lumma | 7f13e384f8471ee8a3fb31e09ecb312e273fe57cd825a27bf67a4f7360ffa35d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 05:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab236f72d954d59740bc0e8385648363.exe
Size

102KB
MD5

ab236f72d954d59740bc0e8385648363
SHA1

7d029fdb435ff74c7741e4530e71fc48542e5461
SHA256

7f13e384f8471ee8a3fb31e09ecb312e273fe57cd825a27bf67a4f7360ffa35d
SHA512

f8741b8ee458575a010a76d33d92ac1051aec23d422900f5b79c2aaf38a5c630b486d59978428ac49e812ca626ea4ecdda5d3a4f3936234209d6b850e6d12ee2
SSDEEP

3072:W5NngL4hq/bl2MO2ZJcicS+9p6q61CVmpEm9A:Qjhq/1O2ZEzGB+my

Score

10^/10

lumma metasploit backdoor stealer trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Detect Lumma Stealer payload V4 64 IoCs

resource	yara_rule
behavioral1/memory/2952-15-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1968-17-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2952-30-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1992-40-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2644-45-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2440-53-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1992-57-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2440-69-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1976-81-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1220-92-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1480-102-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/776-105-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1480-119-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2308-127-0x0000000002940000-0x0000000002A20000-memory.dmp	family_lumma_v4
behavioral1/memory/2880-128-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2308-131-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2716-141-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/268-154-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2880-145-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2716-157-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2792-166-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/268-170-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2792-181-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1164-191-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/3036-195-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1164-206-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/628-212-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/832-214-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2000-220-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/628-221-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2124-228-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2000-230-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2124-239-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1280-248-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/3060-254-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2516-261-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2592-262-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2516-271-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2648-277-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2632-278-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1524-285-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2648-288-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1256-293-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1524-294-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2692-301-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1256-304-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1532-309-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2692-312-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1532-317-0x00000000027A0000-0x0000000002880000-memory.dmp	family_lumma_v4
behavioral1/memory/2200-318-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/1532-320-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2200-327-0x00000000027F0000-0x00000000028D0000-memory.dmp	family_lumma_v4
behavioral1/memory/2276-328-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2200-331-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2564-337-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2276-336-0x00000000026A0000-0x0000000002780000-memory.dmp	family_lumma_v4
behavioral1/memory/2276-338-0x00000000026A0000-0x0000000002780000-memory.dmp	family_lumma_v4
behavioral1/memory/2276-339-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2564-346-0x00000000026D0000-0x00000000027B0000-memory.dmp	family_lumma_v4
behavioral1/memory/2008-347-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2564-348-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2008-357-0x0000000002510000-0x00000000025F0000-memory.dmp	family_lumma_v4
behavioral1/memory/1940-356-0x0000000000400000-0x00000000004E0000-memory.dmp	family_lumma_v4
behavioral1/memory/2008-355-0x0000000002510000-0x00000000025F0000-memory.dmp	family_lumma_v4

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 64 IoCs

pid	Process
2952	idmiwjrpl.exe
2644	aozaehsns.exe
1992	mqfqplexg.exe
2440	adxgvpdcm.exe
1976	brydlwqyt.exe
1220	oehtzaplz.exe
776	bukwhausa.exe
1480	muotszusa.exe
2308	ywubdmgto.exe
2880	igjlypnva.exe
2716	vtbjetlap.exe
268	fsfgortap.exe
2792	pggwergwo.exe
3036	cxjynzdmp.exe
1164	pksotdkqv.exe
832	zytlrkpnc.exe
628	moooakvuv.exe
2000	znqritabw.exe
2124	jmuotribw.exe
1280	wdprjagix.exe
3060	jbstsalxy.exe
2592	tawrcztxy.exe
2516	coxosggtx.exe
2632	pfsrjodby.exe
2648	csjhpkcfe.exe
1524	mgkefrpce.exe
1256	ztbukvwps.exe
2692	mrwwtdtwt.exe
1532	wumhohiqf.exe
2200	jsgjxhffg.exe
2276	tvemkkuzt.exe
2564	ginkqosmz.exe
2008	qwozgvgig.exe
1940	djgpurenn.exe
1424	qiarczcun.exe
856	akqcqcqxa.exe
704	njkeykoeb.exe
2344	wliptfcyo.exe
3024	jcdscoanp.exe
1676	tmscprohb.exe
2060	gzksvvnuh.exe
3004	qkzciytoc.exe
2088	ajdzbwboc.exe
896	nagcjxgvv.exe
2568	xkvnwamxq.exe
2536	kxfccelcw.exe
2768	vwravctbw.exe
2532	hcicjlefw.exe
376	uadfstbvx.exe
1248	hryiachcy.exe
2576	uhbkjcnjr.exe
1132	wofitaujr.exe
2084	grusoeadl.exe
1336	temiuhzqs.exe
1032	ggsygudrf.exe
2724	qfwvqtlrf.exe
2424	cknqmcwdf.exe
2120	pbisvkckg.exe
576	ziuqfibkg.exe
3012	mzpsojhrz.exe
1736	zxkvwrmya.exe
1728	jwwspquya.exe
1692	tzldctasn.exe
2964	gxgglbgzn.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	ab236f72d954d59740bc0e8385648363.exe
1968	ab236f72d954d59740bc0e8385648363.exe
2952	idmiwjrpl.exe
2952	idmiwjrpl.exe
2644	aozaehsns.exe
2644	aozaehsns.exe
1992	mqfqplexg.exe
1992	mqfqplexg.exe
2440	adxgvpdcm.exe
2440	adxgvpdcm.exe
1976	brydlwqyt.exe
1976	brydlwqyt.exe
1220	oehtzaplz.exe
1220	oehtzaplz.exe
776	bukwhausa.exe
776	bukwhausa.exe
1480	muotszusa.exe
1480	muotszusa.exe
2308	ywubdmgto.exe
2308	ywubdmgto.exe
2880	igjlypnva.exe
2880	igjlypnva.exe
2716	vtbjetlap.exe
2716	vtbjetlap.exe
268	fsfgortap.exe
268	fsfgortap.exe
2792	pggwergwo.exe
2792	pggwergwo.exe
3036	cxjynzdmp.exe
3036	cxjynzdmp.exe
1164	pksotdkqv.exe
1164	pksotdkqv.exe
832	zytlrkpnc.exe
832	zytlrkpnc.exe
628	moooakvuv.exe
628	moooakvuv.exe
2000	znqritabw.exe
2000	znqritabw.exe
2124	jmuotribw.exe
2124	jmuotribw.exe
1280	wdprjagix.exe
1280	wdprjagix.exe
3060	jbstsalxy.exe
3060	jbstsalxy.exe
2592	tawrcztxy.exe
2592	tawrcztxy.exe
2516	coxosggtx.exe
2516	coxosggtx.exe
2632	pfsrjodby.exe
2632	pfsrjodby.exe
2648	csjhpkcfe.exe
2648	csjhpkcfe.exe
1524	mgkefrpce.exe
1524	mgkefrpce.exe
1256	ztbukvwps.exe
1256	ztbukvwps.exe
2692	mrwwtdtwt.exe
2692	mrwwtdtwt.exe
1532	wumhohiqf.exe
1532	wumhohiqf.exe
2200	jsgjxhffg.exe
2200	jsgjxhffg.exe
2276	tvemkkuzt.exe
2276	tvemkkuzt.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\fshtbborz.exe	yoxojqdte.exe
File created	C:\Windows\SysWOW64\vlbslnulm.exe	rrtsmckgt.exe
File opened for modification	C:\Windows\SysWOW64\rbehlswkw.exe	hyofypiij.exe
File created	C:\Windows\SysWOW64\iuiwwinqe.exe	yyhdoomtq.exe
File opened for modification	C:\Windows\SysWOW64\mjfpzkpmy.exe	fmmronvfx.exe
File opened for modification	C:\Windows\SysWOW64\dvhqhhvrj.exe	gioinfqjp.exe
File opened for modification	C:\Windows\SysWOW64\tgstvkaqx.exe	ppwgzwooz.exe
File created	C:\Windows\SysWOW64\fshtbborz.exe	yoxojqdte.exe
File opened for modification	C:\Windows\SysWOW64\xcjnoitoq.exe	kidycvofd.exe
File created	C:\Windows\SysWOW64\bvojeuwpj.exe	mrhlhzzrj.exe
File opened for modification	C:\Windows\SysWOW64\weqggettm.exe	konexwnml.exe
File opened for modification	C:\Windows\SysWOW64\vhlcphcbj.exe	lxwsumwhw.exe
File opened for modification	C:\Windows\SysWOW64\lhtstfafk.exe	bweigcudy.exe
File opened for modification	C:\Windows\SysWOW64\svbmbevxr.exe	fegstwqqq.exe
File created	C:\Windows\SysWOW64\kygxdckgp.exe	dqlfjmboh.exe
File opened for modification	C:\Windows\SysWOW64\jxqgpfdht.exe	fhlltzrfm.exe
File created	C:\Windows\SysWOW64\vbutcftwh.exe	ntgtpqkez.exe
File opened for modification	C:\Windows\SysWOW64\kxlvgiqeg.exe	yhisyalxf.exe
File opened for modification	C:\Windows\SysWOW64\xeaiewvgq.exe	kfffwwpyx.exe
File created	C:\Windows\SysWOW64\nhtnmajbo.exe	etsqotwfh.exe
File opened for modification	C:\Windows\SysWOW64\ftaqpsnim.exe	xatqbljne.exe
File opened for modification	C:\Windows\SysWOW64\yvymakdcy.exe	hsmsywdzy.exe
File created	C:\Windows\SysWOW64\yfgubejxl.exe	oguxqfbxl.exe
File opened for modification	C:\Windows\SysWOW64\mkpxhytvf.exe	iusdtkhky.exe
File created	C:\Windows\SysWOW64\mmpkjlcfw.exe	efcsxosnx.exe
File created	C:\Windows\SysWOW64\tojitbdoo.exe	gxgglbgzn.exe
File created	C:\Windows\SysWOW64\vewagvldz.exe	ifbyxnfvz.exe
File opened for modification	C:\Windows\SysWOW64\ntgwvyrkq.exe	gahryeiye.exe
File created	C:\Windows\SysWOW64\ypphwrilj.exe	wbmebrbsp.exe
File created	C:\Windows\SysWOW64\ejhzuvalk.exe	xfwmlkxvp.exe
File opened for modification	C:\Windows\SysWOW64\pijxbnrjh.exe	ocgcmaaza.exe
File opened for modification	C:\Windows\SysWOW64\vmpvmysde.exe	zdkqwxxkj.exe
File opened for modification	C:\Windows\SysWOW64\uvbqybbbd.exe	qbtqzjqwk.exe
File created	C:\Windows\SysWOW64\ggsygudrf.exe	temiuhzqs.exe
File created	C:\Windows\SysWOW64\nygtckqpe.exe	ahlrtcthd.exe
File opened for modification	C:\Windows\SysWOW64\ktsxwzfgn.exe	casfngrty.exe
File opened for modification	C:\Windows\SysWOW64\uaerwxjaw.exe	hnmbqccnh.exe
File opened for modification	C:\Windows\SysWOW64\qmzzphyvn.exe	mkrrqxoqu.exe
File opened for modification	C:\Windows\SysWOW64\dfnjoaolg.exe	qhthfsref.exe
File opened for modification	C:\Windows\SysWOW64\ajdzbwboc.exe	qkzciytoc.exe
File created	C:\Windows\SysWOW64\mtydzeqqm.exe	zddbqetjl.exe
File created	C:\Windows\SysWOW64\rpzhclipf.exe	mcgzjcehl.exe
File opened for modification	C:\Windows\SysWOW64\hxsulhhgq.exe	yjzxvhcji.exe
File created	C:\Windows\SysWOW64\bmaheogfh.exe	tiquudepu.exe
File opened for modification	C:\Windows\SysWOW64\qlkdhzler.exe	gjvtlwfcf.exe
File created	C:\Windows\SysWOW64\yswqsrhpg.exe	omvsurush.exe
File created	C:\Windows\SysWOW64\ygobbiqbv.exe	rnpbmbmgv.exe
File created	C:\Windows\SysWOW64\wtshwfrzg.exe	rlnmarfpz.exe
File created	C:\Windows\SysWOW64\tgstvkaqx.exe	ppwgzwooz.exe
File created	C:\Windows\SysWOW64\moooakvuv.exe	zytlrkpnc.exe
File created	C:\Windows\SysWOW64\ftepketej.exe	svbmbevxr.exe
File opened for modification	C:\Windows\SysWOW64\umivszcaz.exe	honajrwtg.exe
File opened for modification	C:\Windows\SysWOW64\lxwsumwhw.exe	ygbpldqzv.exe
File opened for modification	C:\Windows\SysWOW64\xtuzovmji.exe	shjrvlabo.exe
File created	C:\Windows\SysWOW64\ifbyxnfvz.exe	vpgvpnioy.exe
File created	C:\Windows\SysWOW64\vprsujojo.exe	vlhflydtb.exe
File created	C:\Windows\SysWOW64\tiquudepu.exe	llnodktzh.exe
File created	C:\Windows\SysWOW64\xxtbpvifk.exe	nndztscdy.exe
File created	C:\Windows\SysWOW64\jfwdblfrl.exe	bjmpjaubq.exe
File created	C:\Windows\SysWOW64\kwrxsolum.exe	yxovkfgml.exe
File opened for modification	C:\Windows\SysWOW64\txejjcyge.exe	ohhwnonef.exe
File opened for modification	C:\Windows\SysWOW64\xaufduuuo.exe	kjrlulwnn.exe
File opened for modification	C:\Windows\SysWOW64\ysbkcfxkf.exe	tnhcrescl.exe
File created	C:\Windows\SysWOW64\kkomulbbz.exe	nujzyfqrs.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2952	1968	ab236f72d954d59740bc0e8385648363.exe	28
PID 1968 wrote to memory of 2952	1968	ab236f72d954d59740bc0e8385648363.exe	28
PID 1968 wrote to memory of 2952	1968	ab236f72d954d59740bc0e8385648363.exe	28
PID 1968 wrote to memory of 2952	1968	ab236f72d954d59740bc0e8385648363.exe	28
PID 2952 wrote to memory of 2644	2952	idmiwjrpl.exe	29
PID 2952 wrote to memory of 2644	2952	idmiwjrpl.exe	29
PID 2952 wrote to memory of 2644	2952	idmiwjrpl.exe	29
PID 2952 wrote to memory of 2644	2952	idmiwjrpl.exe	29
PID 2644 wrote to memory of 1992	2644	aozaehsns.exe	30
PID 2644 wrote to memory of 1992	2644	aozaehsns.exe	30
PID 2644 wrote to memory of 1992	2644	aozaehsns.exe	30
PID 2644 wrote to memory of 1992	2644	aozaehsns.exe	30
PID 1992 wrote to memory of 2440	1992	mqfqplexg.exe	31
PID 1992 wrote to memory of 2440	1992	mqfqplexg.exe	31
PID 1992 wrote to memory of 2440	1992	mqfqplexg.exe	31
PID 1992 wrote to memory of 2440	1992	mqfqplexg.exe	31
PID 2440 wrote to memory of 1976	2440	adxgvpdcm.exe	32
PID 2440 wrote to memory of 1976	2440	adxgvpdcm.exe	32
PID 2440 wrote to memory of 1976	2440	adxgvpdcm.exe	32
PID 2440 wrote to memory of 1976	2440	adxgvpdcm.exe	32
PID 1976 wrote to memory of 1220	1976	brydlwqyt.exe	33
PID 1976 wrote to memory of 1220	1976	brydlwqyt.exe	33
PID 1976 wrote to memory of 1220	1976	brydlwqyt.exe	33
PID 1976 wrote to memory of 1220	1976	brydlwqyt.exe	33
PID 1220 wrote to memory of 776	1220	oehtzaplz.exe	34
PID 1220 wrote to memory of 776	1220	oehtzaplz.exe	34
PID 1220 wrote to memory of 776	1220	oehtzaplz.exe	34
PID 1220 wrote to memory of 776	1220	oehtzaplz.exe	34
PID 776 wrote to memory of 1480	776	bukwhausa.exe	35
PID 776 wrote to memory of 1480	776	bukwhausa.exe	35
PID 776 wrote to memory of 1480	776	bukwhausa.exe	35
PID 776 wrote to memory of 1480	776	bukwhausa.exe	35
PID 1480 wrote to memory of 2308	1480	muotszusa.exe	36
PID 1480 wrote to memory of 2308	1480	muotszusa.exe	36
PID 1480 wrote to memory of 2308	1480	muotszusa.exe	36
PID 1480 wrote to memory of 2308	1480	muotszusa.exe	36
PID 2308 wrote to memory of 2880	2308	ywubdmgto.exe	37
PID 2308 wrote to memory of 2880	2308	ywubdmgto.exe	37
PID 2308 wrote to memory of 2880	2308	ywubdmgto.exe	37
PID 2308 wrote to memory of 2880	2308	ywubdmgto.exe	37
PID 2880 wrote to memory of 2716	2880	igjlypnva.exe	38
PID 2880 wrote to memory of 2716	2880	igjlypnva.exe	38
PID 2880 wrote to memory of 2716	2880	igjlypnva.exe	38
PID 2880 wrote to memory of 2716	2880	igjlypnva.exe	38
PID 2716 wrote to memory of 268	2716	vtbjetlap.exe	39
PID 2716 wrote to memory of 268	2716	vtbjetlap.exe	39
PID 2716 wrote to memory of 268	2716	vtbjetlap.exe	39
PID 2716 wrote to memory of 268	2716	vtbjetlap.exe	39
PID 268 wrote to memory of 2792	268	fsfgortap.exe	40
PID 268 wrote to memory of 2792	268	fsfgortap.exe	40
PID 268 wrote to memory of 2792	268	fsfgortap.exe	40
PID 268 wrote to memory of 2792	268	fsfgortap.exe	40
PID 2792 wrote to memory of 3036	2792	pggwergwo.exe	41
PID 2792 wrote to memory of 3036	2792	pggwergwo.exe	41
PID 2792 wrote to memory of 3036	2792	pggwergwo.exe	41
PID 2792 wrote to memory of 3036	2792	pggwergwo.exe	41
PID 3036 wrote to memory of 1164	3036	cxjynzdmp.exe	42
PID 3036 wrote to memory of 1164	3036	cxjynzdmp.exe	42
PID 3036 wrote to memory of 1164	3036	cxjynzdmp.exe	42
PID 3036 wrote to memory of 1164	3036	cxjynzdmp.exe	42
PID 1164 wrote to memory of 832	1164	pksotdkqv.exe	43
PID 1164 wrote to memory of 832	1164	pksotdkqv.exe	43
PID 1164 wrote to memory of 832	1164	pksotdkqv.exe	43
PID 1164 wrote to memory of 832	1164	pksotdkqv.exe	43

C:\Users\Admin\AppData\Local\Temp\ab236f72d954d59740bc0e8385648363.exe
"C:\Users\Admin\AppData\Local\Temp\ab236f72d954d59740bc0e8385648363.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\idmiwjrpl.exe
  C:\Windows\system32\idmiwjrpl.exe 456 "C:\Users\Admin\AppData\Local\Temp\ab236f72d954d59740bc0e8385648363.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Windows\SysWOW64\aozaehsns.exe
    C:\Windows\system32\aozaehsns.exe 512 "C:\Windows\SysWOW64\idmiwjrpl.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Windows\SysWOW64\mqfqplexg.exe
      C:\Windows\system32\mqfqplexg.exe 516 "C:\Windows\SysWOW64\aozaehsns.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1992
    - - C:\Windows\SysWOW64\adxgvpdcm.exe
        
        C:\Windows\system32\adxgvpdcm.exe 520 "C:\Windows\SysWOW64\mqfqplexg.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2440
      - C:\Windows\SysWOW64\brydlwqyt.exe
        
        C:\Windows\system32\brydlwqyt.exe 528 "C:\Windows\SysWOW64\adxgvpdcm.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1976
        
        C:\Windows\SysWOW64\oehtzaplz.exe
        
        C:\Windows\system32\oehtzaplz.exe 524 "C:\Windows\SysWOW64\brydlwqyt.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1220
        
        C:\Windows\SysWOW64\bukwhausa.exe
        
        C:\Windows\system32\bukwhausa.exe 548 "C:\Windows\SysWOW64\oehtzaplz.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:776
        
        C:\Windows\SysWOW64\muotszusa.exe
        
        C:\Windows\system32\muotszusa.exe 532 "C:\Windows\SysWOW64\bukwhausa.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1480
        
        C:\Windows\SysWOW64\ywubdmgto.exe
        
        C:\Windows\system32\ywubdmgto.exe 536 "C:\Windows\SysWOW64\muotszusa.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2308
        
        C:\Windows\SysWOW64\igjlypnva.exe
        
        C:\Windows\system32\igjlypnva.exe 540 "C:\Windows\SysWOW64\ywubdmgto.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        C:\Windows\SysWOW64\vtbjetlap.exe
        
        C:\Windows\system32\vtbjetlap.exe 544 "C:\Windows\SysWOW64\igjlypnva.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2716
        
        C:\Windows\SysWOW64\fsfgortap.exe
        
        C:\Windows\system32\fsfgortap.exe 552 "C:\Windows\SysWOW64\vtbjetlap.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:268
        
        C:\Windows\SysWOW64\pggwergwo.exe
        
        C:\Windows\system32\pggwergwo.exe 564 "C:\Windows\SysWOW64\fsfgortap.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Windows\SysWOW64\cxjynzdmp.exe
        
        C:\Windows\system32\cxjynzdmp.exe 556 "C:\Windows\SysWOW64\pggwergwo.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Windows\SysWOW64\pksotdkqv.exe
        
        C:\Windows\system32\pksotdkqv.exe 560 "C:\Windows\SysWOW64\cxjynzdmp.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1164
        
        C:\Windows\SysWOW64\zytlrkpnc.exe
        
        C:\Windows\system32\zytlrkpnc.exe 568 "C:\Windows\SysWOW64\pksotdkqv.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:832
        
        C:\Windows\SysWOW64\moooakvuv.exe
        
        C:\Windows\system32\moooakvuv.exe 592 "C:\Windows\SysWOW64\zytlrkpnc.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:628
        
        C:\Windows\SysWOW64\znqritabw.exe
        
        C:\Windows\system32\znqritabw.exe 572 "C:\Windows\SysWOW64\moooakvuv.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2000
        
        C:\Windows\SysWOW64\jmuotribw.exe
        
        C:\Windows\system32\jmuotribw.exe 580 "C:\Windows\SysWOW64\znqritabw.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2124
        
        C:\Windows\SysWOW64\wdprjagix.exe
        
        C:\Windows\system32\wdprjagix.exe 576 "C:\Windows\SysWOW64\jmuotribw.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1280
        
        C:\Windows\SysWOW64\jbstsalxy.exe
        
        C:\Windows\system32\jbstsalxy.exe 584 "C:\Windows\SysWOW64\wdprjagix.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3060
        
        C:\Windows\SysWOW64\tawrcztxy.exe
        
        C:\Windows\system32\tawrcztxy.exe 588 "C:\Windows\SysWOW64\jbstsalxy.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2592
        
        C:\Windows\SysWOW64\coxosggtx.exe
        
        C:\Windows\system32\coxosggtx.exe 596 "C:\Windows\SysWOW64\tawrcztxy.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2516
        
        C:\Windows\SysWOW64\pfsrjodby.exe
        
        C:\Windows\system32\pfsrjodby.exe 600 "C:\Windows\SysWOW64\coxosggtx.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2632
        
        C:\Windows\SysWOW64\csjhpkcfe.exe
        
        C:\Windows\system32\csjhpkcfe.exe 604 "C:\Windows\SysWOW64\pfsrjodby.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2648
        
        C:\Windows\SysWOW64\mgkefrpce.exe
        
        C:\Windows\system32\mgkefrpce.exe 608 "C:\Windows\SysWOW64\csjhpkcfe.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1524
        
        C:\Windows\SysWOW64\ztbukvwps.exe
        
        C:\Windows\system32\ztbukvwps.exe 612 "C:\Windows\SysWOW64\mgkefrpce.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1256
        
        C:\Windows\SysWOW64\mrwwtdtwt.exe
        
        C:\Windows\system32\mrwwtdtwt.exe 616 "C:\Windows\SysWOW64\ztbukvwps.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2692
        
        C:\Windows\SysWOW64\wumhohiqf.exe
        
        C:\Windows\system32\wumhohiqf.exe 620 "C:\Windows\SysWOW64\mrwwtdtwt.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1532
        
        C:\Windows\SysWOW64\jsgjxhffg.exe
        
        C:\Windows\system32\jsgjxhffg.exe 624 "C:\Windows\SysWOW64\wumhohiqf.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2200
        
        C:\Windows\SysWOW64\tvemkkuzt.exe
        
        C:\Windows\system32\tvemkkuzt.exe 628 "C:\Windows\SysWOW64\jsgjxhffg.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2276
        
        C:\Windows\SysWOW64\ginkqosmz.exe
        
        C:\Windows\system32\ginkqosmz.exe 632 "C:\Windows\SysWOW64\tvemkkuzt.exe"
        33⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Windows\SysWOW64\qwozgvgig.exe
        
        C:\Windows\system32\qwozgvgig.exe 636 "C:\Windows\SysWOW64\ginkqosmz.exe"
        34⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Windows\SysWOW64\djgpurenn.exe
        
        C:\Windows\system32\djgpurenn.exe 640 "C:\Windows\SysWOW64\qwozgvgig.exe"
        35⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Windows\SysWOW64\qiarczcun.exe
        
        C:\Windows\system32\qiarczcun.exe 648 "C:\Windows\SysWOW64\djgpurenn.exe"
        36⤵
        Executes dropped EXE
        
        PID:1424
        
        C:\Windows\SysWOW64\akqcqcqxa.exe
        
        C:\Windows\system32\akqcqcqxa.exe 644 "C:\Windows\SysWOW64\qiarczcun.exe"
        37⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Windows\SysWOW64\njkeykoeb.exe
        
        C:\Windows\system32\njkeykoeb.exe 652 "C:\Windows\SysWOW64\akqcqcqxa.exe"
        38⤵
        Executes dropped EXE
        
        PID:704
        
        C:\Windows\SysWOW64\wliptfcyo.exe
        
        C:\Windows\system32\wliptfcyo.exe 660 "C:\Windows\SysWOW64\njkeykoeb.exe"
        39⤵
        Executes dropped EXE
        
        PID:2344
        
        C:\Windows\SysWOW64\jcdscoanp.exe
        
        C:\Windows\system32\jcdscoanp.exe 656 "C:\Windows\SysWOW64\wliptfcyo.exe"
        40⤵
        Executes dropped EXE
        
        PID:3024
        
        C:\Windows\SysWOW64\tmscprohb.exe
        
        C:\Windows\system32\tmscprohb.exe 664 "C:\Windows\SysWOW64\jcdscoanp.exe"
        41⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\gzksvvnuh.exe
        
        C:\Windows\system32\gzksvvnuh.exe 676 "C:\Windows\SysWOW64\tmscprohb.exe"
        42⤵
        Executes dropped EXE
        
        PID:2060
        
        C:\Windows\SysWOW64\qkzciytoc.exe
        
        C:\Windows\system32\qkzciytoc.exe 668 "C:\Windows\SysWOW64\gzksvvnuh.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3004
        
        C:\Windows\SysWOW64\ajdzbwboc.exe
        
        C:\Windows\system32\ajdzbwboc.exe 672 "C:\Windows\SysWOW64\qkzciytoc.exe"
        44⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Windows\SysWOW64\nagcjxgvv.exe
        
        C:\Windows\system32\nagcjxgvv.exe 680 "C:\Windows\SysWOW64\ajdzbwboc.exe"
        45⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Windows\SysWOW64\xkvnwamxq.exe
        
        C:\Windows\system32\xkvnwamxq.exe 684 "C:\Windows\SysWOW64\nagcjxgvv.exe"
        46⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Windows\SysWOW64\kxfccelcw.exe
        
        C:\Windows\system32\kxfccelcw.exe 688 "C:\Windows\SysWOW64\xkvnwamxq.exe"
        47⤵
        Executes dropped EXE
        
        PID:2536
        
        C:\Windows\SysWOW64\vwravctbw.exe
        
        C:\Windows\system32\vwravctbw.exe 700 "C:\Windows\SysWOW64\kxfccelcw.exe"
        48⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Windows\SysWOW64\hcicjlefw.exe
        
        C:\Windows\system32\hcicjlefw.exe 696 "C:\Windows\SysWOW64\vwravctbw.exe"
        49⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Windows\SysWOW64\uadfstbvx.exe
        
        C:\Windows\system32\uadfstbvx.exe 704 "C:\Windows\SysWOW64\hcicjlefw.exe"
        50⤵
        Executes dropped EXE
        
        PID:376
        
        C:\Windows\SysWOW64\hryiachcy.exe
        
        C:\Windows\system32\hryiachcy.exe 708 "C:\Windows\SysWOW64\uadfstbvx.exe"
        51⤵
        Executes dropped EXE
        
        PID:1248
        
        C:\Windows\SysWOW64\uhbkjcnjr.exe
        
        C:\Windows\system32\uhbkjcnjr.exe 692 "C:\Windows\SysWOW64\hryiachcy.exe"
        52⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Windows\SysWOW64\wofitaujr.exe
        
        C:\Windows\system32\wofitaujr.exe 712 "C:\Windows\SysWOW64\uhbkjcnjr.exe"
        53⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Windows\SysWOW64\grusoeadl.exe
        
        C:\Windows\system32\grusoeadl.exe 716 "C:\Windows\SysWOW64\wofitaujr.exe"
        54⤵
        Executes dropped EXE
        
        PID:2084
        
        C:\Windows\SysWOW64\temiuhzqs.exe
        
        C:\Windows\system32\temiuhzqs.exe 720 "C:\Windows\SysWOW64\grusoeadl.exe"
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1336
        
        C:\Windows\SysWOW64\ggsygudrf.exe
        
        C:\Windows\system32\ggsygudrf.exe 724 "C:\Windows\SysWOW64\temiuhzqs.exe"
        56⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\Windows\SysWOW64\qfwvqtlrf.exe
        
        C:\Windows\system32\qfwvqtlrf.exe 728 "C:\Windows\SysWOW64\ggsygudrf.exe"
        57⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\cknqmcwdf.exe
        
        C:\Windows\system32\cknqmcwdf.exe 732 "C:\Windows\SysWOW64\qfwvqtlrf.exe"
        58⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\pbisvkckg.exe
        
        C:\Windows\system32\pbisvkckg.exe 736 "C:\Windows\SysWOW64\cknqmcwdf.exe"
        59⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Windows\SysWOW64\ziuqfibkg.exe
        
        C:\Windows\system32\ziuqfibkg.exe 740 "C:\Windows\SysWOW64\pbisvkckg.exe"
        60⤵
        Executes dropped EXE
        
        PID:576
        
        C:\Windows\SysWOW64\mzpsojhrz.exe
        
        C:\Windows\system32\mzpsojhrz.exe 744 "C:\Windows\SysWOW64\ziuqfibkg.exe"
        61⤵
        Executes dropped EXE
        
        PID:3012
        
        C:\Windows\SysWOW64\zxkvwrmya.exe
        
        C:\Windows\system32\zxkvwrmya.exe 748 "C:\Windows\SysWOW64\mzpsojhrz.exe"
        62⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Windows\SysWOW64\jwwspquya.exe
        
        C:\Windows\system32\jwwspquya.exe 752 "C:\Windows\SysWOW64\zxkvwrmya.exe"
        63⤵
        Executes dropped EXE
        
        PID:1728
        
        C:\Windows\SysWOW64\tzldctasn.exe
        
        C:\Windows\system32\tzldctasn.exe 756 "C:\Windows\SysWOW64\jwwspquya.exe"
        64⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Windows\SysWOW64\gxgglbgzn.exe
        
        C:\Windows\system32\gxgglbgzn.exe 764 "C:\Windows\SysWOW64\tzldctasn.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2964
        
        C:\Windows\SysWOW64\tojitbdoo.exe
        
        C:\Windows\system32\tojitbdoo.exe 760 "C:\Windows\SysWOW64\gxgglbgzn.exe"
        66⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\gqpyfoqqc.exe
        
        C:\Windows\system32\gqpyfoqqc.exe 768 "C:\Windows\SysWOW64\tojitbdoo.exe"
        67⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\sgkbnonxu.exe
        
        C:\Windows\system32\sgkbnonxu.exe 772 "C:\Windows\SysWOW64\gqpyfoqqc.exe"
        68⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\fffdwwtmv.exe
        
        C:\Windows\system32\fffdwwtmv.exe 776 "C:\Windows\SysWOW64\sgkbnonxu.exe"
        69⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\plftudgjv.exe
        
        C:\Windows\system32\plftudgjv.exe 780 "C:\Windows\SysWOW64\fffdwwtmv.exe"
        70⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cjivdllqv.exe
        
        C:\Windows\system32\cjivdllqv.exe 784 "C:\Windows\SysWOW64\plftudgjv.exe"
        71⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\padylmjxw.exe
        
        C:\Windows\system32\padylmjxw.exe 788 "C:\Windows\SysWOW64\cjivdllqv.exe"
        72⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cyybuupep.exe
        
        C:\Windows\system32\cyybuupep.exe 800 "C:\Windows\SysWOW64\padylmjxw.exe"
        73⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\ppadcculq.exe
        
        C:\Windows\system32\ppadcculq.exe 804 "C:\Windows\SysWOW64\cyybuupep.exe"
        74⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\ydtbabhip.exe
        
        C:\Windows\system32\ydtbabhip.exe 808 "C:\Windows\SysWOW64\ppadcculq.exe"
        75⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\ltwwjkfpq.exe
        
        C:\Windows\system32\ltwwjkfpq.exe 792 "C:\Windows\SysWOW64\ydtbabhip.exe"
        76⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\ysrysskwr.exe
        
        C:\Windows\system32\ysrysskwr.exe 796 "C:\Windows\SysWOW64\ltwwjkfpq.exe"
        77⤵
        
        PID:708
        
        C:\Windows\SysWOW64\limbasqmk.exe
        
        C:\Windows\system32\limbasqmk.exe 812 "C:\Windows\SysWOW64\ysrysskwr.exe"
        78⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\yzoejantk.exe
        
        C:\Windows\system32\yzoejantk.exe 816 "C:\Windows\SysWOW64\limbasqmk.exe"
        79⤵
        
        PID:604
        
        C:\Windows\SysWOW64\inpbhhapk.exe
        
        C:\Windows\system32\inpbhhapk.exe 828 "C:\Windows\SysWOW64\yzoejantk.exe"
        80⤵
        
        PID:688
        
        C:\Windows\SysWOW64\vlkepqgwk.exe
        
        C:\Windows\system32\vlkepqgwk.exe 820 "C:\Windows\SysWOW64\inpbhhapk.exe"
        81⤵
        
        PID:272
        
        C:\Windows\SysWOW64\hcfgyqmel.exe
        
        C:\Windows\system32\hcfgyqmel.exe 824 "C:\Windows\SysWOW64\vlkepqgwk.exe"
        82⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\ushjhyjle.exe
        
        C:\Windows\system32\ushjhyjle.exe 832 "C:\Windows\SysWOW64\hcfgyqmel.exe"
        83⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\hrcmpgpsf.exe
        
        C:\Windows\system32\hrcmpgpsf.exe 836 "C:\Windows\SysWOW64\ushjhyjle.exe"
        84⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\rxdbfgcoe.exe
        
        C:\Windows\system32\rxdbfgcoe.exe 840 "C:\Windows\SysWOW64\hrcmpgpsf.exe"
        85⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\ewyeoohwf.exe
        
        C:\Windows\system32\ewyeoohwf.exe 844 "C:\Windows\SysWOW64\rxdbfgcoe.exe"
        86⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\rmsgfwflg.exe
        
        C:\Windows\system32\rmsgfwflg.exe 848 "C:\Windows\SysWOW64\ewyeoohwf.exe"
        87⤵
        
        PID:468
        
        C:\Windows\SysWOW64\elvjnwksz.exe
        
        C:\Windows\system32\elvjnwksz.exe 852 "C:\Windows\SysWOW64\rmsgfwflg.exe"
        88⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\onluazrmt.exe
        
        C:\Windows\system32\onluazrmt.exe 856 "C:\Windows\SysWOW64\elvjnwksz.exe"
        89⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\amfwjhwtm.exe
        
        C:\Windows\system32\amfwjhwtm.exe 860 "C:\Windows\SysWOW64\onluazrmt.exe"
        90⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\kovhekdvz.exe
        
        C:\Windows\system32\kovhekdvz.exe 864 "C:\Windows\SysWOW64\amfwjhwtm.exe"
        91⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\ybmwkojan.exe
        
        C:\Windows\system32\ybmwkojan.exe 868 "C:\Windows\SysWOW64\kovhekdvz.exe"
        92⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\kahztohpo.exe
        
        C:\Windows\system32\kahztohpo.exe 872 "C:\Windows\SysWOW64\ybmwkojan.exe"
        93⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\ucfjgsvkb.exe
        
        C:\Windows\system32\ucfjgsvkb.exe 876 "C:\Windows\SysWOW64\kahztohpo.exe"
        94⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\hbzmoatrb.exe
        
        C:\Windows\system32\hbzmoatrb.exe 880 "C:\Windows\SysWOW64\ucfjgsvkb.exe"
        95⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\radkzzaqc.exe
        
        C:\Windows\system32\radkzzaqc.exe 892 "C:\Windows\SysWOW64\hbzmoatrb.exe"
        96⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\hixrgiefv.exe
        
        C:\Windows\system32\hixrgiefv.exe 884 "C:\Windows\SysWOW64\radkzzaqc.exe"
        97⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\rwqheprcu.exe
        
        C:\Windows\system32\rwqheprcu.exe 888 "C:\Windows\SysWOW64\hixrgiefv.exe"
        98⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\euskmyprv.exe
        
        C:\Windows\system32\euskmyprv.exe 896 "C:\Windows\SysWOW64\rwqheprcu.exe"
        99⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\rlnmvyuyw.exe
        
        C:\Windows\system32\rlnmvyuyw.exe 900 "C:\Windows\SysWOW64\euskmyprv.exe"
        100⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\dbipegafp.exe
        
        C:\Windows\system32\dbipegafp.exe 904 "C:\Windows\SysWOW64\rlnmvyuyw.exe"
        101⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\ialsmoxmq.exe
        
        C:\Windows\system32\ialsmoxmq.exe 916 "C:\Windows\SysWOW64\dbipegafp.exe"
        102⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\solpkokjp.exe
        
        C:\Windows\system32\solpkokjp.exe 912 "C:\Windows\SysWOW64\ialsmoxmq.exe"
        103⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\fegstwqqq.exe
        
        C:\Windows\system32\fegstwqqq.exe 924 "C:\Windows\SysWOW64\solpkokjp.exe"
        104⤵
        Drops file in System32 directory
        
        PID:2208
        
        C:\Windows\SysWOW64\svbmbevxr.exe
        
        C:\Windows\system32\svbmbevxr.exe 908 "C:\Windows\SysWOW64\fegstwqqq.exe"
        105⤵
        Drops file in System32 directory
        
        PID:2080
        
        C:\Windows\SysWOW64\ftepketej.exe
        
        C:\Windows\system32\ftepketej.exe 932 "C:\Windows\SysWOW64\svbmbevxr.exe"
        106⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\skzstmzuk.exe
        
        C:\Windows\system32\skzstmzuk.exe 920 "C:\Windows\SysWOW64\ftepketej.exe"
        107⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\byzpjumqj.exe
        
        C:\Windows\system32\byzpjumqj.exe 928 "C:\Windows\SysWOW64\skzstmzuk.exe"
        108⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\opuszcrxk.exe
        
        C:\Windows\system32\opuszcrxk.exe 936 "C:\Windows\SysWOW64\byzpjumqj.exe"
        109⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\bnpuicpel.exe
        
        C:\Windows\system32\bnpuicpel.exe 940 "C:\Windows\SysWOW64\opuszcrxk.exe"
        110⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\oesxqkumm.exe
        
        C:\Windows\system32\oesxqkumm.exe 944 "C:\Windows\SysWOW64\bnpuicpel.exe"
        111⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\bcnazsatf.exe
        
        C:\Windows\system32\bcnazsatf.exe 948 "C:\Windows\SysWOW64\oesxqkumm.exe"
        112⤵
        
        PID:880
        
        C:\Windows\SysWOW64\linppsnpe.exe
        
        C:\Windows\system32\linppsnpe.exe 952 "C:\Windows\SysWOW64\bcnazsatf.exe"
        113⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\yhisyalxf.exe
        
        C:\Windows\system32\yhisyalxf.exe 964 "C:\Windows\SysWOW64\linppsnpe.exe"
        114⤵
        Drops file in System32 directory
        
        PID:2164
        
        C:\Windows\SysWOW64\kxlvgiqeg.exe
        
        C:\Windows\system32\kxlvgiqeg.exe 956 "C:\Windows\SysWOW64\yhisyalxf.exe"
        115⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\xwgxxiwtg.exe
        
        C:\Windows\system32\xwgxxiwtg.exe 960 "C:\Windows\SysWOW64\kxlvgiqeg.exe"
        116⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\hyviklcnt.exe
        
        C:\Windows\system32\hyviklcnt.exe 968 "C:\Windows\SysWOW64\xwgxxiwtg.exe"
        117⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\uxqktuium.exe
        
        C:\Windows\system32\uxqktuium.exe 972 "C:\Windows\SysWOW64\hyviklcnt.exe"
        118⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\zfvfpitft.exe
        
        C:\Windows\system32\zfvfpitft.exe 976 "C:\Windows\SysWOW64\uxqktuium.exe"
        119⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\jxkduynau.exe
        
        C:\Windows\system32\jxkduynau.exe 980 "C:\Windows\SysWOW64\zfvfpitft.exe"
        120⤵
        
        PID:664
        
        C:\Windows\SysWOW64\rijirrduo.exe
        
        C:\Windows\system32\rijirrduo.exe 984 "C:\Windows\SysWOW64\jxkduynau.exe"
        121⤵
        
        PID:968
        
        C:\Windows\SysWOW64\gycqxbzjh.exe
        
        C:\Windows\system32\gycqxbzjh.exe 1000 "C:\Windows\SysWOW64\rijirrduo.exe"
        122⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\tpxsgjeqi.exe
        
        C:\Windows\system32\tpxsgjeqi.exe 988 "C:\Windows\SysWOW64\gycqxbzjh.exe"
        123⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\dzndtmlsv.exe
        
        C:\Windows\system32\dzndtmlsv.exe 992 "C:\Windows\SysWOW64\tpxsgjeqi.exe"
        124⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\qqhgcmqzw.exe
        
        C:\Windows\system32\qqhgcmqzw.exe 996 "C:\Windows\SysWOW64\dzndtmlsv.exe"
        125⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\dokikvwho.exe
        
        C:\Windows\system32\dokikvwho.exe 1004 "C:\Windows\SysWOW64\qqhgcmqzw.exe"
        126⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\nclyicjdw.exe
        
        C:\Windows\system32\nclyicjdw.exe 1008 "C:\Windows\SysWOW64\dokikvwho.exe"
        127⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\uznlsnmtj.exe
        
        C:\Windows\system32\uznlsnmtj.exe 1012 "C:\Windows\SysWOW64\nclyicjdw.exe"
        128⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\kogtzfpic.exe
        
        C:\Windows\system32\kogtzfpic.exe 1016 "C:\Windows\SysWOW64\uznlsnmtj.exe"
        129⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\xfbvhfnxd.exe
        
        C:\Windows\system32\xfbvhfnxd.exe 1020 "C:\Windows\SysWOW64\kogtzfpic.exe"
        130⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\gtclfmatc.exe
        
        C:\Windows\system32\gtclfmatc.exe 1028 "C:\Windows\SysWOW64\xfbvhfnxd.exe"
        131⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\trxnoufbd.exe
        
        C:\Windows\system32\trxnoufbd.exe 1036 "C:\Windows\SysWOW64\gtclfmatc.exe"
        132⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\gisqxvlie.exe
        
        C:\Windows\system32\gisqxvlie.exe 1032 "C:\Windows\SysWOW64\trxnoufbd.exe"
        133⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\tyutfdjpx.exe
        
        C:\Windows\system32\tyutfdjpx.exe 1040 "C:\Windows\SysWOW64\gisqxvlie.exe"
        134⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\gxpwolowx.exe
        
        C:\Windows\system32\gxpwolowx.exe 1044 "C:\Windows\SysWOW64\tyutfdjpx.exe"
        135⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\qafgbouyk.exe
        
        C:\Windows\system32\qafgbouyk.exe 1056 "C:\Windows\SysWOW64\gxpwolowx.exe"
        136⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\dyhjkoafl.exe
        
        C:\Windows\system32\dyhjkoafl.exe 1048 "C:\Windows\SysWOW64\qafgbouyk.exe"
        137⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\nbxtfrgzy.exe
        
        C:\Windows\system32\nbxtfrgzy.exe 1052 "C:\Windows\SysWOW64\dyhjkoafl.exe"
        138⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\zddbqetjl.exe
        
        C:\Windows\system32\zddbqetjl.exe 1060 "C:\Windows\SysWOW64\nbxtfrgzy.exe"
        139⤵
        Drops file in System32 directory
        
        PID:2892
        
        C:\Windows\SysWOW64\mtydzeqqm.exe
        
        C:\Windows\system32\mtydzeqqm.exe 1064 "C:\Windows\SysWOW64\zddbqetjl.exe"
        140⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\zssghmwxf.exe
        
        C:\Windows\system32\zssghmwxf.exe 1068 "C:\Windows\SysWOW64\mtydzeqqm.exe"
        141⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\mivjqubff.exe
        
        C:\Windows\system32\mivjqubff.exe 1072 "C:\Windows\SysWOW64\zssghmwxf.exe"
        142⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\zzqlzczmg.exe
        
        C:\Windows\system32\zzqlzczmg.exe 1076 "C:\Windows\SysWOW64\mivjqubff.exe"
        143⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\jnrjxcmqg.exe
        
        C:\Windows\system32\jnrjxcmqg.exe 1088 "C:\Windows\SysWOW64\zzqlzczmg.exe"
        144⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\wllmfksyg.exe
        
        C:\Windows\system32\wllmfksyg.exe 1080 "C:\Windows\SysWOW64\jnrjxcmqg.exe"
        145⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\jydbloqcn.exe
        
        C:\Windows\system32\jydbloqcn.exe 1084 "C:\Windows\SysWOW64\wllmfksyg.exe"
        146⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\smezbvdzu.exe
        
        C:\Windows\system32\smezbvdzu.exe 1092 "C:\Windows\SysWOW64\jydbloqcn.exe"
        147⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\fdybkvjgn.exe
        
        C:\Windows\system32\fdybkvjgn.exe 1096 "C:\Windows\SysWOW64\smezbvdzu.exe"
        148⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\stbwaehvo.exe
        
        C:\Windows\system32\stbwaehvo.exe 1100 "C:\Windows\SysWOW64\fdybkvjgn.exe"
        149⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\xswzjmmco.exe
        
        C:\Windows\system32\xswzjmmco.exe 1104 "C:\Windows\SysWOW64\stbwaehvo.exe"
        150⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\kirbsmskh.exe
        
        C:\Windows\system32\kirbsmskh.exe 1108 "C:\Windows\SysWOW64\xswzjmmco.exe"
        151⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\uwrzitfgo.exe
        
        C:\Windows\system32\uwrzitfgo.exe 1120 "C:\Windows\SysWOW64\kirbsmskh.exe"
        152⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\hnmbqccnh.exe
        
        C:\Windows\system32\hnmbqccnh.exe 1112 "C:\Windows\SysWOW64\uwrzitfgo.exe"
        153⤵
        Drops file in System32 directory
        
        PID:408
        
        C:\Windows\SysWOW64\uaerwxjaw.exe
        
        C:\Windows\system32\uaerwxjaw.exe 1132 "C:\Windows\SysWOW64\hnmbqccnh.exe"
        154⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\doeoufoxv.exe
        
        C:\Windows\system32\doeoufoxv.exe 1116 "C:\Windows\SysWOW64\uaerwxjaw.exe"
        155⤵
        
        PID:448
        
        C:\Windows\SysWOW64\qmzrdnuew.exe
        
        C:\Windows\system32\qmzrdnuew.exe 1124 "C:\Windows\SysWOW64\doeoufoxv.exe"
        156⤵
        
        PID:800
        
        C:\Windows\SysWOW64\yuvjpcdov.exe
        
        C:\Windows\system32\yuvjpcdov.exe 1128 "C:\Windows\SysWOW64\qmzrdnuew.exe"
        157⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\iqouexetj.exe
        
        C:\Windows\system32\iqouexetj.exe 1136 "C:\Windows\SysWOW64\yuvjpcdov.exe"
        158⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\pxjurmndq.exe
        
        C:\Windows\system32\pxjurmndq.exe 1140 "C:\Windows\SysWOW64\iqouexetj.exe"
        159⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\xfwmlkxvp.exe
        
        C:\Windows\system32\xfwmlkxvp.exe 1144 "C:\Windows\SysWOW64\pxjurmndq.exe"
        160⤵
        Drops file in System32 directory
        
        PID:112
        
        C:\Windows\SysWOW64\ejhzuvalk.exe
        
        C:\Windows\system32\ejhzuvalk.exe 1148 "C:\Windows\SysWOW64\xfwmlkxvp.exe"
        161⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\mcgzjcehl.exe
        
        C:\Windows\system32\mcgzjcehl.exe 1152 "C:\Windows\SysWOW64\ejhzuvalk.exe"
        162⤵
        Drops file in System32 directory
        
        PID:328
        
        C:\Windows\SysWOW64\rpzhclipf.exe
        
        C:\Windows\system32\rpzhclipf.exe 1156 "C:\Windows\SysWOW64\mcgzjcehl.exe"
        163⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\erfpoyvqs.exe
        
        C:\Windows\system32\erfpoyvqs.exe 1160 "C:\Windows\SysWOW64\rpzhclipf.exe"
        164⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\rhiswysyl.exe
        
        C:\Windows\system32\rhiswysyl.exe 1164 "C:\Windows\SysWOW64\erfpoyvqs.exe"
        165⤵
        
        PID:868
        
        C:\Windows\SysWOW64\bgmphxaxl.exe
        
        C:\Windows\system32\bgmphxaxl.exe 1168 "C:\Windows\SysWOW64\rhiswysyl.exe"
        166⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\nmdsdoljl.exe
        
        C:\Windows\system32\nmdsdoljl.exe 1172 "C:\Windows\SysWOW64\bgmphxaxl.exe"
        167⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\akyulorqm.exe
        
        C:\Windows\system32\akyulorqm.exe 1176 "C:\Windows\SysWOW64\nmdsdoljl.exe"
        168⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\kkkswnqqm.exe
        
        C:\Windows\system32\kkkswnqqm.exe 1180 "C:\Windows\SysWOW64\akyulorqm.exe"
        169⤵
        
        PID:484
        
        C:\Windows\SysWOW64\arwadeufg.exe
        
        C:\Windows\system32\arwadeufg.exe 1184 "C:\Windows\SysWOW64\kkkswnqqm.exe"
        170⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\kclkqhazs.exe
        
        C:\Windows\system32\kclkqhazs.exe 1188 "C:\Windows\SysWOW64\arwadeufg.exe"
        171⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\xtgfyhfot.exe
        
        C:\Windows\system32\xtgfyhfot.exe 1200 "C:\Windows\SysWOW64\kclkqhazs.exe"
        172⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\hdvpukmig.exe
        
        C:\Windows\system32\hdvpukmig.exe 1192 "C:\Windows\SysWOW64\xtgfyhfot.exe"
        173⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\uuysctrph.exe
        
        C:\Windows\system32\uuysctrph.exe 1196 "C:\Windows\SysWOW64\hdvpukmig.exe"
        174⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\gweioxwzu.exe
        
        C:\Windows\system32\gweioxwzu.exe 1204 "C:\Windows\SysWOW64\uuysctrph.exe"
        175⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\oaovxqgph.exe
        
        C:\Windows\system32\oaovxqgph.exe 468 "C:\Windows\SysWOW64\gweioxwzu.exe"
        176⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\iqgiuaxfv.exe
        
        C:\Windows\system32\iqgiuaxfv.exe 472 "C:\Windows\SysWOW64\oaovxqgph.exe"
        177⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\sfhleiitp.exe
        
        C:\Windows\system32\sfhleiitp.exe 1208 "C:\Windows\SysWOW64\iqgiuaxfv.exe"
        178⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\lwhiumrss.exe
        
        C:\Windows\system32\lwhiumrss.exe 476 "C:\Windows\SysWOW64\sfhleiitp.exe"
        179⤵
        
        PID:792
        
        C:\Windows\SysWOW64\szhgltjvs.exe
        
        C:\Windows\system32\szhgltjvs.exe 480 "C:\Windows\SysWOW64\lwhiumrss.exe"
        180⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\jsriaaddm.exe
        
        C:\Windows\system32\jsriaaddm.exe 484 "C:\Windows\SysWOW64\szhgltjvs.exe"
        181⤵
        
        PID:648
        
        C:\Windows\SysWOW64\trvgszkdn.exe
        
        C:\Windows\system32\trvgszkdn.exe 460 "C:\Windows\SysWOW64\jsriaaddm.exe"
        182⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\drhdcyscn.exe
        
        C:\Windows\system32\drhdcyscn.exe 448 "C:\Windows\SysWOW64\trvgszkdn.exe"
        183⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\oqljnxrcn.exe
        
        C:\Windows\system32\oqljnxrcn.exe 488 "C:\Windows\SysWOW64\drhdcyscn.exe"
        184⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\vqkbbdvpn.exe
        
        C:\Windows\system32\vqkbbdvpn.exe 432 "C:\Windows\SysWOW64\oqljnxrcn.exe"
        185⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\lnsjovfjo.exe
        
        C:\Windows\system32\lnsjovfjo.exe 496 "C:\Windows\SysWOW64\vqkbbdvpn.exe"
        186⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\kcpgfmixh.exe
        
        C:\Windows\system32\kcpgfmixh.exe 436 "C:\Windows\SysWOW64\lnsjovfjo.exe"
        187⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\azporerra.exe
        
        C:\Windows\system32\azporerra.exe 504 "C:\Windows\SysWOW64\kcpgfmixh.exe"
        188⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\waibvhdso.exe
        
        C:\Windows\system32\waibvhdso.exe 440 "C:\Windows\SysWOW64\azporerra.exe"
        189⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\bnazaucfq.exe
        
        C:\Windows\system32\bnazaucfq.exe 1220 "C:\Windows\SysWOW64\waibvhdso.exe"
        190⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\kfozgswnk.exe
        
        C:\Windows\system32\kfozgswnk.exe 444 "C:\Windows\SysWOW64\bnazaucfq.exe"
        191⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\oguxqfbxl.exe
        
        C:\Windows\system32\oguxqfbxl.exe 1228 "C:\Windows\SysWOW64\kfozgswnk.exe"
        192⤵
        Drops file in System32 directory
        
        PID:2508
        
        C:\Windows\SysWOW64\yfgubejxl.exe
        
        C:\Windows\system32\yfgubejxl.exe 1216 "C:\Windows\SysWOW64\oguxqfbxl.exe"
        193⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\gjqhsplmy.exe
        
        C:\Windows\system32\gjqhsplmy.exe 1236 "C:\Windows\SysWOW64\yfgubejxl.exe"
        194⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\pmgrfsagt.exe
        
        C:\Windows\system32\pmgrfsagt.exe 1284 "C:\Windows\SysWOW64\gjqhsplmy.exe"
        195⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\xqqxxlceg.exe
        
        C:\Windows\system32\xqqxxlceg.exe 1288 "C:\Windows\SysWOW64\pmgrfsagt.exe"
        196⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\zahupikcn.exe
        
        C:\Windows\system32\zahupikcn.exe 1292 "C:\Windows\SysWOW64\xqqxxlceg.exe"
        197⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\eqmhlowft.exe
        
        C:\Windows\system32\eqmhlowft.exe 1276 "C:\Windows\SysWOW64\zahupikcn.exe"
        198⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\muouuzyvg.exe
        
        C:\Windows\system32\muouuzyvg.exe 1300 "C:\Windows\SysWOW64\eqmhlowft.exe"
        199⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\tzzhmsblb.exe
        
        C:\Windows\system32\tzzhmsblb.exe 1304 "C:\Windows\SysWOW64\muouuzyvg.exe"
        200⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\yahcuphyb.exe
        
        C:\Windows\system32\yahcuphyb.exe 1308 "C:\Windows\SysWOW64\tzzhmsblb.exe"
        201⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\duxcthzdu.exe
        
        C:\Windows\system32\duxcthzdu.exe 1312 "C:\Windows\SysWOW64\yahcuphyb.exe"
        202⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\kyhpktctp.exe
        
        C:\Windows\system32\kyhpktctp.exe 1316 "C:\Windows\SysWOW64\duxcthzdu.exe"
        203⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\xanfwfgvu.exe
        
        C:\Windows\system32\xanfwfgvu.exe 1320 "C:\Windows\SysWOW64\kyhpktctp.exe"
        204⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\knxvcjfij.exe
        
        C:\Windows\system32\knxvcjfij.exe 1328 "C:\Windows\SysWOW64\xanfwfgvu.exe"
        205⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\xpdcnnkrw.exe
        
        C:\Windows\system32\xpdcnnkrw.exe 1324 "C:\Windows\SysWOW64\knxvcjfij.exe"
        206⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\kfffwwpyx.exe
        
        C:\Windows\system32\kfffwwpyx.exe 1332 "C:\Windows\SysWOW64\xpdcnnkrw.exe"
        207⤵
        Drops file in System32 directory
        
        PID:1896
        
        C:\Windows\SysWOW64\xeaiewvgq.exe
        
        C:\Windows\system32\xeaiewvgq.exe 1344 "C:\Windows\SysWOW64\kfffwwpyx.exe"
        208⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\gkbfcdicx.exe
        
        C:\Windows\system32\gkbfcdicx.exe 1336 "C:\Windows\SysWOW64\xeaiewvgq.exe"
        209⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\ufkvihhpd.exe
        
        C:\Windows\system32\ufkvihhpd.exe 1340 "C:\Windows\SysWOW64\gkbfcdicx.exe"
        210⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\yvnyrpmwe.exe
        
        C:\Windows\system32\yvnyrpmwe.exe 1348 "C:\Windows\SysWOW64\ufkvihhpd.exe"
        211⤵
        
        PID:556
        
        C:\Windows\SysWOW64\lmiazpkdf.exe
        
        C:\Windows\system32\lmiazpkdf.exe 1360 "C:\Windows\SysWOW64\yvnyrpmwe.exe"
        212⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\vajypxxae.exe
        
        C:\Windows\system32\vajypxxae.exe 1352 "C:\Windows\SysWOW64\lmiazpkdf.exe"
        213⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\iydagfchf.exe
        
        C:\Windows\system32\iydagfchf.exe 1356 "C:\Windows\SysWOW64\vajypxxae.exe"
        214⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\vpgvpnioy.exe
        
        C:\Windows\system32\vpgvpnioy.exe 1364 "C:\Windows\SysWOW64\iydagfchf.exe"
        215⤵
        Drops file in System32 directory
        
        PID:2392
        
        C:\Windows\SysWOW64\ifbyxnfvz.exe
        
        C:\Windows\system32\ifbyxnfvz.exe 1376 "C:\Windows\SysWOW64\vpgvpnioy.exe"
        216⤵
        Drops file in System32 directory
        
        PID:888
        
        C:\Windows\SysWOW64\vewagvldz.exe
        
        C:\Windows\system32\vewagvldz.exe 1372 "C:\Windows\SysWOW64\ifbyxnfvz.exe"
        217⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\fhlltzrfm.exe
        
        C:\Windows\system32\fhlltzrfm.exe 1368 "C:\Windows\SysWOW64\vewagvldz.exe"
        218⤵
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\jxqgpfdht.exe
        
        C:\Windows\system32\jxqgpfdht.exe 1380 "C:\Windows\SysWOW64\fhlltzrfm.exe"
        219⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\upgluvfku.exe
        
        C:\Windows\system32\upgluvfku.exe 1384 "C:\Windows\SysWOW64\jxqgpfdht.exe"
        220⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\yjoltnppn.exe
        
        C:\Windows\system32\yjoltnppn.exe 1388 "C:\Windows\SysWOW64\upgluvfku.exe"
        221⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\dvhtmpcxz.exe
        
        C:\Windows\system32\dvhtmpcxz.exe 1240 "C:\Windows\SysWOW64\yjoltnppn.exe"
        222⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\fyibyfumu.exe
        
        C:\Windows\system32\fyibyfumu.exe 1244 "C:\Windows\SysWOW64\dvhtmpcxz.exe"
        223⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mrhlhzzrj.exe
        
        C:\Windows\system32\mrhlhzzrj.exe 1248 "C:\Windows\SysWOW64\fyibyfumu.exe"
        224⤵
        Drops file in System32 directory
        
        PID:2468
        
        C:\Windows\SysWOW64\bvojeuwpj.exe
        
        C:\Windows\system32\bvojeuwpj.exe 1264 "C:\Windows\SysWOW64\mrhlhzzrj.exe"
        225⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\tnqbsajlp.exe
        
        C:\Windows\system32\tnqbsajlp.exe 1408 "C:\Windows\SysWOW64\bvojeuwpj.exe"
        226⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\gahryeiye.exe
        
        C:\Windows\system32\gahryeiye.exe 1412 "C:\Windows\SysWOW64\tnqbsajlp.exe"
        227⤵
        Drops file in System32 directory
        
        PID:1300
        
        C:\Windows\SysWOW64\ntgwvyrkq.exe
        
        C:\Windows\system32\ntgwvyrkq.exe 1416 "C:\Windows\SysWOW64\gahryeiye.exe"
        228⤵
        
        PID:548
        
        C:\Windows\SysWOW64\syaeohdsk.exe
        
        C:\Windows\system32\syaeohdsk.exe 1420 "C:\Windows\SysWOW64\ntgwvyrkq.exe"
        229⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\zckjxsgif.exe
        
        C:\Windows\system32\zckjxsgif.exe 1424 "C:\Windows\SysWOW64\syaeohdsk.exe"
        230⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\epdrqclqr.exe
        
        C:\Windows\system32\epdrqclqr.exe 1428 "C:\Windows\SysWOW64\zckjxsgif.exe"
        231⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\jfimmiwtx.exe
        
        C:\Windows\system32\jfimmiwtx.exe 1432 "C:\Windows\SysWOW64\epdrqclqr.exe"
        232⤵
        
        PID:240
        
        C:\Windows\SysWOW64\rkkzwtzjs.exe
        
        C:\Windows\system32\rkkzwtzjs.exe 1436 "C:\Windows\SysWOW64\jfimmiwtx.exe"
        233⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\ycjrkidet.exe
        
        C:\Windows\system32\ycjrkidet.exe 1440 "C:\Windows\SysWOW64\rkkzwtzjs.exe"
        234⤵
        
        PID:816
        
        C:\Windows\SysWOW64\dpdzekqmn.exe
        
        C:\Windows\system32\dpdzekqmn.exe 1444 "C:\Windows\SysWOW64\ycjrkidet.exe"
        235⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\ijthvcarg.exe
        
        C:\Windows\system32\ijthvcarg.exe 1448 "C:\Windows\SysWOW64\dpdzekqmn.exe"
        236⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\qkshjjefg.exe
        
        C:\Windows\system32\qkshjjefg.exe 1452 "C:\Windows\SysWOW64\ijthvcarg.exe"
        237⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\camksrbmh.exe
        
        C:\Windows\system32\camksrbmh.exe 1456 "C:\Windows\SysWOW64\qkshjjefg.exe"
        238⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\monziyoig.exe
        
        C:\Windows\system32\monziyoig.exe 1460 "C:\Windows\SysWOW64\camksrbmh.exe"
        239⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\zbfpounvv.exe
        
        C:\Windows\system32\zbfpounvv.exe 1464 "C:\Windows\SysWOW64\monziyoig.exe"
        240⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\mszsectco.exe
        
        C:\Windows\system32\mszsectco.exe 1468 "C:\Windows\SysWOW64\zbfpounvv.exe"
        241⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\wcpcrgzea.exe
        
        C:\Windows\system32\wcpcrgzea.exe 1472 "C:\Windows\SysWOW64\mszsectco.exe"
        242⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\jtkfaofmb.exe
        
        C:\Windows\system32\jtkfaofmb.exe 1476 "C:\Windows\SysWOW64\wcpcrgzea.exe"
        243⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\wrmhjoktc.exe
        
        C:\Windows\system32\wrmhjoktc.exe 1480 "C:\Windows\SysWOW64\jtkfaofmb.exe"
        244⤵
        
        PID:596
        
        C:\Windows\SysWOW64\gxnfhvxpb.exe
        
        C:\Windows\system32\gxnfhvxpb.exe 1484 "C:\Windows\SysWOW64\wrmhjoktc.exe"
        245⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\ifrcruxpb.exe
        
        C:\Windows\system32\ifrcruxpb.exe 1496 "C:\Windows\SysWOW64\gxnfhvxpb.exe"
        246⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\yjzxvhcji.exe
        
        C:\Windows\system32\yjzxvhcji.exe 1488 "C:\Windows\SysWOW64\ifrcruxpb.exe"
        247⤵
        Drops file in System32 directory
        
        PID:2520
        
        C:\Windows\SysWOW64\hxsulhhgq.exe
        
        C:\Windows\system32\hxsulhhgq.exe 1492 "C:\Windows\SysWOW64\yjzxvhcji.exe"
        248⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\ukkkrlolw.exe
        
        C:\Windows\system32\ukkkrlolw.exe 1500 "C:\Windows\SysWOW64\hxsulhhgq.exe"
        249⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\hbenatlsx.exe
        
        C:\Windows\system32\hbenatlsx.exe 1512 "C:\Windows\SysWOW64\ukkkrlolw.exe"
        250⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\rluxvwzuj.exe
        
        C:\Windows\system32\rluxvwzuj.exe 1508 "C:\Windows\SysWOW64\hbenatlsx.exe"
        251⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\ecwsdwxbk.exe
        
        C:\Windows\system32\ecwsdwxbk.exe 1504 "C:\Windows\SysWOW64\rluxvwzuj.exe"
        252⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\rarvmedil.exe
        
        C:\Windows\system32\rarvmedil.exe 1516 "C:\Windows\SysWOW64\ecwsdwxbk.exe"
        253⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\bgsscmqfk.exe
        
        C:\Windows\system32\bgsscmqfk.exe 1532 "C:\Windows\SysWOW64\rarvmedil.exe"
        254⤵
        
        PID:932
        
        C:\Windows\SysWOW64\ofnvluvmd.exe
        
        C:\Windows\system32\ofnvluvmd.exe 1520 "C:\Windows\SysWOW64\bgsscmqfk.exe"
        255⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\bvqxbutte.exe
        
        C:\Windows\system32\bvqxbutte.exe 1524 "C:\Windows\SysWOW64\ofnvluvmd.exe"
        256⤵
        
        PID:348
        
        C:\Windows\SysWOW64\kgfioxhvr.exe
        
        C:\Windows\system32\kgfioxhvr.exe 1528 "C:\Windows\SysWOW64\bvqxbutte.exe"
        257⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\ytoxubgaf.exe
        
        C:\Windows\system32\ytoxubgaf.exe 1536 "C:\Windows\SysWOW64\kgfioxhvr.exe"
        258⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\kjradjlpg.exe
        
        C:\Windows\system32\kjradjlpg.exe 1540 "C:\Windows\SysWOW64\ytoxubgaf.exe"
        259⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\uxsytjqmf.exe
        
        C:\Windows\system32\uxsytjqmf.exe 1552 "C:\Windows\SysWOW64\kjradjlpg.exe"
        260⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\honajrwtg.exe
        
        C:\Windows\system32\honajrwtg.exe 1544 "C:\Windows\SysWOW64\uxsytjqmf.exe"
        261⤵
        Drops file in System32 directory
        
        PID:2020
        
        C:\Windows\SysWOW64\umivszcaz.exe
        
        C:\Windows\system32\umivszcaz.exe 1548 "C:\Windows\SysWOW64\honajrwtg.exe"
        262⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\epxffciul.exe
        
        C:\Windows\system32\epxffciul.exe 1556 "C:\Windows\SysWOW64\umivszcaz.exe"
        263⤵
        
        PID:536
        
        C:\Windows\SysWOW64\rnaiocnjm.exe
        
        C:\Windows\system32\rnaiocnjm.exe 1580 "C:\Windows\SysWOW64\epxffciul.exe"
        264⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\bnefybvbm.exe
        
        C:\Windows\system32\bnefybvbm.exe 1560 "C:\Windows\SysWOW64\rnaiocnjm.exe"
        265⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\rupnfsryo.exe
        
        C:\Windows\system32\rupnfsryo.exe 1564 "C:\Windows\SysWOW64\bnefybvbm.exe"
        266⤵
        
        PID:904
        
        C:\Windows\SysWOW64\etsqotwfh.exe
        
        C:\Windows\system32\etsqotwfh.exe 1568 "C:\Windows\SysWOW64\rupnfsryo.exe"
        267⤵
        Drops file in System32 directory
        
        PID:588
        
        C:\Windows\SysWOW64\nhtnmajbo.exe
        
        C:\Windows\system32\nhtnmajbo.exe 1572 "C:\Windows\SysWOW64\etsqotwfh.exe"
        268⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\vasoshnxo.exe
        
        C:\Windows\system32\vasoshnxo.exe 1576 "C:\Windows\SysWOW64\nhtnmajbo.exe"
        269⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\iynqbplep.exe
        
        C:\Windows\system32\iynqbplep.exe 1584 "C:\Windows\SysWOW64\vasoshnxo.exe"
        270⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\sengzwyao.exe
        
        C:\Windows\system32\sengzwyao.exe 1588 "C:\Windows\SysWOW64\iynqbplep.exe"
        271⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\frfvfaxfu.exe
        
        C:\Windows\system32\frfvfaxfu.exe 1592 "C:\Windows\SysWOW64\sengzwyao.exe"
        272⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\jibqbgiqb.exe
        
        C:\Windows\system32\jibqbgiqb.exe 1596 "C:\Windows\SysWOW64\frfvfaxfu.exe"
        273⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\upoolfqqb.exe
        
        C:\Windows\system32\upoolfqqb.exe 1604 "C:\Windows\SysWOW64\jibqbgiqb.exe"
        274⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\eoslwexpb.exe
        
        C:\Windows\system32\eoslwexpb.exe 1600 "C:\Windows\SysWOW64\upoolfqqb.exe"
        275⤵
        
        PID:592
        
        C:\Windows\SysWOW64\qqybpqbrp.exe
        
        C:\Windows\system32\qqybpqbrp.exe 1616 "C:\Windows\SysWOW64\eoslwexpb.exe"
        276⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\dgtdyrhyq.exe
        
        C:\Windows\system32\dgtdyrhyq.exe 1608 "C:\Windows\SysWOW64\qqybpqbrp.exe"
        277⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\qtktdugle.exe
        
        C:\Windows\system32\qtktdugle.exe 1612 "C:\Windows\SysWOW64\dgtdyrhyq.exe"
        278⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\ahlrtcthd.exe
        
        C:\Windows\system32\ahlrtcthd.exe 1620 "C:\Windows\SysWOW64\qtktdugle.exe"
        279⤵
        Drops file in System32 directory
        
        PID:1744
        
        C:\Windows\SysWOW64\nygtckqpe.exe
        
        C:\Windows\system32\nygtckqpe.exe 1624 "C:\Windows\SysWOW64\ahlrtcthd.exe"
        280⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\awiwlkwwx.exe
        
        C:\Windows\system32\awiwlkwwx.exe 1628 "C:\Windows\SysWOW64\nygtckqpe.exe"
        281⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\nndztscdy.exe
        
        C:\Windows\system32\nndztscdy.exe 1632 "C:\Windows\SysWOW64\awiwlkwwx.exe"
        282⤵
        Drops file in System32 directory
        
        PID:2388
        
        C:\Windows\SysWOW64\xxtbpvifk.exe
        
        C:\Windows\system32\xxtbpvifk.exe 1636 "C:\Windows\SysWOW64\nndztscdy.exe"
        283⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\konexwnml.exe
        
        C:\Windows\system32\konexwnml.exe 1640 "C:\Windows\SysWOW64\xxtbpvifk.exe"
        284⤵
        Drops file in System32 directory
        
        PID:1632
        
        C:\Windows\SysWOW64\weqggettm.exe
        
        C:\Windows\system32\weqggettm.exe 1644 "C:\Windows\SysWOW64\konexwnml.exe"
        285⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\gpgrthzvz.exe
        
        C:\Windows\system32\gpgrthzvz.exe 1648 "C:\Windows\SysWOW64\weqggettm.exe"
        286⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\ucpghlyaf.exe
        
        C:\Windows\system32\ucpghlyaf.exe 1652 "C:\Windows\SysWOW64\gpgrthzvz.exe"
        287⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\dqqexslxm.exe
        
        C:\Windows\system32\dqqexslxm.exe 1656 "C:\Windows\SysWOW64\ucpghlyaf.exe"
        288⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\qhthfsref.exe
        
        C:\Windows\system32\qhthfsref.exe 1660 "C:\Windows\SysWOW64\dqqexslxm.exe"
        289⤵
        Drops file in System32 directory
        
        PID:2324
        
        C:\Windows\SysWOW64\dfnjoaolg.exe
        
        C:\Windows\system32\dfnjoaolg.exe 1664 "C:\Windows\SysWOW64\qhthfsref.exe"
        290⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\qwimxjuah.exe
        
        C:\Windows\system32\qwimxjuah.exe 1668 "C:\Windows\SysWOW64\dfnjoaolg.exe"
        291⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\dmlpfjziz.exe
        
        C:\Windows\system32\dmlpfjziz.exe 1676 "C:\Windows\SysWOW64\qwimxjuah.exe"
        292⤵
        
        PID:544
        
        C:\Windows\SysWOW64\fxazamgcu.exe
        
        C:\Windows\system32\fxazamgcu.exe 1672 "C:\Windows\SysWOW64\dmlpfjziz.exe"
        293⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\snvcjuljn.exe
        
        C:\Windows\system32\snvcjuljn.exe 1680 "C:\Windows\SysWOW64\fxazamgcu.exe"
        294⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\fmqesujqo.exe
        
        C:\Windows\system32\fmqesujqo.exe 1684 "C:\Windows\SysWOW64\snvcjuljn.exe"
        295⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\oaruicwun.exe
        
        C:\Windows\system32\oaruicwun.exe 1688 "C:\Windows\SysWOW64\fmqesujqo.exe"
        296⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\bqtwqkbco.exe
        
        C:\Windows\system32\bqtwqkbco.exe 1692 "C:\Windows\SysWOW64\oaruicwun.exe"
        297⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\ohozhshjp.exe
        
        C:\Windows\system32\ohozhshjp.exe 1700 "C:\Windows\SysWOW64\bqtwqkbco.exe"
        298⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\bfjcqsfqh.exe
        
        C:\Windows\system32\bfjcqsfqh.exe 1696 "C:\Windows\SysWOW64\ohozhshjp.exe"
        299⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\ligmdvtku.exe
        
        C:\Windows\system32\ligmdvtku.exe 1724 "C:\Windows\SysWOW64\bfjcqsfqh.exe"
        300⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\ygbpldqzv.exe
        
        C:\Windows\system32\ygbpldqzv.exe 1704 "C:\Windows\SysWOW64\ligmdvtku.exe"
        301⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\Windows\SysWOW64\lxwsumwhw.exe
        
        C:\Windows\system32\lxwsumwhw.exe 1716 "C:\Windows\SysWOW64\ygbpldqzv.exe"
        302⤵
        Drops file in System32 directory
        
        PID:2672
        
        C:\Windows\SysWOW64\vhlcphcbj.exe
        
        C:\Windows\system32\vhlcphcbj.exe 1708 "C:\Windows\SysWOW64\lxwsumwhw.exe"
        303⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\hyofypiij.exe
        
        C:\Windows\system32\hyofypiij.exe 1712 "C:\Windows\SysWOW64\vhlcphcbj.exe"
        304⤵
        Drops file in System32 directory
        
        PID:1972
        
        C:\Windows\SysWOW64\rbehlswkw.exe
        
        C:\Windows\system32\rbehlswkw.exe 1720 "C:\Windows\SysWOW64\hyofypiij.exe"
        305⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\hnecpxted.exe
        
        C:\Windows\system32\hnecpxted.exe 1728 "C:\Windows\SysWOW64\rbehlswkw.exe"
        306⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\rmqhzwtwd.exe
        
        C:\Windows\system32\rmqhzwtwd.exe 1732 "C:\Windows\SysWOW64\hnecpxted.exe"
        307⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\eowpljffr.exe
        
        C:\Windows\system32\eowpljffr.exe 1736 "C:\Windows\SysWOW64\rmqhzwtwd.exe"
        308⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\rfrstrcnr.exe
        
        C:\Windows\system32\rfrstrcnr.exe 1740 "C:\Windows\SysWOW64\eowpljffr.exe"
        309⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\bpgcpurpe.exe
        
        C:\Windows\system32\bpgcpurpe.exe 1744 "C:\Windows\SysWOW64\rfrstrcnr.exe"
        310⤵
        
        PID:344
        
        C:\Windows\SysWOW64\ogjfxuowf.exe
        
        C:\Windows\system32\ogjfxuowf.exe 1748 "C:\Windows\SysWOW64\bpgcpurpe.exe"
        311⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\bweigcudy.exe
        
        C:\Windows\system32\bweigcudy.exe 1752 "C:\Windows\SysWOW64\ogjfxuowf.exe"
        312⤵
        Drops file in System32 directory
        
        PID:640
        
        C:\Windows\SysWOW64\lhtstfafk.exe
        
        C:\Windows\system32\lhtstfafk.exe 1756 "C:\Windows\SysWOW64\bweigcudy.exe"
        313⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\yxovkfgml.exe
        
        C:\Windows\system32\yxovkfgml.exe 1760 "C:\Windows\SysWOW64\lhtstfafk.exe"
        314⤵
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\kwrxsolum.exe
        
        C:\Windows\system32\kwrxsolum.exe 1764 "C:\Windows\SysWOW64\yxovkfgml.exe"
        315⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\vvvvdmttm.exe
        
        C:\Windows\system32\vvvvdmttm.exe 1784 "C:\Windows\SysWOW64\kwrxsolum.exe"
        316⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\ejwstuyql.exe
        
        C:\Windows\system32\ejwstuyql.exe 1768 "C:\Windows\SysWOW64\vvvvdmttm.exe"
        317⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\rwnizyfva.exe
        
        C:\Windows\system32\rwnizyfva.exe 1772 "C:\Windows\SysWOW64\ejwstuyql.exe"
        318⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\emilpycca.exe
        
        C:\Windows\system32\emilpycca.exe 1776 "C:\Windows\SysWOW64\rwnizyfva.exe"
        319⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\oajaffpya.exe
        
        C:\Windows\system32\oajaffpya.exe 1780 "C:\Windows\SysWOW64\emilpycca.exe"
        320⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\brddonvnt.exe
        
        C:\Windows\system32\brddonvnt.exe 1788 "C:\Windows\SysWOW64\oajaffpya.exe"
        321⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\omvsurush.exe
        
        C:\Windows\system32\omvsurush.exe 1800 "C:\Windows\SysWOW64\brddonvnt.exe"
        322⤵
        Drops file in System32 directory
        
        PID:2612
        
        C:\Windows\SysWOW64\yswqsrhpg.exe
        
        C:\Windows\system32\yswqsrhpg.exe 1792 "C:\Windows\SysWOW64\omvsurush.exe"
        323⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\oewloeejv.exe
        
        C:\Windows\system32\oewloeejv.exe 1796 "C:\Windows\SysWOW64\yswqsrhpg.exe"
        324⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\xlwimlrfu.exe
        
        C:\Windows\system32\xlwimlrfu.exe 1804 "C:\Windows\SysWOW64\oewloeejv.exe"
        325⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\kjrlulwnn.exe
        
        C:\Windows\system32\kjrlulwnn.exe 1808 "C:\Windows\SysWOW64\xlwimlrfu.exe"
        326⤵
        Drops file in System32 directory
        
        PID:2220
        
        C:\Windows\SysWOW64\xaufduuuo.exe
        
        C:\Windows\system32\xaufduuuo.exe 1812 "C:\Windows\SysWOW64\kjrlulwnn.exe"
        327⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\kypilczbp.exe
        
        C:\Windows\system32\kypilczbp.exe 1816 "C:\Windows\SysWOW64\xaufduuuo.exe"
        328⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\xpklucfqq.exe
        
        C:\Windows\system32\xpklucfqq.exe 1820 "C:\Windows\SysWOW64\kypilczbp.exe"
        329⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\howqmbeqq.exe
        
        C:\Windows\system32\howqmbeqq.exe 1824 "C:\Windows\SysWOW64\xpklucfqq.exe"
        330⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\lpeqdtxvj.exe
        
        C:\Windows\system32\lpeqdtxvj.exe 1828 "C:\Windows\SysWOW64\howqmbeqq.exe"
        331⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\watvqjzqk.exe
        
        C:\Windows\system32\watvqjzqk.exe 1832 "C:\Windows\SysWOW64\lpeqdtxvj.exe"
        332⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\yyhdoomtq.exe
        
        C:\Windows\system32\yyhdoomtq.exe 1836 "C:\Windows\SysWOW64\watvqjzqk.exe"
        333⤵
        Drops file in System32 directory
        
        PID:1800
        
        C:\Windows\SysWOW64\iuiwwinqe.exe
        
        C:\Windows\system32\iuiwwinqe.exe 1268 "C:\Windows\SysWOW64\yyhdoomtq.exe"
        334⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cwlwvxlbf.exe
        
        C:\Windows\system32\cwlwvxlbf.exe 1252 "C:\Windows\SysWOW64\iuiwwinqe.exe"
        335⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\hcdwvntwz.exe
        
        C:\Windows\system32\hcdwvntwz.exe 1256 "C:\Windows\SysWOW64\cwlwvxlbf.exe"
        336⤵
        
        PID:864
        
        C:\Windows\SysWOW64\dsloqhiug.exe
        
        C:\Windows\system32\dsloqhiug.exe 1260 "C:\Windows\SysWOW64\hcdwvntwz.exe"
        337⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\lzygkwsmg.exe
        
        C:\Windows\system32\lzygkwsmg.exe 1296 "C:\Windows\SysWOW64\dsloqhiug.exe"
        338⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\yqbjtfxth.exe
        
        C:\Windows\system32\yqbjtfxth.exe 1860 "C:\Windows\SysWOW64\lzygkwsmg.exe"
        339⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cdnregccb.exe
        
        C:\Windows\system32\cdnregccb.exe 1864 "C:\Windows\SysWOW64\yqbjtfxth.exe"
        340⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\hqgzxqpkv.exe
        
        C:\Windows\system32\hqgzxqpkv.exe 1844 "C:\Windows\SysWOW64\cdnregccb.exe"
        341⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\pxcrsfycu.exe
        
        C:\Windows\system32\pxcrsfycu.exe 1856 "C:\Windows\SysWOW64\hqgzxqpkv.exe"
        342⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\wbmebrbsp.exe
        
        C:\Windows\system32\wbmebrbsp.exe 1404 "C:\Windows\SysWOW64\pxcrsfycu.exe"
        343⤵
        Drops file in System32 directory
        
        PID:2560
        
        C:\Windows\SysWOW64\ypphwrilj.exe
        
        C:\Windows\system32\ypphwrilj.exe 1396 "C:\Windows\SysWOW64\wbmebrbsp.exe"
        344⤵
        
        PID:568
        
        C:\Windows\SysWOW64\sjsryapmq.exe
        
        C:\Windows\system32\sjsryapmq.exe 452 "C:\Windows\SysWOW64\ypphwrilj.exe"
        345⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\hsmsywdzy.exe
        
        C:\Windows\system32\hsmsywdzy.exe 1280 "C:\Windows\SysWOW64\sjsryapmq.exe"
        346⤵
        Drops file in System32 directory
        
        PID:1624
        
        C:\Windows\SysWOW64\yvymakdcy.exe
        
        C:\Windows\system32\yvymakdcy.exe 1212 "C:\Windows\SysWOW64\hsmsywdzy.exe"
        347⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\casfngrty.exe
        
        C:\Windows\system32\casfngrty.exe 1848 "C:\Windows\SysWOW64\yvymakdcy.exe"
        348⤵
        Drops file in System32 directory
        
        PID:2656
        
        C:\Windows\SysWOW64\ktsxwzfgn.exe
        
        C:\Windows\system32\ktsxwzfgn.exe 1400 "C:\Windows\SysWOW64\casfngrty.exe"
        349⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\ocgcmaaza.exe
        
        C:\Windows\system32\ocgcmaaza.exe 1840 "C:\Windows\SysWOW64\ktsxwzfgn.exe"
        350⤵
        Drops file in System32 directory
        
        PID:2448
        
        C:\Windows\SysWOW64\pijxbnrjh.exe
        
        C:\Windows\system32\pijxbnrjh.exe 1852 "C:\Windows\SysWOW64\ocgcmaaza.exe"
        351⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\uneqojoii.exe
        
        C:\Windows\system32\uneqojoii.exe 1868 "C:\Windows\SysWOW64\pijxbnrjh.exe"
        352⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\zdkqwxxkj.exe
        
        C:\Windows\system32\zdkqwxxkj.exe 1872 "C:\Windows\SysWOW64\uneqojoii.exe"
        353⤵
        Drops file in System32 directory
        
        PID:2404
        
        C:\Windows\SysWOW64\vmpvmysde.exe
        
        C:\Windows\system32\vmpvmysde.exe 1876 "C:\Windows\SysWOW64\zdkqwxxkj.exe"
        354⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\xatqbljne.exe
        
        C:\Windows\system32\xatqbljne.exe 1924 "C:\Windows\SysWOW64\vmpvmysde.exe"
        355⤵
        Drops file in System32 directory
        
        PID:2680
        
        C:\Windows\SysWOW64\ftaqpsnim.exe
        
        C:\Windows\system32\ftaqpsnim.exe 1928 "C:\Windows\SysWOW64\xatqbljne.exe"
        356⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\jflyjbrqy.exe
        
        C:\Windows\system32\jflyjbrqy.exe 1916 "C:\Windows\SysWOW64\ftaqpsnim.exe"
        357⤵
        
        PID:580
        
        C:\Windows\SysWOW64\rrsdyvids.exe
        
        C:\Windows\system32\rrsdyvids.exe 1936 "C:\Windows\SysWOW64\jflyjbrqy.exe"
        358⤵
        
        PID:852
        
        C:\Windows\SysWOW64\yrrdmkeys.exe
        
        C:\Windows\system32\yrrdmkeys.exe 1940 "C:\Windows\SysWOW64\rrsdyvids.exe"
        359⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\dioqiqpbz.exe
        
        C:\Windows\system32\dioqiqpbz.exe 1944 "C:\Windows\SysWOW64\yrrdmkeys.exe"
        360⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\iyslwealg.exe
        
        C:\Windows\system32\iyslwealg.exe 1948 "C:\Windows\SysWOW64\dioqiqpbz.exe"
        361⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\pudyopdbt.exe
        
        C:\Windows\system32\pudyopdbt.exe 1952 "C:\Windows\SysWOW64\iyslwealg.exe"
        362⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\xynexaoro.exe
        
        C:\Windows\system32\xynexaoro.exe 1956 "C:\Windows\SysWOW64\pudyopdbt.exe"
        363⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\cpkytozuu.exe
        
        C:\Windows\system32\cpkytozuu.exe 1960 "C:\Windows\SysWOW64\xynexaoro.exe"
        364⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\jpizivvpv.exe
        
        C:\Windows\system32\jpizivvpv.exe 1964 "C:\Windows\SysWOW64\cpkytozuu.exe"
        365⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\rutmrogfi.exe
        
        C:\Windows\system32\rutmrogfi.exe 1968 "C:\Windows\SysWOW64\jpizivvpv.exe"
        366⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\wymmkqlnc.exe
        
        C:\Windows\system32\wymmkqlnc.exe 1972 "C:\Windows\SysWOW64\rutmrogfi.exe"
        367⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\bprhhewqi.exe
        
        C:\Windows\system32\bprhhewqi.exe 1976 "C:\Windows\SysWOW64\wymmkqlnc.exe"
        368⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\fbkoafbyd.exe
        
        C:\Windows\system32\fbkoafbyd.exe 1880 "C:\Windows\SysWOW64\bprhhewqi.exe"
        369⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\fmmronvfx.exe
        
        C:\Windows\system32\fmmronvfx.exe 1272 "C:\Windows\SysWOW64\fbkoafbyd.exe"
        370⤵
        Drops file in System32 directory
        
        PID:892
        
        C:\Windows\SysWOW64\mjfpzkpmy.exe
        
        C:\Windows\system32\mjfpzkpmy.exe 1988 "C:\Windows\SysWOW64\fmmronvfx.exe"
        371⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\tnhcrescl.exe
        
        C:\Windows\system32\tnhcrescl.exe 1992 "C:\Windows\SysWOW64\mjfpzkpmy.exe"
        372⤵
        Drops file in System32 directory
        
        PID:304
        
        C:\Windows\SysWOW64\ysbkcfxkf.exe
        
        C:\Windows\system32\ysbkcfxkf.exe 1996 "C:\Windows\SysWOW64\tnhcrescl.exe"
        373⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\dmrkbyppy.exe
        
        C:\Windows\system32\dmrkbyppy.exe 2000 "C:\Windows\SysWOW64\ysbkcfxkf.exe"
        374⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\kqtxsjsfl.exe
        
        C:\Windows\system32\kqtxsjsfl.exe 2004 "C:\Windows\SysWOW64\dmrkbyppy.exe"
        375⤵
        
        PID:720
        
        C:\Windows\SysWOW64\pdnflsxng.exe
        
        C:\Windows\system32\pdnflsxng.exe 2008 "C:\Windows\SysWOW64\kqtxsjsfl.exe"
        376⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\xhxsvehds.exe
        
        C:\Windows\system32\xhxsvehds.exe 2012 "C:\Windows\SysWOW64\pdnflsxng.exe"
        377⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\bxbfrslfz.exe
        
        C:\Windows\system32\bxbfrslfz.exe 2016 "C:\Windows\SysWOW64\xhxsvehds.exe"
        378⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\jcmsidwvu.exe
        
        C:\Windows\system32\jcmsidwvu.exe 2020 "C:\Windows\SysWOW64\bxbfrslfz.exe"
        379⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\ryoxsoylh.exe
        
        C:\Windows\system32\ryoxsoylh.exe 2024 "C:\Windows\SysWOW64\jcmsidwvu.exe"
        380⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\vlhflydtb.exe
        
        C:\Windows\system32\vlhflydtb.exe 2028 "C:\Windows\SysWOW64\ryoxsoylh.exe"
        381⤵
        Drops file in System32 directory
        
        PID:2036
        
        C:\Windows\SysWOW64\vprsujojo.exe
        
        C:\Windows\system32\vprsujojo.exe 2032 "C:\Windows\SysWOW64\vlhflydtb.exe"
        382⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\afwnqxzuv.exe
        
        C:\Windows\system32\afwnqxzuv.exe 2036 "C:\Windows\SysWOW64\vprsujojo.exe"
        383⤵
        
        PID:780
        
        C:\Windows\SysWOW64\iyvnfdvhv.exe
        
        C:\Windows\system32\iyvnfdvhv.exe 2040 "C:\Windows\SysWOW64\afwnqxzuv.exe"
        384⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\mosabrhsc.exe
        
        C:\Windows\system32\mosabrhsc.exe 2044 "C:\Windows\SysWOW64\iyvnfdvhv.exe"
        385⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\uscnkdrhx.exe
        
        C:\Windows\system32\uscnkdrhx.exe 2052 "C:\Windows\SysWOW64\mosabrhsc.exe"
        386⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\wofqfdyaq.exe
        
        C:\Windows\system32\wofqfdyaq.exe 2056 "C:\Windows\SysWOW64\uscnkdrhx.exe"
        387⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\ekpdxobyd.exe
        
        C:\Windows\system32\ekpdxobyd.exe 2060 "C:\Windows\SysWOW64\wofqfdyaq.exe"
        388⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\iauqtcmak.exe
        
        C:\Windows\system32\iauqtcmak.exe 2064 "C:\Windows\SysWOW64\ekpdxobyd.exe"
        389⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\qbtqzjqwk.exe
        
        C:\Windows\system32\qbtqzjqwk.exe 2068 "C:\Windows\SysWOW64\iauqtcmak.exe"
        390⤵
        Drops file in System32 directory
        
        PID:2540
        
        C:\Windows\SysWOW64\uvbqybbbd.exe
        
        C:\Windows\system32\uvbqybbbd.exe 2072 "C:\Windows\SysWOW64\qbtqzjqwk.exe"
        391⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\fnqvdrdwe.exe
        
        C:\Windows\system32\fnqvdrdwe.exe 2076 "C:\Windows\SysWOW64\uvbqybbbd.exe"
        392⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\krkdwtpey.exe
        
        C:\Windows\system32\krkdwtpey.exe 2080 "C:\Windows\SysWOW64\fnqvdrdwe.exe"
        393⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\oipyshtpf.exe
        
        C:\Windows\system32\oipyshtpf.exe 2084 "C:\Windows\SysWOW64\krkdwtpey.exe"
        394⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\tyllonerm.exe
        
        C:\Windows\system32\tyllonerm.exe 2088 "C:\Windows\SysWOW64\oipyshtpf.exe"
        395⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\bcwyygphz.exe
        
        C:\Windows\system32\bcwyygphz.exe 2092 "C:\Windows\SysWOW64\tyllonerm.exe"
        396⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\jduymnlch.exe
        
        C:\Windows\system32\jduymnlch.exe 2096 "C:\Windows\SysWOW64\bcwyygphz.exe"
        397⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\nxlylfdhs.exe
        
        C:\Windows\system32\nxlylfdhs.exe 2100 "C:\Windows\SysWOW64\jduymnlch.exe"
        398⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\vpjysmhvb.exe
        
        C:\Windows\system32\vpjysmhvb.exe 2104 "C:\Windows\SysWOW64\nxlylfdhs.exe"
        399⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\cumljxkkn.exe
        
        C:\Windows\system32\cumljxkkn.exe 2108 "C:\Windows\SysWOW64\vpjysmhvb.exe"
        400⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\hkqyxlvvu.exe
        
        C:\Windows\system32\hkqyxlvvu.exe 2112 "C:\Windows\SysWOW64\cumljxkkn.exe"
        401⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\mavttrhyb.exe
        
        C:\Windows\system32\mavttrhyb.exe 2116 "C:\Windows\SysWOW64\hkqyxlvvu.exe"
        402⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\rnpbmbmgv.exe
        
        C:\Windows\system32\rnpbmbmgv.exe 2120 "C:\Windows\SysWOW64\mavttrhyb.exe"
        403⤵
        Drops file in System32 directory
        
        PID:3688
        
        C:\Windows\SysWOW64\ygobbiqbv.exe
        
        C:\Windows\system32\ygobbiqbv.exe 2124 "C:\Windows\SysWOW64\rnpbmbmgv.exe"
        404⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\dwkopwbec.exe
        
        C:\Windows\system32\dwkopwbec.exe 2128 "C:\Windows\SysWOW64\ygobbiqbv.exe"
        405⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\kegojllwc.exe
        
        C:\Windows\system32\kegojllwc.exe 2132 "C:\Windows\SysWOW64\dwkopwbec.exe"
        406⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\pqzwcvpew.exe
        
        C:\Windows\system32\pqzwcvpew.exe 2136 "C:\Windows\SysWOW64\kegojllwc.exe"
        407⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\xjywjctsw.exe
        
        C:\Windows\system32\xjywjctsw.exe 2140 "C:\Windows\SysWOW64\pqzwcvpew.exe"
        408⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\czvjfqfcd.exe
        
        C:\Windows\system32\czvjfqfcd.exe 2144 "C:\Windows\SysWOW64\xjywjctsw.exe"
        409⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\kacjuxbql.exe
        
        C:\Windows\system32\kacjuxbql.exe 2148 "C:\Windows\SysWOW64\czvjfqfcd.exe"
        410⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\oukjkptve.exe
        
        C:\Windows\system32\oukjkptve.exe 2152 "C:\Windows\SysWOW64\kacjuxbql.exe"
        411⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\wvjjzwxqf.exe
        
        C:\Windows\system32\wvjjzwxqf.exe 2156 "C:\Windows\SysWOW64\oukjkptve.exe"
        412⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\aloevkatl.exe
        
        C:\Windows\system32\aloevkatl.exe 2160 "C:\Windows\SysWOW64\wvjjzwxqf.exe"
        413⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\iemecreom.exe
        
        C:\Windows\system32\iemecreom.exe 2164 "C:\Windows\SysWOW64\aloevkatl.exe"
        414⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\nujzyfqrs.exe
        
        C:\Windows\system32\nujzyfqrs.exe 2168 "C:\Windows\SysWOW64\iemecreom.exe"
        415⤵
        Drops file in System32 directory
        
        PID:3324
        
        C:\Windows\SysWOW64\kkomulbbz.exe
        
        C:\Windows\system32\kkomulbbz.exe 2172 "C:\Windows\SysWOW64\nujzyfqrs.exe"
        416⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\rlnmarfpz.exe
        
        C:\Windows\system32\rlnmarfpz.exe 2176 "C:\Windows\SysWOW64\kkomulbbz.exe"
        417⤵
        Drops file in System32 directory
        
        PID:3480
        
        C:\Windows\SysWOW64\wtshwfrzg.exe
        
        C:\Windows\system32\wtshwfrzg.exe 2180 "C:\Windows\SysWOW64\rlnmarfpz.exe"
        418⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\eurhlmnnh.exe
        
        C:\Windows\system32\eurhlmnnh.exe 2184 "C:\Windows\SysWOW64\wtshwfrzg.exe"
        419⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\iozhkffsa.exe
        
        C:\Windows\system32\iozhkffsa.exe 2188 "C:\Windows\SysWOW64\eurhlmnnh.exe"
        420⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\qoxhqljni.exe
        
        C:\Windows\system32\qoxhqljni.exe 2192 "C:\Windows\SysWOW64\iozhkffsa.exe"
        421⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\vfccmzuqh.exe
        
        C:\Windows\system32\vfccmzuqh.exe 2196 "C:\Windows\SysWOW64\qoxhqljni.exe"
        422⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\dxbubgqlp.exe
        
        C:\Windows\system32\dxbubgqlp.exe 2200 "C:\Windows\SysWOW64\vfccmzuqh.exe"
        423⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\kclhkzbbc.exe
        
        C:\Windows\system32\kclhkzbbc.exe 2204 "C:\Windows\SysWOW64\dxbubgqlp.exe"
        424⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\psichfndj.exe
        
        C:\Windows\system32\psichfndj.exe 2208 "C:\Windows\SysWOW64\kclhkzbbc.exe"
        425⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\xwshqqptw.exe
        
        C:\Windows\system32\xwshqqptw.exe 2212 "C:\Windows\SysWOW64\psichfndj.exe"
        426⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\bjmpjaubq.exe
        
        C:\Windows\system32\bjmpjaubq.exe 2216 "C:\Windows\SysWOW64\xwshqqptw.exe"
        427⤵
        Drops file in System32 directory
        
        PID:3108
        
        C:\Windows\SysWOW64\jfwdblfrl.exe
        
        C:\Windows\system32\jfwdblfrl.exe 2220 "C:\Windows\SysWOW64\bjmpjaubq.exe"
        428⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\nheczepwe.exe
        
        C:\Windows\system32\nheczepwe.exe 2224 "C:\Windows\SysWOW64\jfwdblfrl.exe"
        429⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\vzddgktse.exe
        
        C:\Windows\system32\vzddgktse.exe 2228 "C:\Windows\SysWOW64\nheczepwe.exe"
        430⤵
        
        PID:960
        
        C:\Windows\SysWOW64\denqxvwhr.exe
        
        C:\Windows\system32\denqxvwhr.exe 2232 "C:\Windows\SysWOW64\vzddgktse.exe"
        431⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\iusdtkhky.exe
        
        C:\Windows\system32\iusdtkhky.exe 2236 "C:\Windows\SysWOW64\denqxvwhr.exe"
        432⤵
        Drops file in System32 directory
        
        PID:3488
        
        C:\Windows\SysWOW64\mkpxhytvf.exe
        
        C:\Windows\system32\mkpxhytvf.exe 2240 "C:\Windows\SysWOW64\iusdtkhky.exe"
        433⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\uozlzjwkr.exe
        
        C:\Windows\system32\uozlzjwkr.exe 2244 "C:\Windows\SysWOW64\mkpxhytvf.exe"
        434⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\ztssskatm.exe
        
        C:\Windows\system32\ztssskatm.exe 2248 "C:\Windows\SysWOW64\uozlzjwkr.exe"
        435⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\gxcycdlig.exe
        
        C:\Windows\system32\gxcycdlig.exe 2252 "C:\Windows\SysWOW64\ztssskatm.exe"
        436⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\lkwgvfqrt.exe
        
        C:\Windows\system32\lkwgvfqrt.exe 2256 "C:\Windows\SysWOW64\gxcycdlig.exe"
        437⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\vjadfexqt.exe
        
        C:\Windows\system32\vjadfexqt.exe 2260 "C:\Windows\SysWOW64\lkwgvfqrt.exe"
        438⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\dokqxxago.exe
        
        C:\Windows\system32\dokqxxago.exe 2264 "C:\Windows\SysWOW64\vjadfexqt.exe"
        439⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\lsudgilwb.exe
        
        C:\Windows\system32\lsudgilwb.exe 2268 "C:\Windows\SysWOW64\dokqxxago.exe"
        440⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\pxodzspev.exe
        
        C:\Windows\system32\pxodzspev.exe 2272 "C:\Windows\SysWOW64\lsudgilwb.exe"
        441⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\unlyvybhb.exe
        
        C:\Windows\system32\unlyvybhb.exe 2276 "C:\Windows\SysWOW64\pxodzspev.exe"
        442⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\zdptrmmri.exe
        
        C:\Windows\system32\zdptrmmri.exe 2280 "C:\Windows\SysWOW64\unlyvybhb.exe"
        443⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\geotytifi.exe
        
        C:\Windows\system32\geotytifi.exe 2284 "C:\Windows\SysWOW64\zdptrmmri.exe"
        444⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\lutguhupp.exe
        
        C:\Windows\system32\lutguhupp.exe 2288 "C:\Windows\SysWOW64\geotytifi.exe"
        445⤵
        
        PID:940
        
        C:\Windows\SysWOW64\schgowdzp.exe
        
        C:\Windows\system32\schgowdzp.exe 2292 "C:\Windows\SysWOW64\lutguhupp.exe"
        446⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\xhaohyqij.exe
        
        C:\Windows\system32\xhaohyqij.exe 2296 "C:\Windows\SysWOW64\schgowdzp.exe"
        447⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\flktrrtxe.exe
        
        C:\Windows\system32\flktrrtxe.exe 2300 "C:\Windows\SysWOW64\xhaohyqij.exe"
        448⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\kyebktygq.exe
        
        C:\Windows\system32\kyebktygq.exe 2304 "C:\Windows\SysWOW64\flktrrtxe.exe"
        449⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\sqdbrhbby.exe
        
        C:\Windows\system32\sqdbrhbby.exe 1980 "C:\Windows\SysWOW64\kyebktygq.exe"
        450⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\ohhwnonef.exe
        
        C:\Windows\system32\ohhwnonef.exe 2312 "C:\Windows\SysWOW64\sqdbrhbby.exe"
        451⤵
        Drops file in System32 directory
        
        PID:3656
        
        C:\Windows\SysWOW64\txejjcyge.exe
        
        C:\Windows\system32\txejjcyge.exe 2316 "C:\Windows\SysWOW64\ohhwnonef.exe"
        452⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\bydjxiccm.exe
        
        C:\Windows\system32\bydjxiccm.exe 2320 "C:\Windows\SysWOW64\txejjcyge.exe"
        453⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\foielwget.exe
        
        C:\Windows\system32\foielwget.exe 2324 "C:\Windows\SysWOW64\bydjxiccm.exe"
        454⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\nksjdhrcg.exe
        
        C:\Windows\system32\nksjdhrcg.exe 2328 "C:\Windows\SysWOW64\foielwget.exe"
        455⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\sapezwcfm.exe
        
        C:\Windows\system32\sapezwcfm.exe 2332 "C:\Windows\SysWOW64\nksjdhrcg.exe"
        456⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\zfzrihfuz.exe
        
        C:\Windows\system32\zfzrihfuz.exe 2336 "C:\Windows\SysWOW64\sapezwcfm.exe"
        457⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\erszbqkdt.exe
        
        C:\Windows\system32\erszbqkdt.exe 2340 "C:\Windows\SysWOW64\zfzrihfuz.exe"
        458⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\mkrrqxoqu.exe
        
        C:\Windows\system32\mkrrqxoqu.exe 2344 "C:\Windows\SysWOW64\erszbqkdt.exe"
        459⤵
        Drops file in System32 directory
        
        PID:3300
        
        C:\Windows\SysWOW64\qmzzphyvn.exe
        
        C:\Windows\system32\qmzzphyvn.exe 2348 "C:\Windows\SysWOW64\mkrrqxoqu.exe"
        460⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\yegzvwcqv.exe
        
        C:\Windows\system32\yegzvwcqv.exe 2352 "C:\Windows\SysWOW64\qmzzphyvn.exe"
        461⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\gjienhmgi.exe
        
        C:\Windows\system32\gjienhmgi.exe 2356 "C:\Windows\SysWOW64\yegzvwcqv.exe"
        462⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\lvcmyrroc.exe
        
        C:\Windows\system32\lvcmyrroc.exe 2360 "C:\Windows\SysWOW64\gjienhmgi.exe"
        463⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\shjrvlabo.exe
        
        C:\Windows\system32\shjrvlabo.exe 2364 "C:\Windows\SysWOW64\lvcmyrroc.exe"
        464⤵
        Drops file in System32 directory
        
        PID:3708
        
        C:\Windows\SysWOW64\xtuzovmji.exe
        
        C:\Windows\system32\xtuzovmji.exe 2368 "C:\Windows\SysWOW64\shjrvlabo.exe"
        465⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\eqemygpzd.exe
        
        C:\Windows\system32\eqemygpzd.exe 2372 "C:\Windows\SysWOW64\xtuzovmji.exe"
        466⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\efcsxosnx.exe
        
        C:\Windows\system32\efcsxosnx.exe 2376 "C:\Windows\SysWOW64\eqemygpzd.exe"
        467⤵
        Drops file in System32 directory
        
        PID:3828
        
        C:\Windows\SysWOW64\mmpkjlcfw.exe
        
        C:\Windows\system32\mmpkjlcfw.exe 2380 "C:\Windows\SysWOW64\efcsxosnx.exe"
        468⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\qzjscnooq.exe
        
        C:\Windows\system32\qzjscnooq.exe 2384 "C:\Windows\SysWOW64\mmpkjlcfw.exe"
        469⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\yhekwdqgy.exe
        
        C:\Windows\system32\yhekwdqgy.exe 2388 "C:\Windows\SysWOW64\qzjscnooq.exe"
        470⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\cxbflrbif.exe
        
        C:\Windows\system32\cxbflrbif.exe 2392 "C:\Windows\SysWOW64\yhekwdqgy.exe"
        471⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\kblsccmys.exe
        
        C:\Windows\system32\kblsccmys.exe 2396 "C:\Windows\SysWOW64\cxbflrbif.exe"
        472⤵
        
        PID:944
        
        C:\Windows\SysWOW64\pofavlrgm.exe
        
        C:\Windows\system32\pofavlrgm.exe 2400 "C:\Windows\SysWOW64\kblsccmys.exe"
        473⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\xkpffwtwz.exe
        
        C:\Windows\system32\xkpffwtwz.exe 2404 "C:\Windows\SysWOW64\pofavlrgm.exe"
        474⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\bxinygget.exe
        
        C:\Windows\system32\bxinygget.exe 2408 "C:\Windows\SysWOW64\xkpffwtwz.exe"
        475⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\gnniumspz.exe
        
        C:\Windows\system32\gnniumspz.exe 2412 "C:\Windows\SysWOW64\bxinygget.exe"
        476⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\oomiaboca.exe
        
        C:\Windows\system32\oomiaboca.exe 2416 "C:\Windows\SysWOW64\gnniumspz.exe"
        477⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\vkonsmysv.exe
        
        C:\Windows\system32\vkonsmysv.exe 2420 "C:\Windows\SysWOW64\oomiaboca.exe"
        478⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\abtioakdt.exe
        
        C:\Windows\system32\abtioakdt.exe 2424 "C:\Windows\SysWOW64\vkonsmysv.exe"
        479⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\frydkgnfa.exe
        
        C:\Windows\system32\frydkgnfa.exe 2428 "C:\Windows\SysWOW64\abtioakdt.exe"
        480⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\nsxvqvrbi.exe
        
        C:\Windows\system32\nsxvqvrbi.exe 2432 "C:\Windows\SysWOW64\frydkgnfa.exe"
        481⤵
        
        PID:320
        
        C:\Windows\SysWOW64\ritqmbddh.exe
        
        C:\Windows\system32\ritqmbddh.exe 2436 "C:\Windows\SysWOW64\nsxvqvrbi.exe"
        482⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\zeedwmgtc.exe
        
        C:\Windows\system32\zeedwmgtc.exe 2440 "C:\Windows\SysWOW64\ritqmbddh.exe"
        483⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\gioinfqjp.exe
        
        C:\Windows\system32\gioinfqjp.exe 2444 "C:\Windows\SysWOW64\zeedwmgtc.exe"
        484⤵
        Drops file in System32 directory
        
        PID:3364
        
        C:\Windows\SysWOW64\dvhqhhvrj.exe
        
        C:\Windows\system32\dvhqhhvrj.exe 2448 "C:\Windows\SysWOW64\gioinfqjp.exe"
        485⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\lzsdqayhw.exe
        
        C:\Windows\system32\lzsdqayhw.exe 2452 "C:\Windows\SysWOW64\dvhqhhvrj.exe"
        486⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\qelljckpq.exe
        
        C:\Windows\system32\qelljckpq.exe 2456 "C:\Windows\SysWOW64\lzsdqayhw.exe"
        487⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\ugtliuvuj.exe
        
        C:\Windows\system32\ugtliuvuj.exe 2460 "C:\Windows\SysWOW64\qelljckpq.exe"
        488⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\cyslpbzqk.exe
        
        C:\Windows\system32\cyslpbzqk.exe 2464 "C:\Windows\SysWOW64\ugtliuvuj.exe"
        489⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\hpxglpksq.exe
        
        C:\Windows\system32\hpxglpksq.exe 2468 "C:\Windows\SysWOW64\cyslpbzqk.exe"
        490⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\ppwgzwooz.exe
        
        C:\Windows\system32\ppwgzwooz.exe 2472 "C:\Windows\SysWOW64\hpxglpksq.exe"
        491⤵
        Drops file in System32 directory
        
        PID:3724
        
        C:\Windows\SysWOW64\tgstvkaqx.exe
        
        C:\Windows\system32\tgstvkaqx.exe 2476 "C:\Windows\SysWOW64\ppwgzwooz.exe"
        492⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\yoxojqdte.exe
        
        C:\Windows\system32\yoxojqdte.exe 2480 "C:\Windows\SysWOW64\tgstvkaqx.exe"
        493⤵
        Drops file in System32 directory
        
        PID:3928
        
        C:\Windows\SysWOW64\fshtbborz.exe
        
        C:\Windows\system32\fshtbborz.exe 2484 "C:\Windows\SysWOW64\yoxojqdte.exe"
        494⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\ntgtpqkez.exe
        
        C:\Windows\system32\ntgtpqkez.exe 2488 "C:\Windows\SysWOW64\fshtbborz.exe"
        495⤵
        Drops file in System32 directory
        
        PID:1960
        
        C:\Windows\SysWOW64\vbutcftwh.exe
        
        C:\Windows\system32\vbutcftwh.exe 2492 "C:\Windows\SysWOW64\ntgtpqkez.exe"
        496⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\zrygytfzf.exe
        
        C:\Windows\system32\zrygytfzf.exe 2496 "C:\Windows\SysWOW64\vbutcftwh.exe"
        497⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\hvjtheqpa.exe
        
        C:\Windows\system32\hvjtheqpa.exe 2500 "C:\Windows\SysWOW64\zrygytfzf.exe"
        498⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\llnodktzh.exe
        
        C:\Windows\system32\llnodktzh.exe 2504 "C:\Windows\SysWOW64\hvjtheqpa.exe"
        499⤵
        Drops file in System32 directory
        
        PID:3440
        
        C:\Windows\SysWOW64\tiquudepu.exe
        
        C:\Windows\system32\tiquudepu.exe 2508 "C:\Windows\SysWOW64\llnodktzh.exe"
        500⤵
        Drops file in System32 directory
        
        PID:3540
        
        C:\Windows\SysWOW64\bmaheogfh.exe
        
        C:\Windows\system32\bmaheogfh.exe 2512 "C:\Windows\SysWOW64\tiquudepu.exe"
        501⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\fcecacsho.exe
        
        C:\Windows\system32\fcecacsho.exe 2516 "C:\Windows\SysWOW64\bmaheogfh.exe"
        502⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\nddcojwdw.exe
        
        C:\Windows\system32\nddcojwdw.exe 2520 "C:\Windows\SysWOW64\fcecacsho.exe"
        503⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\vhohyuzsj.exe
        
        C:\Windows\system32\vhohyuzsj.exe 2524 "C:\Windows\SysWOW64\nddcojwdw.exe"
        504⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\zpkcuikdp.exe
        
        C:\Windows\system32\zpkcuikdp.exe 2528 "C:\Windows\SysWOW64\vhohyuzsj.exe"
        505⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\htvhltntc.exe
        
        C:\Windows\system32\htvhltntc.exe 2532 "C:\Windows\SysWOW64\zpkcuikdp.exe"
        506⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\mkzchhyvj.exe
        
        C:\Windows\system32\mkzchhyvj.exe 2536 "C:\Windows\SysWOW64\htvhltntc.exe"
        507⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\tojprtble.exe
        
        C:\Windows\system32\tojprtble.exe 2540 "C:\Windows\SysWOW64\mkzchhyvj.exe"
        508⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\ypskhyhre.exe
        
        C:\Windows\system32\ypskhyhre.exe 2544 "C:\Windows\SysWOW64\tojprtble.exe"
        509⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\drakgizwx.exe
        
        C:\Windows\system32\drakgizwx.exe 2548 "C:\Windows\SysWOW64\ypskhyhre.exe"
        510⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\iwtsrseer.exe
        
        C:\Windows\system32\iwtsrseer.exe 2552 "C:\Windows\SysWOW64\drakgizwx.exe"
        511⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\padfjdhue.exe
        
        C:\Windows\system32\padfjdhue.exe 2556 "C:\Windows\SysWOW64\iwtsrseer.exe"
        512⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\xbcfxslpm.exe
        
        C:\Windows\system32\xbcfxslpm.exe 2560 "C:\Windows\SysWOW64\padfjdhue.exe"
        513⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\embkmmtcy.exe
        
        C:\Windows\system32\embkmmtcy.exe 2564 "C:\Windows\SysWOW64\xbcfxslpm.exe"
        514⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\jzusfngks.exe
        
        C:\Windows\system32\jzusfngks.exe 2568 "C:\Windows\SysWOW64\embkmmtcy.exe"
        515⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\rrtsmckgt.exe
        
        C:\Windows\system32\rrtsmckgt.exe 2572 "C:\Windows\SysWOW64\jzusfngks.exe"
        516⤵
        Drops file in System32 directory
        
        PID:1980
        
        C:\Windows\SysWOW64\vlbslnulm.exe
        
        C:\Windows\system32\vlbslnulm.exe 2576 "C:\Windows\SysWOW64\rrtsmckgt.exe"
        517⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\gdrxydwfn.exe
        
        C:\Windows\system32\gdrxydwfn.exe 2580 "C:\Windows\SysWOW64\vlbslnulm.exe"
        518⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\dqlfjmboh.exe
        
        C:\Windows\system32\dqlfjmboh.exe 2584 "C:\Windows\SysWOW64\gdrxydwfn.exe"
        519⤵
        Drops file in System32 directory
        
        PID:3132
        
        C:\Windows\SysWOW64\kygxdckgp.exe
        
        C:\Windows\system32\kygxdckgp.exe 2588 "C:\Windows\SysWOW64\dqlfjmboh.exe"
        520⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\plzfwmpob.exe
        
        C:\Windows\system32\plzfwmpob.exe 2592 "C:\Windows\SysWOW64\kygxdckgp.exe"
        521⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\xsnxjbygi.exe
        
        C:\Windows\system32\xsnxjbygi.exe 2596 "C:\Windows\SysWOW64\plzfwmpob.exe"
        522⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\bxgfcllhc.exe
        
        C:\Windows\system32\bxgfcllhc.exe 2600 "C:\Windows\SysWOW64\xsnxjbygi.exe"
        523⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\jbrstwowp.exe
        
        C:\Windows\system32\jbrstwowp.exe 2604 "C:\Windows\SysWOW64\bxgfcllhc.exe"
        524⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\osvfhkzhw.exe
        
        C:\Windows\system32\osvfhkzhw.exe 2608 "C:\Windows\SysWOW64\jbrstwowp.exe"
        525⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\vwytzvcxj.exe
        
        C:\Windows\system32\vwytzvcxj.exe 2612 "C:\Windows\SysWOW64\osvfhkzhw.exe"
        526⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\abrasxhfd.exe
        
        C:\Windows\system32\abrasxhfd.exe 2616 "C:\Windows\SysWOW64\vwytzvcxj.exe"
        527⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\kidycvofd.exe
        
        C:\Windows\system32\kidycvofd.exe 2620 "C:\Windows\SysWOW64\abrasxhfd.exe"
        528⤵
        Drops file in System32 directory
        
        PID:3400
        
        C:\Windows\SysWOW64\xcjnoitoq.exe
        
        C:\Windows\system32\xcjnoitoq.exe 2624 "C:\Windows\SysWOW64\kidycvofd.exe"
        529⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\kxtdtmztf.exe
        
        C:\Windows\system32\kxtdtmztf.exe 2628 "C:\Windows\SysWOW64\xcjnoitoq.exe"
        530⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\xnwgcmxay.exe
        
        C:\Windows\system32\xnwgcmxay.exe 2632 "C:\Windows\SysWOW64\kxtdtmztf.exe"
        531⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\hbwvatkxx.exe
        
        C:\Windows\system32\hbwvatkxx.exe 2636 "C:\Windows\SysWOW64\xnwgcmxay.exe"
        532⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\xgwqehhrm.exe
        
        C:\Windows\system32\xgwqehhrm.exe 2640 "C:\Windows\SysWOW64\hbwvatkxx.exe"
        533⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\gqmbrkvty.exe
        
        C:\Windows\system32\gqmbrkvty.exe 2644 "C:\Windows\SysWOW64\xgwqehhrm.exe"
        534⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\tksqdoavm.exe
        
        C:\Windows\system32\tksqdoavm.exe 2648 "C:\Windows\SysWOW64\gqmbrkvty.exe"
        535⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\gjvtlwfcf.exe
        
        C:\Windows\system32\gjvtlwfcf.exe 2652 "C:\Windows\SysWOW64\tksqdoavm.exe"
        536⤵
        Drops file in System32 directory
        
        PID:3076
        
        C:\Windows\SysWOW64\qlkdhzler.exe
        
        C:\Windows\system32\qlkdhzler.exe 2656 "C:\Windows\SysWOW64\gjvtlwfcf.exe"
        537⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\dkfgparls.exe
        
        C:\Windows\system32\dkfgparls.exe 2660 "C:\Windows\SysWOW64\qlkdhzler.exe"
        538⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\qelobmvvg.exe
        
        C:\Windows\system32\qelobmvvg.exe 2664 "C:\Windows\SysWOW64\dkfgparls.exe"
        539⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\drclgquzu.exe
        
        C:\Windows\system32\drclgquzu.exe 2668 "C:\Windows\SysWOW64\qelobmvvg.exe"
        540⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\qpxopqahn.exe
        
        C:\Windows\system32\qpxopqahn.exe 2672 "C:\Windows\SysWOW64\drclgquzu.exe"
        541⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\zvyenyfdu.exe
        
        C:\Windows\system32\zvyenyfdu.exe 1888 "C:\Windows\SysWOW64\qpxopqahn.exe"
        542⤵
        
        PID:764
        
        C:\Windows\SysWOW64\hairwrpbh.exe
        
        C:\Windows\system32\hairwrpbh.exe 1392 "C:\Windows\SysWOW64\zvyenyfdu.exe"
        543⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\rhmohhxth.exe
        
        C:\Windows\system32\rhmohhxth.exe 508 "C:\Windows\SysWOW64\hairwrpbh.exe"
        544⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\bgylzgxsh.exe
        
        C:\Windows\system32\bgylzgxsh.exe 1224 "C:\Windows\SysWOW64\rhmohhxth.exe"
        545⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\lfcjkfesh.exe
        
        C:\Windows\system32\lfcjkfesh.exe 1896 "C:\Windows\SysWOW64\bgylzgxsh.exe"
        546⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\vepguemsh.exe
        
        C:\Windows\system32\vepguemsh.exe 1884 "C:\Windows\SysWOW64\lfcjkfesh.exe"
        547⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\jryeiikew.exe
        
        C:\Windows\system32\jryeiikew.exe 1904 "C:\Windows\SysWOW64\vepguemsh.exe"
        548⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\tykbsgsew.exe
        
        C:\Windows\system32\tykbsgsew.exe 1892 "C:\Windows\SysWOW64\jryeiikew.exe"
        549⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\fsqretwgj.exe
        
        C:\Windows\system32\fsqretwgj.exe 1912 "C:\Windows\SysWOW64\tykbsgsew.exe"
        550⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\nlpwbnfav.exe
        
        C:\Windows\system32\nlpwbnfav.exe 1908 "C:\Windows\SysWOW64\fsqretwgj.exe"
        551⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\xktullmsv.exe
        
        C:\Windows\system32\xktullmsv.exe 1932 "C:\Windows\SysWOW64\nlpwbnfav.exe"
        552⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\hjfrwkusd.exe
        
        C:\Windows\system32\hjfrwkusd.exe 1900 "C:\Windows\SysWOW64\xktullmsv.exe"
        553⤵
        
        PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\idmiwjrpl.exe

Filesize
102KB

MD5
ab236f72d954d59740bc0e8385648363

SHA1
7d029fdb435ff74c7741e4530e71fc48542e5461

SHA256
7f13e384f8471ee8a3fb31e09ecb312e273fe57cd825a27bf67a4f7360ffa35d

SHA512
f8741b8ee458575a010a76d33d92ac1051aec23d422900f5b79c2aaf38a5c630b486d59978428ac49e812ca626ea4ecdda5d3a4f3936234209d6b850e6d12ee2

Download Submit
memory/268-154-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/268-170-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/376-490-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/576-575-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/628-212-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/628-221-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/704-394-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/704-385-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/776-105-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/776-90-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/832-214-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/832-203-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/856-386-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/856-384-0x0000000002420000-0x0000000002500000-memory.dmp

Filesize
896KB

Download
memory/856-376-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/896-452-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1032-542-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1132-515-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1164-191-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1164-206-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1220-92-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1220-78-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1248-499-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1256-304-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1256-293-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1280-248-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1280-237-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1280-236-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1336-532-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1424-367-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1424-375-0x0000000002800000-0x00000000028E0000-memory.dmp

Filesize
896KB

Download
memory/1424-377-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1480-102-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1480-119-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1524-285-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1524-294-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1532-309-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1532-317-0x00000000027A0000-0x0000000002880000-memory.dmp

Filesize
896KB

Download
memory/1532-320-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1676-419-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1692-605-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1728-600-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1736-591-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1940-366-0x0000000002910000-0x00000000029F0000-memory.dmp

Filesize
896KB

Download
memory/1940-358-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1940-356-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1940-369-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1968-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1968-6-0x0000000002360000-0x0000000002440000-memory.dmp

Filesize
896KB

Download
memory/1968-17-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1968-12-0x0000000002360000-0x0000000002440000-memory.dmp

Filesize
896KB

Download
memory/1968-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1976-66-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1976-81-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1992-57-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1992-40-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1992-41-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2000-220-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2000-230-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2008-347-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2008-357-0x0000000002510000-0x00000000025F0000-memory.dmp

Filesize
896KB

Download
memory/2008-355-0x0000000002510000-0x00000000025F0000-memory.dmp

Filesize
896KB

Download
memory/2008-361-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2060-427-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2084-523-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2088-443-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2120-568-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2124-228-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2124-239-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2200-318-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2200-331-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2200-327-0x00000000027F0000-0x00000000028D0000-memory.dmp

Filesize
896KB

Download
memory/2200-326-0x00000000027F0000-0x00000000028D0000-memory.dmp

Filesize
896KB

Download
memory/2276-339-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2276-328-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2276-336-0x00000000026A0000-0x0000000002780000-memory.dmp

Filesize
896KB

Download
memory/2276-338-0x00000000026A0000-0x0000000002780000-memory.dmp

Filesize
896KB

Download
memory/2308-131-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2308-127-0x0000000002940000-0x0000000002A20000-memory.dmp

Filesize
896KB

Download
memory/2308-115-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2308-114-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2344-403-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2344-393-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2424-559-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2440-53-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2440-54-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2440-69-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2516-271-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2516-261-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2532-482-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2536-468-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2564-337-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2564-346-0x00000000026D0000-0x00000000027B0000-memory.dmp

Filesize
896KB

Download
memory/2564-348-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2568-459-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2576-507-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2592-253-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2592-262-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2632-278-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2632-269-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2644-27-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2644-45-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2644-28-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2648-277-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2648-288-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2692-312-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2692-301-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2716-141-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2716-153-0x00000000027F0000-0x00000000028D0000-memory.dmp

Filesize
896KB

Download
memory/2716-157-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2724-551-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2768-475-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2792-166-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2792-181-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2880-128-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2880-145-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2880-129-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2952-14-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2952-15-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2952-30-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3004-435-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3012-584-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3024-412-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3036-179-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/3036-195-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3036-178-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3060-245-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/3060-254-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download