\SysWOW64\xbahpu.exe"
        220⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\rpfcya.exe
        
        C:\Windows\system32\rpfcya.exe 1648 "C:\Windows\SysWOW64\fjoijj.exe"
        221⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\heqkek.exe
        
        C:\Windows\system32\heqkek.exe 1644 "C:\Windows\SysWOW64\rpfcya.exe"
        222⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\redipj.exe
        
        C:\Windows\system32\redipj.exe 1656 "C:\Windows\SysWOW64\heqkek.exe"
        223⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\galibb.exe
        
        C:\Windows\system32\galibb.exe 1660 "C:\Windows\SysWOW64\redipj.exe"
        224⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\qwdajv.exe
        
        C:\Windows\system32\qwdajv.exe 1632 "C:\Windows\SysWOW64\galibb.exe"
        225⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\vminfj.exe
        
        C:\Windows\system32\vminfj.exe 1664 "C:\Windows\SysWOW64\qwdajv.exe"
        226⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\fijfme.exe
        
        C:\Windows\system32\fijfme.exe 1668 "C:\Windows\SysWOW64\vminfj.exe"
        227⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\plyqih.exe
        
        C:\Windows\system32\plyqih.exe 1672 "C:\Windows\SysWOW64\fijfme.exe"
        228⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\cyifnd.exe
        
        C:\Windows\system32\cyifnd.exe 1652 "C:\Windows\SysWOW64\plyqih.exe"
        229⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\pwliwl.exe
        
        C:\Windows\system32\pwliwl.exe 1680 "C:\Windows\SysWOW64\cyifnd.exe"
        230⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cqrqhx.exe
        
        C:\Windows\system32\cqrqhx.exe 1676 "C:\Windows\SysWOW64\pwliwl.exe"
        231⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\kubdzi.exe
        
        C:\Windows\system32\kubdzi.exe 1040 "C:\Windows\SysWOW64\cqrqhx.exe"
        232⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\zoqyaw.exe
        
        C:\Windows\system32\zoqyaw.exe 1692 "C:\Windows\SysWOW64\kubdzi.exe"
        233⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\gzwdxy.exe
        
        C:\Windows\system32\gzwdxy.exe 1696 "C:\Windows\SysWOW64\zoqyaw.exe"
        234⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\bcblyr.exe
        
        C:\Windows\system32\bcblyr.exe 1056 "C:\Windows\SysWOW64\gzwdxy.exe"
        235⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\qyjlkj.exe
        
        C:\Windows\system32\qyjlkj.exe 1700 "C:\Windows\SysWOW64\bcblyr.exe"
        236⤵
        
        PID:584
        
        C:\Windows\SysWOW64\dltiqf.exe
        
        C:\Windows\system32\dltiqf.exe 1708 "C:\Windows\SysWOW64\qyjlkj.exe"
        237⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\noitdi.exe
        
        C:\Windows\system32\noitdi.exe 1716 "C:\Windows\SysWOW64\dltiqf.exe"
        238⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\aqoaov.exe
        
        C:\Windows\system32\aqoaov.exe 1720 "C:\Windows\SysWOW64\noitdi.exe"
        239⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\huzogg.exe
        
        C:\Windows\system32\huzogg.exe 1036 "C:\Windows\SysWOW64\aqoaov.exe"
        240⤵
        
        PID:572
        
        C:\Windows\SysWOW64\wrhosy.exe
        
        C:\Windows\system32\wrhosy.exe 1728 "C:\Windows\SysWOW64\huzogg.exe"
        241⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\hjwtxw.exe
        
        C:\Windows\system32\hjwtxw.exe 1388 "C:\Windows\SysWOW64\wrhosy.exe"
        242⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\rpxinw.exe
        
        C:\Windows\system32\rpxinw.exe 1052 "C:\Windows\SysWOW64\hjwtxw.exe"
        243⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\eoslwe.exe
        
        C:\Windows\system32\eoslwe.exe 1748 "C:\Windows\SysWOW64\rpxinw.exe"
        244⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\twdtcn.exe
        
        C:\Windows\system32\twdtcn.exe 1740 "C:\Windows\SysWOW64\eoslwe.exe"
        245⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\ddpqvm.exe
        
        C:\Windows\system32\ddpqvm.exe 1736 "C:\Windows\SysWOW64\twdtcn.exe"
        246⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\qtktdu.exe
        
        C:\Windows\system32\qtktdu.exe 1732 "C:\Windows\SysWOW64\ddpqvm.exe"
        247⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\ahlrtc.exe
        
        C:\Windows\system32\ahlrtc.exe 1744 "C:\Windows\SysWOW64\qtktdu.exe"
        248⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\nygtck.exe
        
        C:\Windows\system32\nygtck.exe 1756 "C:\Windows\SysWOW64\ahlrtc.exe"
        249⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\awiwlk.exe
        
        C:\Windows\system32\awiwlk.exe 1760 "C:\Windows\SysWOW64\nygtck.exe"
        250⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\nndzts.exe
        
        C:\Windows\system32\nndzts.exe 1764 "C:\Windows\SysWOW64\awiwlk.exe"
        251⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\alytka.exe
        
        C:\Windows\system32\alytka.exe 1752 "C:\Windows\SysWOW64\nndzts.exe"
        252⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\mjpwyj.exe
        
        C:\Windows\system32\mjpwyj.exe 1776 "C:\Windows\SysWOW64\alytka.exe"
        253⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\wfrzaq.exe
        
        C:\Windows\system32\wfrzaq.exe 1120 "C:\Windows\SysWOW64\mjpwyj.exe"
        254⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\ywfoyv.exe
        
        C:\Windows\system32\ywfoyv.exe 1352 "C:\Windows\SysWOW64\wfrzaq.exe"
        255⤵
        
        PID:924
        
        C:\Windows\SysWOW64\qdhudo.exe
        
        C:\Windows\system32\qdhudo.exe 1784 "C:\Windows\SysWOW64\ywfoyv.exe"
        256⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\dfnjoa.exe
        
        C:\Windows\system32\dfnjoa.exe 1800 "C:\Windows\SysWOW64\qdhudo.exe"
        257⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\nerhyz.exe
        
        C:\Windows\system32\nerhyz.exe 1792 "C:\Windows\SysWOW64\dfnjoa.exe"
        258⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\xdeery.exe
        
        C:\Windows\system32\xdeery.exe 1788 "C:\Windows\SysWOW64\nerhyz.exe"
        259⤵
        
        PID:324
        
        C:\Windows\SysWOW64\zotoeb.exe
        
        C:\Windows\system32\zotoeb.exe 1184 "C:\Windows\SysWOW64\xdeery.exe"
        260⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\meornb.exe
        
        C:\Windows\system32\meornb.exe 1560 "C:\Windows\SysWOW64\zotoeb.exe"
        261⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\zvruvk.exe
        
        C:\Windows\system32\zvruvk.exe 1712 "C:\Windows\SysWOW64\meornb.exe"
        262⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\plccct.exe
        
        C:\Windows\system32\plccct.exe 1808 "C:\Windows\SysWOW64\zvruvk.exe"
        263⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\bnijng.exe
        
        C:\Windows\system32\bnijng.exe 1816 "C:\Windows\SysWOW64\plccct.exe"
        264⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\lpyujj.exe
        
        C:\Windows\system32\lpyujj.exe 1820 "C:\Windows\SysWOW64\bnijng.exe"
        265⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\vokrth.exe
        
        C:\Windows\system32\vokrth.exe 1828 "C:\Windows\SysWOW64\lpyujj.exe"
        266⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\iqqhfm.exe
        
        C:\Windows\system32\iqqhfm.exe 1824 "C:\Windows\SysWOW64\vokrth.exe"
        267⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\vdzxkq.exe
        
        C:\Windows\system32\vdzxkq.exe 1812 "C:\Windows\SysWOW64\iqqhfm.exe"
        268⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\icczty.exe
        
        C:\Windows\system32\icczty.exe 1848 "C:\Windows\SysWOW64\vdzxkq.exe"
        269⤵
        
        PID:792
        
        C:\Windows\SysWOW64\sfrkob.exe
        
        C:\Windows\system32\sfrkob.exe 1840 "C:\Windows\SysWOW64\icczty.exe"
        270⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\fhyzag.exe
        
        C:\Windows\system32\fhyzag.exe 1832 "C:\Windows\SysWOW64\sfrkob.exe"
        271⤵
        
        PID:892
        
        C:\Windows\SysWOW64\klrhtp.exe
        
        C:\Windows\system32\klrhtp.exe 1576 "C:\Windows\SysWOW64\fhyzag.exe"
        272⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\ciimvr.exe
        
        C:\Windows\system32\ciimvr.exe 1856 "C:\Windows\SysWOW64\klrhtp.exe"
        273⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\pvzcbv.exe
        
        C:\Windows\system32\pvzcbv.exe 1852 "C:\Windows\SysWOW64\ciimvr.exe"
        274⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\zudaut.exe
        
        C:\Windows\system32\zudaut.exe 1860 "C:\Windows\SysWOW64\pvzcbv.exe"
        275⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\jtpxes.exe
        
        C:\Windows\system32\jtpxes.exe 1844 "C:\Windows\SysWOW64\zudaut.exe"
        276⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\yqpxqk.exe
        
        C:\Windows\system32\yqpxqk.exe 1864 "C:\Windows\SysWOW64\jtpxes.exe"
        277⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\guakiv.exe
        
        C:\Windows\system32\guakiv.exe 1884 "C:\Windows\SysWOW64\yqpxqk.exe"
        278⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\tscnqe.exe
        
        C:\Windows\system32\tscnqe.exe 1448 "C:\Windows\SysWOW64\guakiv.exe"
        279⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\gjxpze.exe
        
        C:\Windows\system32\gjxpze.exe 1876 "C:\Windows\SysWOW64\tscnqe.exe"
        280⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\qibnjd.exe
        
        C:\Windows\system32\qibnjd.exe 1880 "C:\Windows\SysWOW64\gjxpze.exe"
        281⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\zwckik.exe
        
        C:\Windows\system32\zwckik.exe 1892 "C:\Windows\SysWOW64\qibnjd.exe"
        282⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\pakfex.exe
        
        C:\Windows\system32\pakfex.exe 1888 "C:\Windows\SysWOW64\zwckik.exe"
        283⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\ccqnxc.exe
        
        C:\Windows\system32\ccqnxc.exe 1896 "C:\Windows\SysWOW64\pakfex.exe"
        284⤵
        
        PID:300
        
        C:\Windows\SysWOW64\jopsmv.exe
        
        C:\Windows\system32\jopsmv.exe 1900 "C:\Windows\SysWOW64\ccqnxc.exe"
        285⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\zapnqj.exe
        
        C:\Windows\system32\zapnqj.exe 1872 "C:\Windows\SysWOW64\jopsmv.exe"
        286⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\jgqkgq.exe
        
        C:\Windows\system32\jgqkgq.exe 1912 "C:\Windows\SysWOW64\zapnqj.exe"
        287⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\wftnxq.exe
        
        C:\Windows\system32\wftnxq.exe 1916 "C:\Windows\SysWOW64\jgqkgq.exe"
        288⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\ihzdid.exe
        
        C:\Windows\system32\ihzdid.exe 1904 "C:\Windows\SysWOW64\wftnxq.exe"
        289⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\vuisoh.exe
        
        C:\Windows\system32\vuisoh.exe 1924 "C:\Windows\SysWOW64\ihzdid.exe"
        290⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\izancp.exe
        
        C:\Windows\system32\izancp.exe 1908 "C:\Windows\SysWOW64\vuisoh.exe"
        291⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\symkmo.exe
        
        C:\Windows\system32\symkmo.exe 1932 "C:\Windows\SysWOW64\izancp.exe"
        292⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\idmfqb.exe
        
        C:\Windows\system32\idmfqb.exe 1936 "C:\Windows\SysWOW64\symkmo.exe"
        293⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\scqdba.exe
        
        C:\Windows\system32\scqdba.exe 1920 "C:\Windows\SysWOW64\idmfqb.exe"
        294⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cqraza.exe
        
        C:\Windows\system32\cqraza.exe 1928 "C:\Windows\SysWOW64\scqdba.exe"
        295⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\mpdyjy.exe
        
        C:\Windows\system32\mpdyjy.exe 1244 "C:\Windows\SysWOW64\cqraza.exe"
        296⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\znyash.exe
        
        C:\Windows\system32\znyash.exe 1956 "C:\Windows\SysWOW64\mpdyjy.exe"
        297⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\lpeqdt.exe
        
        C:\Windows\system32\lpeqdt.exe 1964 "C:\Windows\SysWOW64\znyash.exe"
        298⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\bumlhy.exe
        
        C:\Windows\system32\bumlhy.exe 1944 "C:\Windows\SysWOW64\lpeqdt.exe"
        299⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\lwbvdb.exe
        
        C:\Windows\system32\lwbvdb.exe 1960 "C:\Windows\SysWOW64\bumlhy.exe"
        300⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\qjvdol.exe
        
        C:\Windows\system32\qjvdol.exe 1368 "C:\Windows\SysWOW64\lwbvdb.exe"
        301⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\iuiwwi.exe
        
        C:\Windows\system32\iuiwwi.exe 1972 "C:\Windows\SysWOW64\qjvdol.exe"
        302⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\sfygjm.exe
        
        C:\Windows\system32\sfygjm.exe 1980 "C:\Windows\SysWOW64\iuiwwi.exe"
        303⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\cecdbc.exe
        
        C:\Windows\system32\cecdbc.exe 1976 "C:\Windows\SysWOW64\sfygjm.exe"
        304⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\pyitnp.exe
        
        C:\Windows\system32\pyitnp.exe 1984 "C:\Windows\SysWOW64\cecdbc.exe"
        305⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\cwlwvx.exe
        
        C:\Windows\system32\cwlwvx.exe 1988 "C:\Windows\SysWOW64\pyitnp.exe"
        306⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\pnfqex.exe
        
        C:\Windows\system32\pnfqex.exe 1992 "C:\Windows\SysWOW64\cwlwvx.exe"
        307⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\ulatmf.exe
        
        C:\Windows\system32\ulatmf.exe 1968 "C:\Windows\SysWOW64\pnfqex.exe"
        308⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\eoqdii.exe
        
        C:\Windows\system32\eoqdii.exe 2000 "C:\Windows\SysWOW64\ulatmf.exe"
        309⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\qqwttv.exe
        
        C:\Windows\system32\qqwttv.exe 1996 "C:\Windows\SysWOW64\eoqdii.exe"
        310⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\ddnjzr.exe
        
        C:\Windows\system32\ddnjzr.exe 2008 "C:\Windows\SysWOW64\qqwttv.exe"
        311⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\qftykd.exe
        
        C:\Windows\system32\qftykd.exe 2012 "C:\Windows\SysWOW64\ddnjzr.exe"
        312⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\dzzgwi.exe
        
        C:\Windows\system32\dzzgwi.exe 1952 "C:\Windows\SysWOW64\qftykd.exe"
        313⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\nrpmag.exe
        
        C:\Windows\system32\nrpmag.exe 1356 "C:\Windows\SysWOW64\dzzgwi.exe"
        314⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\atvbmk.exe
        
        C:\Windows\system32\atvbmk.exe 2016 "C:\Windows\SysWOW64\nrpmag.exe"
        315⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\nczoxf.exe
        
        C:\Windows\system32\nczoxf.exe 1436 "C:\Windows\SysWOW64\atvbmk.exe"
        316⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\muahrs.exe
        
        C:\Windows\system32\muahrs.exe 1408 "C:\Windows\SysWOW64\nczoxf.exe"
        317⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\erymbt.exe
        
        C:\Windows\system32\erymbt.exe 2032 "C:\Windows\SysWOW64\muahrs.exe"
        318⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\rlecng.exe
        
        C:\Windows\system32\rlecng.exe 2036 "C:\Windows\SysWOW64\erymbt.exe"
        319⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\bgfmua.exe
        
        C:\Windows\system32\bgfmua.exe 2028 "C:\Windows\SysWOW64\rlecng.exe"
        320⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\luyjsi.exe
        
        C:\Windows\system32\luyjsi.exe 2040 "C:\Windows\SysWOW64\bgfmua.exe"
        321⤵
        
        PID:692
        
        C:\Windows\SysWOW64\yhpzym.exe
        
        C:\Windows\system32\yhpzym.exe 2052 "C:\Windows\SysWOW64\luyjsi.exe"
        322⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\ljvhjq.exe
        
        C:\Windows\system32\ljvhjq.exe 2044 "C:\Windows\SysWOW64\yhpzym.exe"
        323⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\viimup.exe
        
        C:\Windows\system32\viimup.exe 2064 "C:\Windows\SysWOW64\ljvhjq.exe"
        324⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\izcpcx.exe
        
        C:\Windows\system32\izcpcx.exe 2068 "C:\Windows\SysWOW64\viimup.exe"
        325⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\vxxslx.exe
        
        C:\Windows\system32\vxxslx.exe 2080 "C:\Windows\SysWOW64\izcpcx.exe"
        326⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\hdpmzo.exe
        
        C:\Windows\system32\hdpmzo.exe 2072 "C:\Windows\SysWOW64\vxxslx.exe"
        327⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\uqgcns.exe
        
        C:\Windows\system32\uqgcns.exe 2076 "C:\Windows\SysWOW64\hdpmzo.exe"
        328⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\hsmsyw.exe
        
        C:\Windows\system32\hsmsyw.exe 2084 "C:\Windows\SysWOW64\uqgcns.exe"
        329⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\ruccmz.exe
        
        C:\Windows\system32\ruccmz.exe 2056 "C:\Windows\SysWOW64\hsmsyw.exe"
        330⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\elwfui.exe
        
        C:\Windows\system32\elwfui.exe 2092 "C:\Windows\SysWOW64\ruccmz.exe"
        331⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\rjrhdq.exe
        
        C:\Windows\system32\rjrhdq.exe 2088 "C:\Windows\SysWOW64\elwfui.exe"
        332⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\eaucmq.exe
        
        C:\Windows\system32\eaucmq.exe 2100 "C:\Windows\SysWOW64\rjrhdq.exe"
        333⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\novzkx.exe
        
        C:\Windows\system32\novzkx.exe 2104 "C:\Windows\SysWOW64\eaucmq.exe"
        334⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\afpcsg.exe
        
        C:\Windows\system32\afpcsg.exe 2108 "C:\Windows\SysWOW64\novzkx.exe"
        335⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\ndkfbg.exe
        
        C:\Windows\system32\ndkfbg.exe 2112 "C:\Windows\SysWOW64\afpcsg.exe"
        336⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\dlenix.exe
        
        C:\Windows\system32\dlenix.exe 2116 "C:\Windows\SysWOW64\ndkfbg.exe"
        337⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\iypvbz.exe
        
        C:\Windows\system32\iypvbz.exe 2120 "C:\Windows\SysWOW64\dlenix.exe"
        338⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\sxbsly.exe
        
        C:\Windows\system32\sxbsly.exe 1628 "C:\Windows\SysWOW64\iypvbz.exe"
        339⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\hfnfau.exe
        
        C:\Windows\system32\hfnfau.exe 2096 "C:\Windows\SysWOW64\sxbsly.exe"
        340⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\rezclt.exe
        
        C:\Windows\system32\rezclt.exe 2128 "C:\Windows\SysWOW64\hfnfau.exe"
        341⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\erisrx.exe
        
        C:\Windows\system32\erisrx.exe 2124 "C:\Windows\SysWOW64\rezclt.exe"
        342⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\rtoicj.exe
        
        C:\Windows\system32\rtoicj.exe 2132 "C:\Windows\SysWOW64\erisrx.exe"
        343⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\bsafui.exe
        
        C:\Windows\system32\bsafui.exe 2144 "C:\Windows\SysWOW64\rtoicj.exe"
        344⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\ojvidi.exe
        
        C:\Windows\system32\ojvidi.exe 2156 "C:\Windows\SysWOW64\bsafui.exe"
        345⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\aazvgd.exe
        
        C:\Windows\system32\aazvgd.exe 1556 "C:\Windows\SysWOW64\ojvidi.exe"
        346⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\urqidn.exe
        
        C:\Windows\system32\urqidn.exe 1704 "C:\Windows\SysWOW64\aazvgd.exe"
        347⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\qlhavs.exe
        
        C:\Windows\system32\qlhavs.exe 1688 "C:\Windows\SysWOW64\urqidn.exe"
        348⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\fpnybo.exe
        
        C:\Windows\system32\fpnybo.exe 1684 "C:\Windows\SysWOW64\qlhavs.exe"
        349⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\exmomr.exe
        
        C:\Windows\system32\exmomr.exe 1780 "C:\Windows\SysWOW64\fpnybo.exe"
        350⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\yroomf.exe
        
        C:\Windows\system32\yroomf.exe 1796 "C:\Windows\SysWOW64\exmomr.exe"
        351⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\zbhwyo.exe
        
        C:\Windows\system32\zbhwyo.exe 1768 "C:\Windows\SysWOW64\yroomf.exe"
        352⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\wvatwm.exe
        
        C:\Windows\system32\wvatwm.exe 1724 "C:\Windows\SysWOW64\zbhwyo.exe"
        353⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\yxabiu.exe
        
        C:\Windows\system32\yxabiu.exe 1804 "C:\Windows\SysWOW64\wvatwm.exe"
        354⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\swroff.exe
        
        C:\Windows\system32\swroff.exe 1772 "C:\Windows\SysWOW64\yxabiu.exe"
        355⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\kkquqg.exe
        
        C:\Windows\system32\kkquqg.exe 2192 "C:\Windows\SysWOW64\swroff.exe"
        356⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\zpqput.exe
        
        C:\Windows\system32\zpqput.exe 2200 "C:\Windows\SysWOW64\kkquqg.exe"
        357⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\hapujn.exe
        
        C:\Windows\system32\hapujn.exe 2184 "C:\Windows\SysWOW64\zpqput.exe"
        358⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\uyswrn.exe
        
        C:\Windows\system32\uyswrn.exe 2204 "C:\Windows\SysWOW64\hapujn.exe"
        359⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\gpnzav.exe
        
        C:\Windows\system32\gpnzav.exe 2196 "C:\Windows\SysWOW64\uyswrn.exe"
        360⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\tnhcre.exe
        
        C:\Windows\system32\tnhcre.exe 2208 "C:\Windows\SysWOW64\gpnzav.exe"
        361⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\dtizhl.exe
        
        C:\Windows\system32\dtizhl.exe 2216 "C:\Windows\SysWOW64\tnhcre.exe"
        362⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\tgqulq.exe
        
        C:\Windows\system32\tgqulq.exe 2188 "C:\Windows\SysWOW64\dtizhl.exe"
        363⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\ywnhhe.exe
        
        C:\Windows\system32\ywnhhe.exe 2220 "C:\Windows\SysWOW64\tgqulq.exe"
        364⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\knqkpe.exe
        
        C:\Windows\system32\knqkpe.exe 2212 "C:\Windows\SysWOW64\ywnhhe.exe"
        365⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\uxfuci.exe
        
        C:\Windows\system32\uxfuci.exe 2224 "C:\Windows\SysWOW64\knqkpe.exe"
        366⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\hrlkou.exe
        
        C:\Windows\system32\hrlkou.exe 2236 "C:\Windows\SysWOW64\uxfuci.exe"
        367⤵
        
        PID:320
        
        C:\Windows\SysWOW64\pvvpff.exe
        
        C:\Windows\system32\pvvpff.exe 1836 "C:\Windows\SysWOW64\hrlkou.exe"
        368⤵
        
        PID:556
        
        C:\Windows\SysWOW64\epskpt.exe
        
        C:\Windows\system32\epskpt.exe 2244 "C:\Windows\SysWOW64\pvvpff.exe"
        369⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\oowhzs.exe
        
        C:\Windows\system32\oowhzs.exe 2248 "C:\Windows\SysWOW64\epskpt.exe"
        370⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\bmrkia.exe
        
        C:\Windows\system32\bmrkia.exe 2240 "C:\Windows\SysWOW64\oowhzs.exe"
        371⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\misuqu.exe
        
        C:\Windows\system32\misuqu.exe 2136 "C:\Windows\SysWOW64\bmrkia.exe"
        372⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\ygixss.exe
        
        C:\Windows\system32\ygixss.exe 2140 "C:\Windows\SysWOW64\misuqu.exe"
        373⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\nhtkip.exe
        
        C:\Windows\system32\nhtkip.exe 2264 "C:\Windows\SysWOW64\ygixss.exe"
        374⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\afwnqx.exe
        
        C:\Windows\system32\afwnqx.exe 2268 "C:\Windows\SysWOW64\nhtkip.exe"
        375⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\keakjv.exe
        
        C:\Windows\system32\keakjv.exe 2272 "C:\Windows\SysWOW64\afwnqx.exe"
        376⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\xrsaoz.exe
        
        C:\Windows\system32\xrsaoz.exe 2260 "C:\Windows\SysWOW64\keakjv.exe"
        377⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\hchkcu.exe
        
        C:\Windows\system32\hchkcu.exe 2276 "C:\Windows\SysWOW64\xrsaoz.exe"
        378⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\pyrxto.exe
        
        C:\Windows\system32\pyrxto.exe 2284 "C:\Windows\SysWOW64\hchkcu.exe"
        379⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\bayfes.exe
        
        C:\Windows\system32\bayfes.exe 2280 "C:\Windows\SysWOW64\pyrxto.exe"
        380⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\ocevqe.exe
        
        C:\Windows\system32\ocevqe.exe 2256 "C:\Windows\SysWOW64\bayfes.exe"
        381⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\wvdvwl.exe
        
        C:\Windows\system32\wvdvwl.exe 1868 "C:\Windows\SysWOW64\ocevqe.exe"
        382⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\lrlvjl.exe
        
        C:\Windows\system32\lrlvjl.exe 2296 "C:\Windows\SysWOW64\wvdvwl.exe"
        383⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\vcafeh.exe
        
        C:\Windows\system32\vcafeh.exe 2304 "C:\Windows\SysWOW64\lrlvjl.exe"
        384⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\lgaaau.exe
        
        C:\Windows\system32\lgaaau.exe 2292 "C:\Windows\SysWOW64\vcafeh.exe"
        385⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\sowsuj.exe
        
        C:\Windows\system32\sowsuj.exe 2320 "C:\Windows\SysWOW64\lgaaau.exe"
        386⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\zhuyrd.exe
        
        C:\Windows\system32\zhuyrd.exe 2004 "C:\Windows\SysWOW64\sowsuj.exe"
        387⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\ugnqnf.exe
        
        C:\Windows\system32\ugnqnf.exe 2312 "C:\Windows\SysWOW64\zhuyrd.exe"
        388⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\ejdsai.exe
        
        C:\Windows\system32\ejdsai.exe 2316 "C:\Windows\SysWOW64\ugnqnf.exe"
        389⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\otsdvl.exe
        
        C:\Windows\system32\otsdvl.exe 2328 "C:\Windows\SysWOW64\ejdsai.exe"
        390⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\eyayzr.exe
        
        C:\Windows\system32\eyayzr.exe 2332 "C:\Windows\SysWOW64\otsdvl.exe"
        391⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\oaqimu.exe
        
        C:\Windows\system32\oaqimu.exe 2324 "C:\Windows\SysWOW64\eyayzr.exe"
        392⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\viligj.exe
        
        C:\Windows\system32\viligj.exe 2340 "C:\Windows\SysWOW64\oaqimu.exe"
        393⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\igglpr.exe
        
        C:\Windows\system32\igglpr.exe 2180 "C:\Windows\SysWOW64\viligj.exe"
        394⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\yorlwb.exe
        
        C:\Windows\system32\yorlwb.exe 2344 "C:\Windows\SysWOW64\igglpr.exe"
        395⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\izhvje.exe
        
        C:\Windows\system32\izhvje.exe 2360 "C:\Windows\SysWOW64\yorlwb.exe"
        396⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\ypsdqw.exe
        
        C:\Windows\system32\ypsdqw.exe 2352 "C:\Windows\SysWOW64\izhvje.exe"
        397⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\fazjfp.exe
        
        C:\Windows\system32\fazjfp.exe 2348 "C:\Windows\SysWOW64\ypsdqw.exe"
        398⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\ntyjuw.exe
        
        C:\Windows\system32\ntyjuw.exe 2020 "C:\Windows\SysWOW64\fazjfp.exe"
        399⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\cbjwjt.exe
        
        C:\Windows\system32\cbjwjt.exe 2372 "C:\Windows\SysWOW64\ntyjuw.exe"
        400⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\jftbsm.exe
        
        C:\Windows\system32\jftbsm.exe 2384 "C:\Windows\SysWOW64\cbjwjt.exe"
        401⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\znfjzv.exe
        
        C:\Windows\system32\znfjzv.exe 2388 "C:\Windows\SysWOW64\jftbsm.exe"
        402⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\mmhlid.exe
        
        C:\Windows\system32\mmhlid.exe 2368 "C:\Windows\SysWOW64\znfjzv.exe"
        403⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\rqbtbf.exe
        
        C:\Windows\system32\rqbtbf.exe 2152 "C:\Windows\SysWOW64\mmhlid.exe"
        404⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\jnsylh.exe
        
        C:\Windows\system32\jnsylh.exe 2376 "C:\Windows\SysWOW64\rqbtbf.exe"
        405⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\tmewwf.exe
        
        C:\Windows\system32\tmewwf.exe 2400 "C:\Windows\SysWOW64\jnsylh.exe"
        406⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\gczzeo.exe
        
        C:\Windows\system32\gczzeo.exe 2404 "C:\Windows\SysWOW64\tmewwf.exe"
        407⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\nkmrzd.exe
        
        C:\Windows\system32\nkmrzd.exe 2412 "C:\Windows\SysWOW64\gczzeo.exe"
        408⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\zqdtnu.exe
        
        C:\Windows\system32\zqdtnu.exe 2396 "C:\Windows\SysWOW64\nkmrzd.exe"
        409⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\uwuoqr.exe
        
        C:\Windows\system32\uwuoqr.exe 1940 "C:\Windows\SysWOW64\zqdtnu.exe"
        410⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\ofwjht.exe
        
        C:\Windows\system32\ofwjht.exe 2160 "C:\Windows\SysWOW64\uwuoqr.exe"
        411⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\pxljzk.exe
        
        C:\Windows\system32\pxljzk.exe 2024 "C:\Windows\SysWOW64\ofwjht.exe"
        412⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\bncxwv.exe
        
        C:\Windows\system32\bncxwv.exe 2148 "C:\Windows\SysWOW64\pxljzk.exe"
        413⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\dbosli.exe
        
        C:\Windows\system32\dbosli.exe 2060 "C:\Windows\SysWOW64\bncxwv.exe"
        414⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\agkxdx.exe
        
        C:\Windows\system32\agkxdx.exe 2172 "C:\Windows\SysWOW64\dbosli.exe"
        415⤵
        
        PID:632
        
        C:\Windows\SysWOW64\epqcty.exe
        
        C:\Windows\system32\epqcty.exe 2164 "C:\Windows\SysWOW64\agkxdx.exe"
        416⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\bbnidn.exe
        
        C:\Windows\system32\bbnidn.exe 2232 "C:\Windows\SysWOW64\epqcty.exe"
        417⤵
        
        PID:540
        
        C:\Windows\SysWOW64\kwlcsd.exe
        
        C:\Windows\system32\kwlcsd.exe 1300 "C:\Windows\SysWOW64\bbnidn.exe"
        418⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\hmtvnw.exe
        
        C:\Windows\system32\hmtvnw.exe 2252 "C:\Windows\SysWOW64\kwlcsd.exe"
        419⤵
        
        PID:604
        
        C:\Windows\SysWOW64\lvyaex.exe
        
        C:\Windows\system32\lvyaex.exe 2176 "C:\Windows\SysWOW64\hmtvnw.exe"
        420⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\nunvnb.exe
        
        C:\Windows\system32\nunvnb.exe 2300 "C:\Windows\SysWOW64\lvyaex.exe"
        421⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\pmcdft.exe
        
        C:\Windows\system32\pmcdft.exe 2228 "C:\Windows\SysWOW64\nunvnb.exe"
        422⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\mqhjxi.exe
        
        C:\Windows\system32\mqhjxi.exe 2356 "C:\Windows\SysWOW64\pmcdft.exe"
        423⤵
        
        PID:880
        
        C:\Windows\SysWOW64\nhwjph.exe
        
        C:\Windows\system32\nhwjph.exe 2168 "C:\Windows\SysWOW64\mqhjxi.exe"
        424⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\fdllle.exe
        
        C:\Windows\system32\fdllle.exe 2380 "C:\Windows\SysWOW64\nhwjph.exe"
        425⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\bfcrvw.exe
        
        C:\Windows\system32\bfcrvw.exe 2288 "C:\Windows\SysWOW64\fdllle.exe"
        426⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\ynkjqp.exe
        
        C:\Windows\system32\ynkjqp.exe 2392 "C:\Windows\SysWOW64\bfcrvw.exe"
        427⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\aboefc.exe
        
        C:\Windows\system32\aboefc.exe 2336 "C:\Windows\SysWOW64\ynkjqp.exe"
        428⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\wrdxaw.exe
        
        C:\Windows\system32\wrdxaw.exe 2308 "C:\Windows\SysWOW64\aboefc.exe"
        429⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\soahby.exe
        
        C:\Windows\system32\soahby.exe 2408 "C:\Windows\SysWOW64\wrdxaw.exe"
        430⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\kgmpuq.exe
        
        C:\Windows\system32\kgmpuq.exe 2364 "C:\Windows\SysWOW64\soahby.exe"
        431⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\geqhvt.exe
        
        C:\Windows\system32\geqhvt.exe 2424 "C:\Windows\SysWOW64\kgmpuq.exe"
        432⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\xzfcrx.exe
        
        C:\Windows\system32\xzfcrx.exe 2420 "C:\Windows\SysWOW64\geqhvt.exe"
        433⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\xkpffw.exe
        
        C:\Windows\system32\xkpffw.exe 2428 "C:\Windows\SysWOW64\xzfcrx.exe"
        434⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\gkcvri.exe
        
        C:\Windows\system32\gkcvri.exe 2432 "C:\Windows\SysWOW64\xkpffw.exe"
        435⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\fypliu.exe
        
        C:\Windows\system32\fypliu.exe 2436 "C:\Windows\SysWOW64\gkcvri.exe"
        436⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\zmdlcz.exe
        
        C:\Windows\system32\zmdlcz.exe 2440 "C:\Windows\SysWOW64\fypliu.exe"
        437⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\ahcylk.exe
        
        C:\Windows\system32\ahcylk.exe 2444 "C:\Windows\SysWOW64\zmdlcz.exe"
        438⤵
        
        PID:936
        
        C:\Windows\SysWOW64\alpjub.exe
        
        C:\Windows\system32\alpjub.exe 2448 "C:\Windows\SysWOW64\ahcylk.exe"
        439⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\exgbug.exe
        
        C:\Windows\system32\exgbug.exe 2416 "C:\Windows\SysWOW64\alpjub.exe"
        440⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\mtewjy.exe
        
        C:\Windows\system32\mtewjy.exe 2456 "C:\Windows\SysWOW64\exgbug.exe"
        441⤵
        
        PID:940
        
        C:\Windows\SysWOW64\egppqo.exe
        
        C:\Windows\system32\egppqo.exe 2460 "C:\Windows\SysWOW64\mtewjy.exe"
        442⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\crhsly.exe
        
        C:\Windows\system32\crhsly.exe 2452 "C:\Windows\SysWOW64\egppqo.exe"
        443⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\mpvxvt.exe
        
        C:\Windows\system32\mpvxvt.exe 2464 "C:\Windows\SysWOW64\crhsly.exe"
        444⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\bsqypi.exe
        
        C:\Windows\system32\bsqypi.exe 2472 "C:\Windows\SysWOW64\mpvxvt.exe"
        445⤵
        
        PID:3832

C:\Windows\SysWOW64\hditkl.exe
C:\Windows\system32\hditkl.exe 748 "C:\Windows\SysWOW64\zklyay.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
PID:2544

C:\Windows\SysWOW64\zklyay.exe
C:\Windows\system32\zklyay.exe 632 "C:\Windows\SysWOW64\cjbtfm.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2224

C:\Windows\SysWOW64\oevvzz.exe
C:\Windows\system32\oevvzz.exe 736 "C:\Windows\SysWOW64\efryoa.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\SysWOW64\efryoa.exe
C:\Windows\system32\efryoa.exe 704 "C:\Windows\SysWOW64\tgeaec.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1220

C:\Windows\SysWOW64\tgeaec.exe
C:\Windows\system32\tgeaec.exe 728 "C:\Windows\SysWOW64\heyklp.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1896

C:\Windows\SysWOW64\heyklp.exe
C:\Windows\system32\heyklp.exe 724 "C:\Windows\SysWOW64\wjgsdv.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2828

C:\Windows\SysWOW64\wjgsdv.exe
C:\Windows\system32\wjgsdv.exe 720 "C:\Windows\SysWOW64\pxznob.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2756

C:\Windows\SysWOW64\pxznob.exe
C:\Windows\system32\pxznob.exe 712 "C:\Windows\SysWOW64\ckpxax.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2260

C:\Windows\SysWOW64\nvgfus.exe
C:\Windows\system32\nvgfus.exe 700 "C:\Windows\SysWOW64\douijt.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\douijt.exe
C:\Windows\system32\douijt.exe 696 "C:\Windows\SysWOW64\ogjidc.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\cjbtfm.exe

Filesize
65KB

MD5
41867f6f889fbd4c26198ca98407b3af

SHA1
8b5e649baf5c3517a47644081b34a4aa6caf98b3

SHA256
95a5d8f7578830f58f81aae07bf5e38a3c17d11c4be25dbd2d481ba71ba0c1bd

SHA512
9cf48cdc803b3e4c6e60ecb7aa3889f84b3e843fcad026bbf8980ab6616deeeefda461310c61b3cbedc07b16e219e09d042b59e83a96b01b10a0d1c848525dee

Download Submit
C:\Windows\SysWOW64\ckpxax.exe

Filesize
47KB

MD5
962f9082900aa42047dd9c2c16ef4d2f

SHA1
abbb31c407806f46ba38c192adf9764ed470592e

SHA256
75dfae4e8adc5ad301304484522c4a2067899bf1f0512fb3055cf6939a11d008

SHA512
5c3bfc4c1295840bae268a0e0af602e3c27f81f47fe2bf05027676e88ff9ec919e1a70d5125ac3d34e242fd9214ce2e7289e5e2d6d344d720fd4d8aac73bf78d

Download Submit
C:\Windows\SysWOW64\ckpxax.exe

Filesize
62KB

MD5
7be7538742850b1d7c7e3d494fdac045

SHA1
bdcaf167bb0471a468da7c3cc49957be61ae4c3f

SHA256
180d4abd51286f416e1e0cf2211af3feac1fa53afe8e3cc7a50c1eaef7b92987

SHA512
8caf641998962286761c4086ef27ac63e793155d327fb987b379172dc0618742e8f7f795342d3dcf7097c1dd2699cc8d9c491dd9bad7dc57dcbabe645123ec75

Download Submit
C:\Windows\SysWOW64\douijt.exe

Filesize
85KB

MD5
078e3287cce6204978825219661198bc

SHA1
8155b1c281472e04fb37a5e50a02ff7601bd12ee

SHA256
4034fbad50a30dd3c428783d779829bfe7421c1a044ddce4119c343482539b28

SHA512
d05aebcb464b95bf68304d59f795309f302e76de38d45e8b938ab736663d4547562603a4a6385b1a5ccfcd9753fb4d9267b14f152e9ce944ea939512cd1972d9

Download Submit
C:\Windows\SysWOW64\douijt.exe

Filesize
305KB

MD5
58fb9dc55e2cddb25dd5b6f6d8bac337

SHA1
5d27a1036bcb3b19fd44c62ad51544fbbb22a5da

SHA256
c87c61ee310c5be4a25929f85fa82b2d1907ab56d546b8824014ed84d9e2ea1e

SHA512
9b5c39f9326503d4272688ebaa75167b05c047db43ee20d6a4f1160a0492e07d12bf0d811134706c82054320bfa0010169caa0551873de645cc51571d54e70c8

Download Submit
C:\Windows\SysWOW64\efryoa.exe

Filesize
28KB

MD5
7ac4f5d900c6760927b0c6fd8f694a82

SHA1
86985bd0970e7f2c28f3d7838a023eb054f3da67

SHA256
38557d2ea737a12e050636717cac59008230f56842f799c84584aa1dd07d1f45

SHA512
070ae86105bb1bd1a8c31b43c504762bc2e111766f1e4fba402c65337a814d59a35541e4e1ca763077346ccdf3ec0eb67bd220369365fca511e6a98474e2bd2e

Download Submit
C:\Windows\SysWOW64\efryoa.exe

Filesize
133KB

MD5
9dfe715486ea87cb76ff8dd5a69c9e68

SHA1
a9e91e919df99273bc52d9b6bfc537812475c98d

SHA256
bdfc7d8f14df44110886075a80f37aeb061c1021e09b2eb61eb78ec8fab1f31a

SHA512
221b09e3c09a1c9c9637d284496d2d0da90e88aec44e1cc2f115fd7727708316e563e698e10064124ccc975d791e90c673965d12b769251094c44a59e19846f8

Download Submit
C:\Windows\SysWOW64\hditkl.exe

Filesize
20KB

MD5
057758cf808b7fd05d86773e7fb430e5

SHA1
5cd9b1f640d6030c31d0b908fd55c25a2153ac24

SHA256
e37544968efb639106d23e9fc9ef76f3bfe82637adb1013d520b2b4870dbbe9a

SHA512
f62914f5ebc7376975a3200c5795345bca1a19b91131b370fe90bccc61bc94c74535028b117494094b99d5f7b337e5af5ea4be29f0fd5c862d33a15e25408128

Download Submit
C:\Windows\SysWOW64\hditkl.exe

Filesize
9KB

MD5
2f8cb8e61b972b94e12f0edcf6785803

SHA1
bd09ab18693457bf496527418cfdc44962b65582

SHA256
f13e1b9f6fd0109538628fc62a3f523f97c8f8217cfadd5b620097176d578d88

SHA512
582d1f96b8a967a262780e6d465ffee3a82f9cb7af6399055a9cfbbb4e710e15ba8154d814fe321b90d15c9c1a0d8743f7a09265d6dda1034bf9914dc41d8e54

Download Submit
C:\Windows\SysWOW64\heyklp.exe

Filesize
16KB

MD5
42b19d16c3673f2cfbc1b5f5a3f3d8b4

SHA1
447ae61a2e67a19359a7bde8c1911d019e2e6c6d

SHA256
b96d567ee1018710793557a5d0b1b356f096bbc2106ea2113c94ed19c36fc0a5

SHA512
eb45e3f2d6226b770ef6e2738d382faa968ebce38d399d0124281c45d870e1dccc848c9ed2d56b08e361f20d63db40582a0dd1e5eaf4993f005a2de59b7a76b5

Download Submit
C:\Windows\SysWOW64\heyklp.exe

Filesize
268KB

MD5
786950b136c7518dceba494d21798340

SHA1
20241519e61e16c8aebb2dc9288f3f38ea525ab9

SHA256
8e97e6e7594116da802cdca8e896468d6906a51a631c840c740132b813fa82c4

SHA512
771ed46c856855b7449e4fe6c4146e34ec3159619355045952c6a6bbb29c77987b25ed8e62180638280706b3b6b3cbcaac8b775183858c21d3b22b6651f4c702

Download Submit
C:\Windows\SysWOW64\nvgfus.exe

Filesize
19KB

MD5
678fdc87b718facabc219a50ae88b41e

SHA1
1b7b96c1aede53d1a1cc55285b5e5b9610950fa0

SHA256
9d119f2907137fc45f7d19071d2b5ccac2f14f5fe93f47eb81273fdeb585b2c5

SHA512
bb0d36002295bb6fb6bb9b22826afec80f83294c26002d0e0f84cf586c8b23c33a075f10d3d11d72019c73440e50a14cfef71faabb71fec2de2182b93040fdda

Download Submit
C:\Windows\SysWOW64\nvgfus.exe

Filesize
264KB

MD5
7059342deffad5ad56cc1e7ec3acaeb5

SHA1
925d4b38a312052b2c43fa31d8ace76303e8aefc

SHA256
5ec86b2f131d4edfd511c5bcb444a7f7b2bc3fd7e07ef9a2eb94af008c37c401

SHA512
f0eb8457c8e5add6410fa267df91dd056b3ef4476c895a60769851a0f8eaec80c2bb98350ba52834cecc284d15fb05c2c1f8823dd8594dfc6de5336d837a8188

Download Submit
C:\Windows\SysWOW64\oevvzz.exe

Filesize
6KB

MD5
0bb1d43231b49ee698a125f3b88eed24

SHA1
63a1a2e7f69086c13edb8d5550e451eaf1106d46

SHA256
23344f66c9706cb45355224373ff7cbb99521cd68b8625708a0e7277b7489495

SHA512
8bfe7e498fae72aff788737c03f2c26f64134fde337d609b2eaf026e0e4a54c161250f7b43c49087363cdcc3f90ec565a545f72a5e6d248ed18ca90e6d912f93

Download Submit
C:\Windows\SysWOW64\oevvzz.exe

Filesize
216KB

MD5
43b9ba81bcc6647c48aab214bce48cc0

SHA1
14c24569ab64ef66123c25668ff0d87858894fa2

SHA256
e0d495b0f45f81f45a92b621739b1283d5593a65002f50160db87d84271c6883

SHA512
0c28de75aa0d6a4f8de540257ce54d21649762a0b18024ec8901fdb62f1bade5f8624ddf1ae32bf2280d7083e252d5f54055d42071718ee8e7fa0fb990a9fd17

Download Submit
C:\Windows\SysWOW64\ogjidc.exe

Filesize
337KB

MD5
3e46cf7aeb215136f52a2c26f90e4f61

SHA1
c5d25092eb15193e63fbd5dee0414a1c100bd067

SHA256
9e09afc58eb1d3cee0f9716c7b32dc817797a3f2e128db60574f3333ef74350c

SHA512
84e138b0d3472669d48c75df4c4a9436f9a6205316247f6e2ade7bec5a06b4723ecbe7b685d33d2485ad473817c0e75ffebbff78b320e083ceff5d2bee71dd43

Download Submit
C:\Windows\SysWOW64\ogjidc.exe

Filesize
390KB

MD5
7237c2c715a4d0a842f9b4b83c262b71

SHA1
f882ca189e08cc57ecbf7e071ef1627ca2f1b0d6

SHA256
a3bbfdd46132081ef14566e300bcc113d6990245bd42851078f4e43ec113d729

SHA512
59ecf2ef06fab0d597537740c9109e243d3c1419d5b92ce087fe951fc9919b99425dd821482ea85894a1793b6684766ed1b03d7e97766c80cfd193c5efc4a69e

Download Submit
C:\Windows\SysWOW64\ogjidc.exe

Filesize
66KB

MD5
01893640367b111f18f1a2fb6d19bec7

SHA1
eaf1837e7396d1fd0923db1e0fe4eaeed0198b9e

SHA256
8aba514d0dd27a27e7c06611de66890e1f1f10d987d8ba2efdcee31652402cc5

SHA512
1b50e1a2238aac2b72017cd40485694a127e52307a243d913623a499256844244dc07a0564d885fe6ce8cd413a221bae0ca5014f0534c63c70c18c4f332decee

Download Submit
C:\Windows\SysWOW64\pxznob.exe

Filesize
153KB

MD5
80ae73d97fd5c69339d63a9094de8600

SHA1
72e12b5148e034a5ac2925397ceed0ec43211de9

SHA256
bd32ab8d62ee287107558d426af740be1f6da9b989183f9e8394fea890a134a8

SHA512
a81f9b11947ea4c0d8b1d501e496805681c09eaca7b058202c6795071fed447118e25b7f1e0a5f80c65bea96b682a91673e335d031d37b73a096d3703bf6ce51

Download Submit
C:\Windows\SysWOW64\pxznob.exe

Filesize
174KB

MD5
77e67768c0743be83de4b91ed44155ce

SHA1
4862e212a243b7bc551fceb75f1fada28faae9bb

SHA256
dd8739feb0ea0a01df0e87f9db0093f9c7e7d012574e8bf28dd7820c5c3ecfda

SHA512
2fc5a73a3bca5d3fb8b75146e55cc13d1c85fb6460fc565886eb2e8d297a13e0a072cb3f9fa49e3b472cb8826832a4c7f0005a90c27860454b568d27c9c71b9e

Download Submit
C:\Windows\SysWOW64\tgeaec.exe

Filesize
62KB

MD5
f22aa689c3b52f2e9d43502c7bf87862

SHA1
1cc1dfbff704223dfdf69460e77595a60ec862f5

SHA256
c535f2ad74a73580f760d0cf28655fab9856f2cafffbec1e528fedcbd4946c3c

SHA512
4a5933ef6b04e0d0ea03f7239588f854f0ca574f8ed344ebfc183ecb58f0ede3c0a9bd58c3b986aefa99bd89444d6364eb83a1c9eab4ccd2e806fa975f339dfd

Download Submit
C:\Windows\SysWOW64\tgeaec.exe

Filesize
169KB

MD5
7f5f103225165113cad275fb0452ac1a

SHA1
67b6906a76b8c2f066afe47fc82c5235eceab279

SHA256
15971d12ba43f0c36dbc242a335995cc4a4b8ada802ea876a2e759a59db99fde

SHA512
59a2949f2112fb3a2ec1e5b41de7bdf42b82bc9413af7f8669549e2a7f453cb5d01f3465cf719514cbc0a85e15409f1d6516de424868aee5c5d8f6410f42af58

Download Submit
C:\Windows\SysWOW64\vdufoi.exe

Filesize
12KB

MD5
b445d56a4ae76e02867dd7bab7af61ee

SHA1
61f40d62cb47cc3d28ebe368de1a9bb879c58cc4

SHA256
89e55a37861e4fc06ee09e57789031b2305a36ea38ce2d60dd67ad87c3bfc066

SHA512
89843e4ea32a3a99d59069482cff7ea7eac9670b1825c64e185fb416a777707733335ad843cfee9081116a6fc17273a47eb1a64f8d3c2366764a017e7c7e1f24

Download Submit
C:\Windows\SysWOW64\vdufoi.exe

Filesize
194KB

MD5
06bb61ec18cfcb1255f79ed40695dda3

SHA1
0d3edeca4bd7e3aadac55710388144f17a64930f

SHA256
23b143e2d4b383413be5478b0957ae7f430db07cb391840dd8b3c2dd5ae8288e

SHA512
4e29ba0514b200dc9ab7c021c7572f9811664b5df5107c070f41afa7b946c7449386e6b7f95cd2c7d3fa47520e39ab745926e6889e9fcd8e14aa1c105bae7391

Download Submit
C:\Windows\SysWOW64\vuqntp.exe

Filesize
15KB

MD5
a6c5dd421306ff8f3cff5a3fdca76356

SHA1
6dcdde8082f2960438477eff281cfbf6bb614f81

SHA256
4f1d6c83cf981d6c12536bf8c6b0911842a4f2310cefba9b2a9c44eaca740450

SHA512
efe0e33a0ef94b69e081de27cc0246c66f94e1e75fd40f31a30a0093af8f3a1deac45e30d3f53514cadd2c9eb480807c881a88ab1c0c8d10056a3eee1b7da5f0

Download Submit
C:\Windows\SysWOW64\vuqntp.exe

Filesize
92KB

MD5
3037ea300143f18e6f09a109775fc0b1

SHA1
f07508492b28921c33c7b39fe846382063851c4c

SHA256
b1bdf5747320cd7be76775097181ea11366f204486fce8568559380ebe6882c9

SHA512
62ed2e1df2868d2407e0b9d28c334fd4d2ed15fb8c9cd1a63c47024adeab197d859027485595d955a2132634d40ba16dd95f797efa5e0b3e0e0b5e7e8d8b85e9

Download Submit
C:\Windows\SysWOW64\wjgsdv.exe

Filesize
22KB

MD5
2c2c8c12eaa8d52608777f4adae8cec4

SHA1
3cb45d50f2f6980fc6f10ec21c50d5cb634bfa8e

SHA256
f6d1a8772b05537c0049acfd7ad8b08bab4455539aff24519fa4390a83c2923e

SHA512
a1be872b521edb9c39865a17215ca2c5299ccb032f6cc16dc557df240b6e380b04e831b47ca24b7d6d4d9eda9d34b05661d90445e11ecacc4f8fc714299fc306

Download Submit
C:\Windows\SysWOW64\wjgsdv.exe

Filesize
64KB

MD5
78824517b74b8235b543376142c31c08

SHA1
eab8b5aaad5cd80a1cf49182a24a086148ed23e6

SHA256
9d678f28b3c90d9b28e2993a8455f023aa5016c8bc359e8aea658533661a4ec0

SHA512
666845a5a193ac3c70be2ac83f3fb863e0e5b2b6db6c17c451e06f94fd42bd74337226b9369afd679efd478d9579dc65169b271c6f7a36cecb66c484d0d73a62

Download Submit
C:\Windows\SysWOW64\zklyay.exe

Filesize
16KB

MD5
96870c01c474bc51a8fcc4f56abba0c6

SHA1
939647ed21d3f5c64a953b9d5456eceaa0aa42e5

SHA256
63b5a7873162709e36626bb6aa49b8ef4e64ebba231e6a75969ee89e06b11568

SHA512
c441c061ecfa3bedc8a87c3fb6939fe976a40bbdcee936d3f8a5ff85be3989a90880256554d2c4c8ea7a5570dfac699911ea1fd57f9144cb8e6a5982d58137f4

Download Submit
\Windows\SysWOW64\cjbtfm.exe

Filesize
13KB

MD5
fa26bce727f134cce76bba7f7768c7f9

SHA1
f6f788f1edf09b14f0b5e38a9802c7ffa2f94208

SHA256
0ce800fd780d59c6b39b9e3af08a00c69b2300e4ba432a6c9dc1432591c26f32

SHA512
0d5cef290e62a01ce69dc176212331ab32a0cec535f859500b5f28d8d92aadf11c60feed00b440a446d0e7ab22f14c7a536258fcea272e5831fbf12a222eb0d5

Download Submit
\Windows\SysWOW64\ckpxax.exe

Filesize
2KB

MD5
5995dd22d434968bc1e6c40447c9e031

SHA1
5208beb7ec932c2f60eb2ce993b284f6f68f6ec9

SHA256
7060d9b8bb276c03802ea3484f8bba2bbb26a02b95a92299cc4ad10c5961c0d1

SHA512
3712f01c71b5503060e60e69f9734690230bf67d3f4347df492899b2b62669ef96b7b1b8c985a7405765c3994a1db111627722d05f6d416e769e9aba1af82d9e

Download Submit
\Windows\SysWOW64\ckpxax.exe

Filesize
18KB

MD5
ac8ac0fa6d0bc7041610c2d6abc208c0

SHA1
48175fff1675897b03aad8fb6c84cf0982cd493a

SHA256
eb66c6765cbba85e6149b97bdf722e5f341dba6f09c82692b06fafa858a54952

SHA512
ff028be12790fcfac765f1caa05eca9a1ea716202d4df14797085f544cda5f1db37dcfa452eb37d3024cb51b74ae080425922bf654783b0889eb09ced60ff2bc

Download Submit
\Windows\SysWOW64\douijt.exe

Filesize
223KB

MD5
005c4517540799f76c831c99b6b93756

SHA1
bdb30a495a15068b69e98b8830a794e2eaeb015e

SHA256
ed627eefe08a6b08bbc8079f9206d35e2abacb1527014db2b530d01e85f2bb64

SHA512
c01f6453413681e37f788d1f75cc4fde65a7d8376ba8f877cc34f1092964e1e061d17be46bc4b81ce2c5b0dc36dfb2956b6bf843dd1bef9e4bcea7966cdeb6d6

Download Submit
\Windows\SysWOW64\douijt.exe

Filesize
312KB

MD5
1d76414090edb4787b091fd8cb4cd9da

SHA1
26acdeef602492df67a97dfadb072442189fb08f

SHA256
445ac7e497f4de29c083d38f397439d6481a3679ef583a469662ef650fb08f1a

SHA512
ac3b366395fa377e73e7e935b1b495de08fde7563904358bafc2e041011c5d168b53fe0c02fb0335d6a2512e23c6a7fb0c6d49d8c036af13e1d0bdd38a7ffcee

Download Submit
\Windows\SysWOW64\efryoa.exe

Filesize
64KB

MD5
8e328a554a1166c0a7ea801f500ab703

SHA1
c992b2311ef9ef487b86cda3500ebeb8c2c021f2

SHA256
6a337b0f5c86442674ba64b791c06fb962de946badca665603967eee46fe108a

SHA512
62731f42300b9d142421997dc630b16c08703bc7ad6eea56c8b24af3df619546ba8719623187df0807543ce02cbb6532895093ab4b43d9697370377c15af4ba9

Download Submit
\Windows\SysWOW64\efryoa.exe

Filesize
20KB

MD5
5f1ffcef7a80cbff0da5ad97dc216b91

SHA1
14ddb8257771a269f6a755abd8642b4ebdcd30b9

SHA256
bb2dd3145f8fc58c6e5f6a6fd772d105bbf8653a5dab30a85fc7fd55e3442ebd

SHA512
ee5afe528144f08ab8f97548b88429cc9e7f0b55e8feba6fdb0bb544ceb0d35276d579e6a8ea0db843a3869eabeec7c80220bc12e88cd6450685e09e77619374

Download Submit
\Windows\SysWOW64\gegtyf.exe

Filesize
1KB

MD5
3fc8feeb3c3553b46c6a598606615c39

SHA1
f0856f3379488320b81df8d6f05c2a7727a5240e

SHA256
ec9538bad762c8a1966dcb156cfd3653c8f9e7a1f0b00ad281fb5a212a79fff7

SHA512
3187ed121c460f04a93d43835cf949c3a94bca1442710976ce00fd3c153da6b4aa0ca010665352e12fdea4e6660430f3218f12dd4573a8d151c14ee723769353

Download Submit
\Windows\SysWOW64\hditkl.exe

Filesize
17KB

MD5
e77e0dd3790e4a78dc20cb49c6791db4

SHA1
a7dd5a4fd62eba653de1e1a37c917af521e2ff7f

SHA256
704d3b30a1a72c9fd5e8aeefe76904c8a6d86fe2aa6f983ffa61b209d5bdbc50

SHA512
4bd1b85b2835652567969437160c3128be74097e877fbad4a59de0e30fbe4c24d18aef909dbebc1d2a2ec48614e5586c51f01e07fb94021de19c4fbe5cefb3f7

Download Submit
\Windows\SysWOW64\heyklp.exe

Filesize
147KB

MD5
27de79037efd862a20ba5c8677416994

SHA1
0bad670e1468c133ce6e499a568350dd3bb982e7

SHA256
10e32accec130ea4c18a4ec94889dbc5c38e8ad151a1164d3c09feb50766a084

SHA512
53dc2f05142924b174e7c553e83cfe3d6e68710c71a27736f3a69aa4aa554e6290146f86417e77cdda35daf32f2461dda49d5659bc6408548550d60c267b3204

Download Submit
\Windows\SysWOW64\heyklp.exe

Filesize
35KB

MD5
700ebefdd877b4c45b4fd9e165afd18f

SHA1
39c6cf9dcf2732809adcd7fd0d814f142d8ca573

SHA256
070580dc7c198376ddd346df5ebedc087f48ac7b9e72adfed24767d806249aec

SHA512
cc9c16bb0ea916a23d82a98ae7fbc9dcf71dcf4635811b5acdf0306bda481c48ad064f0f7c6b20ca3ab6142b99dbc48c099410e5571f81bf17c893dde915741f

Download Submit
\Windows\SysWOW64\nvgfus.exe

Filesize
287KB

MD5
9b1dba41447e931c2f77aa88f43d0ede

SHA1
84b87942930df7283357b5e18a919f605c760414

SHA256
4be86be166e0e35cf815fce737d56087d39d7d0d28073edc4ea68d78c169ca9d

SHA512
15f91b3665d2716fc9e8a20b5c79fe3c0d8c61be1d82cd3c34deaaf65c0ff53b2885b970ed85ab01b8543de30e9a6bb8d862c9db627fd640af3115cf68eaec0c

Download Submit
\Windows\SysWOW64\nvgfus.exe

Filesize
174KB

MD5
c9c2ffeec2ffbec0b1436333e3ed2a74

SHA1
188fbda292c6f83f3039120b996ddbb36bcec371

SHA256
8cc8178c4b19a80f9968a5f4e7ae8675ec019418a178b9db54e1718574cb15ae

SHA512
ea4b60915fb92344dd53fcc563ce374140353ff5f6b60cd4ed769e7f45879f4f31adc45f3968b220bec3d9a7b4ec624d13fef034b352fa3e31321bb3c95b83ea

Download Submit
\Windows\SysWOW64\oevvzz.exe

Filesize
26KB

MD5
fe604481845cca48ca9af09b401a1565

SHA1
e949fed9147f2c8f24da1386f977c3b038ecbfc2

SHA256
548bfd5a994243afbaf5605aa1a4ee3a8e18ea2a4bd32322da9bf7fe4b22ec01

SHA512
881b817846d58c166c88d70bcc80e5ac2772f44f2a7e59ab2c1672fef9c281f2e06ba2dc68fcc031d8ecae54fb00447cff08ae3ead93fb48ac81b800dfb1983c

Download Submit
\Windows\SysWOW64\oevvzz.exe

Filesize
37KB

MD5
1a1bee9efc5e25fd03a9f826af362242

SHA1
7d51dcee54d138b077c594f5e4476a3c72c871dc

SHA256
487d4ed9bd45cf54859c804ec18ee31615aadef9143aa98a547b16c87ff7f7e7

SHA512
4175b9b5e3054bb8710d82ede97459dff1d7596d6cf6259be906e01302794ff50ba35b5426729646cf99764530ce56db8bdeb60b45674a4a35823a5aa9a4188e

Download Submit
\Windows\SysWOW64\ogjidc.exe

Filesize
106KB

MD5
1313c523be1033741655aff0cf80130d

SHA1
df85d40fd68f47e1bb232b86d32b82e82e40a529

SHA256
ed46f44fa7e5c21a1be2b213d6090eb0252671807f6533efd53891c4cf793251

SHA512
00be9c05dae9be0adfd9698af5627211073b245e26e3d5351d2f1318657f67bbbe95d3ee5d89d429eef154cf5dc92f54d19b743a7ae10b8c33beb5a9859c8a59

Download Submit
\Windows\SysWOW64\ogjidc.exe

Filesize
345KB

MD5
fe4bea1eecdae72b3a94ed82166812ca

SHA1
7baf05a64e84e9a72a3c233aac47d1765a8109f4

SHA256
c8c8fd0fb907a4e260ad6194e85ee9592e05d76cacd7fa5617c63d2c12a77d52

SHA512
082c99be48a17a411be3d6380efe214541cfedd8526702a8b0759459d425a4779b291296647b605502bc8d5a779ca626e842002991838b0de4a9e63e34a8fc4a

Download Submit
\Windows\SysWOW64\pxznob.exe

Filesize
168KB

MD5
0150f5b8e3962b48b6b4fe671ad54b90

SHA1
5bdd74622868731ecbe09d61d300998d55c4588b

SHA256
c94ded7c38012546d4af895bd8902f8183fcef4e754115881cfd74e0d6ea4900

SHA512
d9d99ba2bbd50be8d02d9930a520b81f96f06254550579b8e379e0463fb713317bad8bbc23d881aaa6f9306e676a97542cc84e22231638eae89f8c9d6f3fc76d

Download Submit
\Windows\SysWOW64\pxznob.exe

Filesize
2KB

MD5
8820bf0694132900a5b2f5aa18e5c7a6

SHA1
57a2487f3762e262a31e7c5a2fcc224d7b00aee0

SHA256
c207e0e03975b3c1d0721c14a721500fb7f7e9064bd65798288106084f673591

SHA512
e87a73e07c7dde4f728493ef81fc7abb0923c2e26254bb0301aa393e1d6191b7d4e0a02ec3484c412d003b88208a6685782965061ed21768dd61bc2c537aebc8

Download Submit
\Windows\SysWOW64\tgeaec.exe

Filesize
18KB

MD5
7efb03d67981e1a454340a3108363727

SHA1
25f6a050d28391baeed5380beb4653838868e14f

SHA256
4eaa018ea42c5eca9bda911b415cdef3a8172a62760b6886b9724298d2e891f4

SHA512
e093417d168f9adffa8721f92e08b4fc2a24e341e9c6311bd169eed022e5afcaa8359da1f31d90cb927e58ac458bc8140b5f0df33c2571d1401796f4ffe755e1

Download Submit
\Windows\SysWOW64\tgeaec.exe

Filesize
12KB

MD5
e90f1c1c1edec4d006df2a3c401da35c

SHA1
2d82cf88bde81f56afd765a321738b5437742e6c

SHA256
6f2ea16760b5331629cf7aab52e45979a48b5e7d9fbde3ced87143954242f80c

SHA512
ef3ce9d5b531311cc7790d7d2d34e9ee9cf393a3bb7c41810e014d98672340e6ef1caa728c755852a37f622293e862c811ad113527a5ee1a34ea3fd1de2da84e

Download Submit
\Windows\SysWOW64\vdufoi.exe

Filesize
5KB

MD5
7f7d353ca04959d9d0de24df8687ae2d

SHA1
65dab351b0a0413cebc5a0ac2fecc0a5c5e52a1e

SHA256
2242ec7ad79dffc21389e4c342bfce65e41febf9b58ad45034da4e31d67f7e3f

SHA512
0043e196413f8a3f882890a2cbc3b47b67aa1452bf4fc339efaf4a3c0e24db924e7433ee59bcd3bbcce1f3bd27ba60b1ffbd95ea7989e97bf06c678881c55baf

Download Submit
\Windows\SysWOW64\vdufoi.exe

Filesize
70KB

MD5
94eb590d8055a40e711147c0af4225fd

SHA1
815630e3d1b7f2fec4ccc9259963ddb8e0d47612

SHA256
4c487a2b644b750e0b36b6b071da90fb36cfaad4c2ba4bd541c5260b7cf9efb7

SHA512
bf2385a66bc02267f71e58dbd3f0742b7650f4214990c4726e001fa139ce0b072de62756f6198c2fa48306997d87120bc92b536950493505bb04d40221b39d8a

Download Submit
\Windows\SysWOW64\vuqntp.exe

Filesize
74KB

MD5
17088f9fe7c11cf42332fe706190a45e

SHA1
24fa4562dd3f61fd7a1e1c5b1af257a5ab03918f

SHA256
e591117d404855510a4e86155d983da05e59f1a182b78560ba2bd148e412a2df

SHA512
3f4d88e5064a1d2804775ad9ea734e081fed81dc3cfb36c79d048c071a5dfb800b642831be025cfdef08b4748c0d931c87f60ef340ab5390debd8acbaa4b9ad3

Download Submit
\Windows\SysWOW64\vuqntp.exe

Filesize
82KB

MD5
4201b27c8a6458f54f493507dde22c57

SHA1
6b4882e2968235aa6ca672b86a5f37a6459ea083

SHA256
e02f52cbf5067c179d032cb5f8e6e381b8f382ea2632e58a6d22859131f7e0c6

SHA512
4bf7d20e4522cd6770c7ca0f9d14b04b83552fe8bd452c6d7e7adf9726c8b0a4789105acd5d7c05ce643a080706858e1dc7694b36c88cac362bb5a9ecb599402

Download Submit
\Windows\SysWOW64\wjgsdv.exe

Filesize
10KB

MD5
64ab737ec0de18423c01dfc7f99c71fb

SHA1
2b7182f533c6d86dde7388f2afeab04cc8a4ca70

SHA256
6d8c009a8d17683222c733fe81a2c7514ff2b9b78af4db074dc87d293e8a74f0

SHA512
71012fbe3223c52652b4b4188846a3a6f56c51e0788d42913e77802b65f478b11a61ebca5bf8edac02d84e56f24efb4e6fd3abf514b783ac4b68e07418f9f0bf

Download Submit
\Windows\SysWOW64\zklyay.exe

Filesize
29KB

MD5
4c78bba39b7558fd4fe03ea5a1fac350

SHA1
30569e6d5feb2bd8270137a92c3d87e0194e51ba

SHA256
d4d14d232f846c8215e6419b7b7fb1207bc3c46768f7704f59e7ee7c290586dd

SHA512
d501360d671229d8251d4a88e3d65fd0240c54c862a2a255aead328d0c765ed954e3802b24926fd788a631965a8325f6402a5adfe476b9a6e0715bddee1daca6

Download Submit
memory/384-559-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/384-600-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/848-719-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/896-883-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/916-388-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/916-359-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1148-692-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1148-720-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1220-329-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1220-297-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1524-574-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1524-532-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1604-790-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1604-747-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1648-360-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1648-327-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1896-269-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1896-314-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1992-612-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/1992-652-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2036-101-0x0000000003D70000-0x0000000003D71000-memory.dmp

Filesize
4KB

Download
memory/2036-95-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2036-142-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2036-93-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2036-103-0x0000000003DE0000-0x0000000003DE1000-memory.dmp

Filesize
4KB

Download
memory/2036-98-0x0000000003E40000-0x0000000003E41000-memory.dmp

Filesize
4KB

Download
memory/2036-96-0x0000000003E30000-0x0000000003E32000-memory.dmp

Filesize
8KB

Download
memory/2036-94-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2060-391-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2092-55-0x0000000003E50000-0x0000000003E51000-memory.dmp

Filesize
4KB

Download
memory/2092-43-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/2092-36-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/2092-37-0x0000000003D70000-0x0000000003D71000-memory.dmp

Filesize
4KB

Download
memory/2092-31-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2092-38-0x0000000003E30000-0x0000000003E31000-memory.dmp

Filesize
4KB

Download
memory/2092-39-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/2092-80-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2092-40-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/2092-41-0x0000000003DB0000-0x0000000003DB1000-memory.dmp

Filesize
4KB

Download
memory/2092-42-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/2092-49-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2092-34-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2092-35-0x0000000003E80000-0x0000000003E82000-memory.dmp

Filesize
8KB

Download
memory/2092-44-0x0000000003D30000-0x0000000003D31000-memory.dmp

Filesize
4KB

Download
memory/2092-45-0x0000000003D40000-0x0000000003D41000-memory.dmp

Filesize
4KB

Download
memory/2092-50-0x0000000003D50000-0x0000000003D51000-memory.dmp

Filesize
4KB

Download
memory/2092-46-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/2092-47-0x0000000003E60000-0x0000000003E62000-memory.dmp

Filesize
8KB

Download
memory/2092-33-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2092-48-0x0000000003E20000-0x0000000003E21000-memory.dmp

Filesize
4KB

Download
memory/2224-494-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2224-445-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2232-5-0x0000000003DB0000-0x0000000003DB1000-memory.dmp

Filesize
4KB

Download
memory/2232-15-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/2232-3-0x0000000003E80000-0x0000000003E82000-memory.dmp

Filesize
8KB

Download
memory/2232-52-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2232-32-0x0000000004A80000-0x0000000004CE2000-memory.dmp

Filesize
2.4MB

Download
memory/2232-6-0x0000000003E30000-0x0000000003E31000-memory.dmp

Filesize
4KB

Download
memory/2232-0-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2232-7-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/2232-30-0x0000000004A80000-0x0000000004CE2000-memory.dmp

Filesize
2.4MB

Download
memory/2232-22-0x0000000003E50000-0x0000000003E51000-memory.dmp

Filesize
4KB

Download
memory/2232-8-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2232-2-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2232-9-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

Filesize
4KB

Download
memory/2232-10-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2232-11-0x0000000003DE0000-0x0000000003DE1000-memory.dmp

Filesize
4KB

Download
memory/2232-12-0x0000000003D70000-0x0000000003D71000-memory.dmp

Filesize
4KB

Download
memory/2232-21-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/2232-17-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

Filesize
4KB

Download
memory/2232-13-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2232-14-0x0000000003E60000-0x0000000003E62000-memory.dmp

Filesize
8KB

Download
memory/2232-16-0x0000000003E20000-0x0000000003E21000-memory.dmp

Filesize
4KB

Download
memory/2232-4-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/2244-549-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2244-505-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2260-230-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2260-183-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2372-185-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2372-154-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2380-801-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2524-392-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2544-520-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2544-476-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2564-774-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2564-802-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2576-871-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2576-829-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2620-414-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2620-464-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2632-708-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2632-664-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2756-258-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2756-212-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2828-240-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2828-287-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2848-882-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2848-855-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2876-613-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2876-585-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2932-72-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

Filesize
4KB

Download
memory/2932-63-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2932-65-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2932-66-0x0000000003E80000-0x0000000003E82000-memory.dmp

Filesize
8KB

Download
memory/2932-68-0x0000000003D70000-0x0000000003D71000-memory.dmp

Filesize
4KB

Download
memory/2932-69-0x0000000003E30000-0x0000000003E31000-memory.dmp

Filesize
4KB

Download
memory/2932-70-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/2932-71-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/2932-73-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/2932-74-0x0000000003D30000-0x0000000003D31000-memory.dmp

Filesize
4KB

Download
memory/2932-75-0x0000000003D40000-0x0000000003D41000-memory.dmp

Filesize
4KB

Download
memory/2932-76-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/2932-77-0x0000000003E60000-0x0000000003E62000-memory.dmp

Filesize
8KB

Download
memory/2932-64-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2932-67-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/2932-90-0x0000000003D50000-0x0000000003D51000-memory.dmp

Filesize
4KB

Download
memory/2932-91-0x0000000003E50000-0x0000000003E51000-memory.dmp

Filesize
4KB

Download
memory/2932-78-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2932-102-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/2932-92-0x00000000048B0000-0x0000000004B12000-memory.dmp

Filesize
2.4MB

Download
memory/3008-171-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/3008-124-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/3064-637-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download
memory/3064-681-0x0000000000400000-0x0000000000662000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads