597f751432b80c9667aa845ded9e6fccd02f581807444ccc1524017f6e2af94b

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
17/09/2023, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb6166471241f39347b384ed2de4bdf8_JC.exe
Size

138KB
MD5

fb6166471241f39347b384ed2de4bdf8
SHA1

c36939c99da2bf200441ec463d377a5254c7aa02
SHA256

597f751432b80c9667aa845ded9e6fccd02f581807444ccc1524017f6e2af94b
SHA512

fd635c91f684eb12a17c210c42a0345199df72577fd88a679a210d801a197085ed7b683987d2b5639f0806de79af2470a134550eff140d0f02e5f3b7b3d27019
SSDEEP

3072:7iqQy+9s13uUHngFwh7GXFmW2wS7IrHrY8pjq6:mqQy+9scogeNGVmHwMOH/Vz

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ekodjiol.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ikkpgafg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oonlfo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Klekfinp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pedlgbkh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Akepfpcl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pccahbmn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dhhfedil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bhhiemoj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dgcihgaj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ocaebc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bepmoh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jjdjoane.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mnlnbl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nfaemp32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gahjgj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Boflmdkk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dngjff32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kdmqmc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Boihcf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kqmkae32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bedgjgkg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jlikkkhn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kijchhbo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lqkgbcff.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jimldogg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bjodjb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fknicb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Iipfmggc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ibgdlg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nmcpoedn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bfdodjhm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Oebflhaf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Oaplqh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mjmoag32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ohhnbhok.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ahaceo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hkpheidp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ahjgjj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nagpeo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Momcpa32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dgbdlf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lnnbqnjn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nlhkgi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nbnlaldg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aaohcj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Legben32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nbbeml32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fkemfl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ceehho32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Caienjfd.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lghcocol.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mcjmel32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lobjni32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mfhbga32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ilibdmgp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ljfhqh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Eicedn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lihfcm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pdjgha32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fgeihcme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bjicdmmd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ilccoh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jocnlg32.exe

Executes dropped EXE 64 IoCs

pid	Process
3496	Ogpmjb32.exe
3392	Onjegled.exe
952	Ocgmpccl.exe
2544	Ojaelm32.exe
2432	Pdfjifjo.exe
2524	Pfhfan32.exe
1248	Pmannhhj.exe
840	Pfjcgn32.exe
1324	Pflplnlg.exe
1112	Pcppfaka.exe
3772	Pjjhbl32.exe
1832	Pfaigm32.exe
396	Qmkadgpo.exe
2324	Qgqeappe.exe
3352	Qmmnjfnl.exe
3704	Aqkgpedc.exe
4456	Aclpap32.exe
3004	Aqppkd32.exe
1660	Aabmqd32.exe
2600	Bfabnjjp.exe
2352	Bfdodjhm.exe
2864	Bmngqdpj.exe
4220	Bmpcfdmg.exe
3952	Bgehcmmm.exe
924	Bhhdil32.exe
2224	Bcoenmao.exe
3292	Chmndlge.exe
3612	Cdcoim32.exe
1996	Cfbkeh32.exe
2176	Cjpckf32.exe
4808	Ceehho32.exe
1336	Danecp32.exe
208	Daqbip32.exe
1316	Dmgbnq32.exe
4296	Deokon32.exe
928	Daekdooc.exe
1240	Dgbdlf32.exe
3712	Eecdjmfi.exe
3916	Emoinpcd.exe
2604	Edhakj32.exe
4304	Ealadnik.exe
2576	Edknqiho.exe
1436	Eejjjl32.exe
3628	Ekgbccni.exe
780	Eachem32.exe
3260	Fkllnbjc.exe
4716	Fafdkmap.exe
2384	Fhpmgg32.exe
4804	Fknicb32.exe
400	Fnmepn32.exe
3064	Fedmqk32.exe
2144	Fgeihcme.exe
4140	Fajnfl32.exe
220	Fhdfbfdh.exe
5000	Fkcboack.exe
4564	Fgjccb32.exe
1340	Gglpibgm.exe
1992	Gempgj32.exe
1276	Gkjhoq32.exe
3104	Gohaeo32.exe
2072	Gkobjpin.exe
868	Gahjgj32.exe
3408	Hakgmjoh.exe
4920	Hbmcbime.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Clgbmp32.exe	Coadnlnb.exe
File created	C:\Windows\SysWOW64\Iocbnhog.dll	Mokmdh32.exe
File opened for modification	C:\Windows\SysWOW64\Lbjelc32.exe	Kiaqcnpb.exe
File created	C:\Windows\SysWOW64\Jbiejoaj.exe	Jnkldqkc.exe
File created	C:\Windows\SysWOW64\Ckebcg32.exe	Cgifbhid.exe
File created	C:\Windows\SysWOW64\Egopbhnc.dll	Llnnmhfe.exe
File opened for modification	C:\Windows\SysWOW64\Pcbkml32.exe	Ppgomnai.exe
File opened for modification	C:\Windows\SysWOW64\Aaiqcnhg.exe	Afcmfe32.exe
File opened for modification	C:\Windows\SysWOW64\Dcphdqmj.exe	Dncpkjoc.exe
File opened for modification	C:\Windows\SysWOW64\Pcpikkge.exe	Phjenbhp.exe
File created	C:\Windows\SysWOW64\Qmepam32.exe	Pkgcea32.exe
File opened for modification	C:\Windows\SysWOW64\Cbeapmll.exe	Cmhigf32.exe
File created	C:\Windows\SysWOW64\Ocjoadei.exe	Onmfimga.exe
File opened for modification	C:\Windows\SysWOW64\Eqlfhjig.exe	Egcaod32.exe
File opened for modification	C:\Windows\SysWOW64\Jbileede.exe	Jeqbpb32.exe
File created	C:\Windows\SysWOW64\Gbomgcch.dll	Pqcjepfo.exe
File created	C:\Windows\SysWOW64\Pmcckk32.dll	Jcoaglhk.exe
File created	C:\Windows\SysWOW64\Dhdbhifj.exe	Dqnjgl32.exe
File opened for modification	C:\Windows\SysWOW64\Kcapicdj.exe	Kofdhd32.exe
File created	C:\Windows\SysWOW64\Pimfpc32.exe	Pqbala32.exe
File created	C:\Windows\SysWOW64\Mkohaj32.exe	Mmnhcb32.exe
File created	C:\Windows\SysWOW64\Hdbplg32.dll	Gfeaopqo.exe
File created	C:\Windows\SysWOW64\Ghdief32.dll	Ljfhqh32.exe
File created	C:\Windows\SysWOW64\Nagpeo32.exe	Nlkgmh32.exe
File opened for modification	C:\Windows\SysWOW64\Fkllnbjc.exe	Eachem32.exe
File opened for modification	C:\Windows\SysWOW64\Kijchhbo.exe	Kndojobi.exe
File created	C:\Windows\SysWOW64\Mcnggo32.dll	Gpaqbbld.exe
File created	C:\Windows\SysWOW64\Fligqhga.exe	Fmfgek32.exe
File created	C:\Windows\SysWOW64\Jpgdai32.exe	Jhplpl32.exe
File opened for modification	C:\Windows\SysWOW64\Klekfinp.exe	Kifojnol.exe
File opened for modification	C:\Windows\SysWOW64\Ofgdcipq.exe	Oblhcj32.exe
File opened for modification	C:\Windows\SysWOW64\Fedmqk32.exe	Fnmepn32.exe
File created	C:\Windows\SysWOW64\Pgdokkfg.exe	Ploknb32.exe
File created	C:\Windows\SysWOW64\Egfapa32.dll	Jejefqaf.exe
File created	C:\Windows\SysWOW64\Dbilgi32.dll	Fhflnpoi.exe
File opened for modification	C:\Windows\SysWOW64\Gglpibgm.exe	Fgjccb32.exe
File created	C:\Windows\SysWOW64\Edmpgp32.dll	Djhimica.exe
File created	C:\Windows\SysWOW64\Dfoiaj32.exe	Dcpmen32.exe
File created	C:\Windows\SysWOW64\Ghehjh32.dll	Ekcgkb32.exe
File created	C:\Windows\SysWOW64\Dajbaika.exe	Dgdncplk.exe
File created	C:\Windows\SysWOW64\Ohjckodg.dll	Dggkipii.exe
File created	C:\Windows\SysWOW64\Pdfjifjo.exe	Ojaelm32.exe
File created	C:\Windows\SysWOW64\Ealadnik.exe	Edhakj32.exe
File created	C:\Windows\SysWOW64\Bcejdp32.dll	Mfbaalbi.exe
File opened for modification	C:\Windows\SysWOW64\Bahdob32.exe	Boihcf32.exe
File opened for modification	C:\Windows\SysWOW64\Jadgnb32.exe	Jhkbdmbg.exe
File opened for modification	C:\Windows\SysWOW64\Neqopnhb.exe	Naecop32.exe
File created	C:\Windows\SysWOW64\Pccahbmn.exe	Pjkmomfn.exe
File created	C:\Windows\SysWOW64\Pnbmqiee.dll	Ccmgiaig.exe
File created	C:\Windows\SysWOW64\Mcjmel32.exe	Mkohaj32.exe
File created	C:\Windows\SysWOW64\Kfcfimfi.dll	Pjpfjl32.exe
File opened for modification	C:\Windows\SysWOW64\Bhpofl32.exe	Bphgeo32.exe
File created	C:\Windows\SysWOW64\Aafjpc32.dll	Aidehpea.exe
File created	C:\Windows\SysWOW64\Bjaqpbkh.exe	Boklbi32.exe
File created	C:\Windows\SysWOW64\Lhjlnlii.dll	Pllgnl32.exe
File created	C:\Windows\SysWOW64\Ffchaq32.dll	Anaomkdb.exe
File created	C:\Windows\SysWOW64\Kkcghg32.dll	Eahobg32.exe
File opened for modification	C:\Windows\SysWOW64\Olehhc32.exe	Oidofh32.exe
File opened for modification	C:\Windows\SysWOW64\Fipkjb32.exe	Fjmkoeqi.exe
File created	C:\Windows\SysWOW64\Gfeaopqo.exe	Flpmagqi.exe
File created	C:\Windows\SysWOW64\Dndgfpbo.exe	Dkekjdck.exe
File created	C:\Windows\SysWOW64\Aoglcqao.dll	Bcoenmao.exe
File created	C:\Windows\SysWOW64\Deokon32.exe	Dmgbnq32.exe
File created	C:\Windows\SysWOW64\Nmjfodne.exe	Ncbafoge.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7708	7808	WerFault.exe	968

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kicpplqn.dll"	Fmlneg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ggmmlamj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Eachem32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ofhjkmkl.dll"	Mkohaj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lmnbjama.dll"	Ppolhcnm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cammjakm.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Dgbdlf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Nohehq32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aqaffn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Igqkqiai.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Micfao32.dll"	Kndojobi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Mnlnbl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bhlkdj32.dll"	Paoollik.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mmlmhc32.dll"	Caojpaij.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mcgckb32.dll"	Iafkld32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pmbegqjk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ejnnldhi.dll"	Cpljehpo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Edmclccp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ckfphc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Omqmop32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pjoppf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Danecp32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Flippejg.dll"	Qcbfakec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bphgeo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cnggkf32.dll"	Egcaod32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jekpanpa.dll"	Cjpckf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Njfagf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hppeim32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ifoihl32.dll"	Pflplnlg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Miomdk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gbomgcch.dll"	Pqcjepfo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nofhmj32.dll"	Efkphnbd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cbeapmll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nokpod32.dll"	Iibccgep.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hobbfhjl.dll"	Mledmg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ldqmlddk.dll"	Miomdk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pgbbek32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Qgpogili.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cdkifmjq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ekcgkb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Johggfha.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gbgmdlaj.dll"	Hninbj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ehailbaa.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Nndjndbh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Onjegled.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mbkdbe32.dll"	Jbiejoaj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pbmmao32.dll"	Gphphj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Iocbnhog.dll"	Mokmdh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pccahbmn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Fgeihcme.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Bjodjb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Conanfli.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fcndmiqg.dll"	Mapppn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Aagdnn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Daqbip32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Deokon32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kgamnded.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Headjohq.dll"	Lijlof32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Cnjpknni.dll"	Gdobnj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Aeaanjkl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gkjdipap.dll"	Lgdidgjg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hlhefcoo.dll"	Pccahbmn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jemfhacc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hibafp32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 3496	4316	fb6166471241f39347b384ed2de4bdf8_JC.exe	85
PID 4316 wrote to memory of 3496	4316	fb6166471241f39347b384ed2de4bdf8_JC.exe	85
PID 4316 wrote to memory of 3496	4316	fb6166471241f39347b384ed2de4bdf8_JC.exe	85
PID 3496 wrote to memory of 3392	3496	Ogpmjb32.exe	86
PID 3496 wrote to memory of 3392	3496	Ogpmjb32.exe	86
PID 3496 wrote to memory of 3392	3496	Ogpmjb32.exe	86
PID 3392 wrote to memory of 952	3392	Onjegled.exe	89
PID 3392 wrote to memory of 952	3392	Onjegled.exe	89
PID 3392 wrote to memory of 952	3392	Onjegled.exe	89
PID 952 wrote to memory of 2544	952	Ocgmpccl.exe	88
PID 952 wrote to memory of 2544	952	Ocgmpccl.exe	88
PID 952 wrote to memory of 2544	952	Ocgmpccl.exe	88
PID 2544 wrote to memory of 2432	2544	Ojaelm32.exe	91
PID 2544 wrote to memory of 2432	2544	Ojaelm32.exe	91
PID 2544 wrote to memory of 2432	2544	Ojaelm32.exe	91
PID 2432 wrote to memory of 2524	2432	Pdfjifjo.exe	90
PID 2432 wrote to memory of 2524	2432	Pdfjifjo.exe	90
PID 2432 wrote to memory of 2524	2432	Pdfjifjo.exe	90
PID 2524 wrote to memory of 1248	2524	Pfhfan32.exe	92
PID 2524 wrote to memory of 1248	2524	Pfhfan32.exe	92
PID 2524 wrote to memory of 1248	2524	Pfhfan32.exe	92
PID 1248 wrote to memory of 840	1248	Pmannhhj.exe	93
PID 1248 wrote to memory of 840	1248	Pmannhhj.exe	93
PID 1248 wrote to memory of 840	1248	Pmannhhj.exe	93
PID 840 wrote to memory of 1324	840	Pfjcgn32.exe	94
PID 840 wrote to memory of 1324	840	Pfjcgn32.exe	94
PID 840 wrote to memory of 1324	840	Pfjcgn32.exe	94
PID 1324 wrote to memory of 1112	1324	Pflplnlg.exe	95
PID 1324 wrote to memory of 1112	1324	Pflplnlg.exe	95
PID 1324 wrote to memory of 1112	1324	Pflplnlg.exe	95
PID 1112 wrote to memory of 3772	1112	Pcppfaka.exe	96
PID 1112 wrote to memory of 3772	1112	Pcppfaka.exe	96
PID 1112 wrote to memory of 3772	1112	Pcppfaka.exe	96
PID 3772 wrote to memory of 1832	3772	Pjjhbl32.exe	97
PID 3772 wrote to memory of 1832	3772	Pjjhbl32.exe	97
PID 3772 wrote to memory of 1832	3772	Pjjhbl32.exe	97
PID 1832 wrote to memory of 396	1832	Pfaigm32.exe	98
PID 1832 wrote to memory of 396	1832	Pfaigm32.exe	98
PID 1832 wrote to memory of 396	1832	Pfaigm32.exe	98
PID 396 wrote to memory of 2324	396	Qmkadgpo.exe	99
PID 396 wrote to memory of 2324	396	Qmkadgpo.exe	99
PID 396 wrote to memory of 2324	396	Qmkadgpo.exe	99
PID 2324 wrote to memory of 3352	2324	Qgqeappe.exe	100
PID 2324 wrote to memory of 3352	2324	Qgqeappe.exe	100
PID 2324 wrote to memory of 3352	2324	Qgqeappe.exe	100
PID 3352 wrote to memory of 3704	3352	Qmmnjfnl.exe	101
PID 3352 wrote to memory of 3704	3352	Qmmnjfnl.exe	101
PID 3352 wrote to memory of 3704	3352	Qmmnjfnl.exe	101
PID 3704 wrote to memory of 4456	3704	Aqkgpedc.exe	102
PID 3704 wrote to memory of 4456	3704	Aqkgpedc.exe	102
PID 3704 wrote to memory of 4456	3704	Aqkgpedc.exe	102
PID 4456 wrote to memory of 3004	4456	Aclpap32.exe	103
PID 4456 wrote to memory of 3004	4456	Aclpap32.exe	103
PID 4456 wrote to memory of 3004	4456	Aclpap32.exe	103
PID 3004 wrote to memory of 1660	3004	Aqppkd32.exe	104
PID 3004 wrote to memory of 1660	3004	Aqppkd32.exe	104
PID 3004 wrote to memory of 1660	3004	Aqppkd32.exe	104
PID 1660 wrote to memory of 2600	1660	Aabmqd32.exe	105
PID 1660 wrote to memory of 2600	1660	Aabmqd32.exe	105
PID 1660 wrote to memory of 2600	1660	Aabmqd32.exe	105
PID 2600 wrote to memory of 2352	2600	Bfabnjjp.exe	106
PID 2600 wrote to memory of 2352	2600	Bfabnjjp.exe	106
PID 2600 wrote to memory of 2352	2600	Bfabnjjp.exe	106
PID 2352 wrote to memory of 2864	2352	Bfdodjhm.exe	107

C:\Users\Admin\AppData\Local\Temp\fb6166471241f39347b384ed2de4bdf8_JC.exe
"C:\Users\Admin\AppData\Local\Temp\fb6166471241f39347b384ed2de4bdf8_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\SysWOW64\Ogpmjb32.exe
  C:\Windows\system32\Ogpmjb32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Windows\SysWOW64\Onjegled.exe
    C:\Windows\system32\Onjegled.exe
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3392
  - - C:\Windows\SysWOW64\Ocgmpccl.exe
      C:\Windows\system32\Ocgmpccl.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:952

C:\Windows\SysWOW64\Ojaelm32.exe
C:\Windows\system32\Ojaelm32.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\Pdfjifjo.exe
  C:\Windows\system32\Pdfjifjo.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2432

C:\Windows\SysWOW64\Pfhfan32.exe
C:\Windows\system32\Pfhfan32.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\Pmannhhj.exe
  C:\Windows\system32\Pmannhhj.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Windows\SysWOW64\Pfjcgn32.exe
    C:\Windows\system32\Pfjcgn32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:840
  - - C:\Windows\SysWOW64\Pflplnlg.exe
      C:\Windows\system32\Pflplnlg.exe
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Windows\SysWOW64\Pcppfaka.exe
        
        C:\Windows\system32\Pcppfaka.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1112
      - C:\Windows\SysWOW64\Pjjhbl32.exe
        
        C:\Windows\system32\Pjjhbl32.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3772
        
        C:\Windows\SysWOW64\Pfaigm32.exe
        
        C:\Windows\system32\Pfaigm32.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1832
        
        C:\Windows\SysWOW64\Qmkadgpo.exe
        
        C:\Windows\system32\Qmkadgpo.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:396
        
        C:\Windows\SysWOW64\Qgqeappe.exe
        
        C:\Windows\system32\Qgqeappe.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2324
        
        C:\Windows\SysWOW64\Qmmnjfnl.exe
        
        C:\Windows\system32\Qmmnjfnl.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3352
        
        C:\Windows\SysWOW64\Aqkgpedc.exe
        
        C:\Windows\system32\Aqkgpedc.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3704
        
        C:\Windows\SysWOW64\Aclpap32.exe
        
        C:\Windows\system32\Aclpap32.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4456
        
        C:\Windows\SysWOW64\Aqppkd32.exe
        
        C:\Windows\system32\Aqppkd32.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Windows\SysWOW64\Aabmqd32.exe
        
        C:\Windows\system32\Aabmqd32.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1660
        
        C:\Windows\SysWOW64\Bfabnjjp.exe
        
        C:\Windows\system32\Bfabnjjp.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2600
        
        C:\Windows\SysWOW64\Bfdodjhm.exe
        
        C:\Windows\system32\Bfdodjhm.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        C:\Windows\SysWOW64\Bmngqdpj.exe
        
        C:\Windows\system32\Bmngqdpj.exe
        17⤵
        Executes dropped EXE
        
        PID:2864
        
        C:\Windows\SysWOW64\Bmpcfdmg.exe
        
        C:\Windows\system32\Bmpcfdmg.exe
        18⤵
        Executes dropped EXE
        
        PID:4220
        
        C:\Windows\SysWOW64\Bgehcmmm.exe
        
        C:\Windows\system32\Bgehcmmm.exe
        19⤵
        Executes dropped EXE
        
        PID:3952
        
        C:\Windows\SysWOW64\Bhhdil32.exe
        
        C:\Windows\system32\Bhhdil32.exe
        20⤵
        Executes dropped EXE
        
        PID:924
        
        C:\Windows\SysWOW64\Bcoenmao.exe
        
        C:\Windows\system32\Bcoenmao.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2224
        
        C:\Windows\SysWOW64\Chmndlge.exe
        
        C:\Windows\system32\Chmndlge.exe
        22⤵
        Executes dropped EXE
        
        PID:3292
        
        C:\Windows\SysWOW64\Cdcoim32.exe
        
        C:\Windows\system32\Cdcoim32.exe
        23⤵
        Executes dropped EXE
        
        PID:3612
        
        C:\Windows\SysWOW64\Cfbkeh32.exe
        
        C:\Windows\system32\Cfbkeh32.exe
        24⤵
        Executes dropped EXE
        
        PID:1996
        
        C:\Windows\SysWOW64\Cjpckf32.exe
        
        C:\Windows\system32\Cjpckf32.exe
        25⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2176
        
        C:\Windows\SysWOW64\Ceehho32.exe
        
        C:\Windows\system32\Ceehho32.exe
        26⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4808
        
        C:\Windows\SysWOW64\Danecp32.exe
        
        C:\Windows\system32\Danecp32.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1336
        
        C:\Windows\SysWOW64\Daqbip32.exe
        
        C:\Windows\system32\Daqbip32.exe
        28⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:208
        
        C:\Windows\SysWOW64\Dmgbnq32.exe
        
        C:\Windows\system32\Dmgbnq32.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1316
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        30⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4296
        
        C:\Windows\SysWOW64\Daekdooc.exe
        
        C:\Windows\system32\Daekdooc.exe
        31⤵
        Executes dropped EXE
        
        PID:928
        
        C:\Windows\SysWOW64\Dgbdlf32.exe
        
        C:\Windows\system32\Dgbdlf32.exe
        32⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        
        PID:1240
        
        C:\Windows\SysWOW64\Eecdjmfi.exe
        
        C:\Windows\system32\Eecdjmfi.exe
        33⤵
        Executes dropped EXE
        
        PID:3712
        
        C:\Windows\SysWOW64\Emoinpcd.exe
        
        C:\Windows\system32\Emoinpcd.exe
        34⤵
        Executes dropped EXE
        
        PID:3916
        
        C:\Windows\SysWOW64\Edhakj32.exe
        
        C:\Windows\system32\Edhakj32.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2604
        
        C:\Windows\SysWOW64\Ealadnik.exe
        
        C:\Windows\system32\Ealadnik.exe
        36⤵
        Executes dropped EXE
        
        PID:4304
        
        C:\Windows\SysWOW64\Edknqiho.exe
        
        C:\Windows\system32\Edknqiho.exe
        37⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Windows\SysWOW64\Eejjjl32.exe
        
        C:\Windows\system32\Eejjjl32.exe
        38⤵
        Executes dropped EXE
        
        PID:1436
        
        C:\Windows\SysWOW64\Ekgbccni.exe
        
        C:\Windows\system32\Ekgbccni.exe
        39⤵
        Executes dropped EXE
        
        PID:3628
        
        C:\Windows\SysWOW64\Eachem32.exe
        
        C:\Windows\system32\Eachem32.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:780
        
        C:\Windows\SysWOW64\Fkllnbjc.exe
        
        C:\Windows\system32\Fkllnbjc.exe
        41⤵
        Executes dropped EXE
        
        PID:3260
        
        C:\Windows\SysWOW64\Fafdkmap.exe
        
        C:\Windows\system32\Fafdkmap.exe
        42⤵
        Executes dropped EXE
        
        PID:4716
        
        C:\Windows\SysWOW64\Fhpmgg32.exe
        
        C:\Windows\system32\Fhpmgg32.exe
        43⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Windows\SysWOW64\Fknicb32.exe
        
        C:\Windows\system32\Fknicb32.exe
        44⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4804

C:\Windows\SysWOW64\Fnmepn32.exe
C:\Windows\system32\Fnmepn32.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:400
- C:\Windows\SysWOW64\Fedmqk32.exe
  C:\Windows\system32\Fedmqk32.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- - C:\Windows\SysWOW64\Fgeihcme.exe
    C:\Windows\system32\Fgeihcme.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Modifies registry class
    PID:2144
  - - C:\Windows\SysWOW64\Fajnfl32.exe
      C:\Windows\system32\Fajnfl32.exe
      4⤵
      Executes dropped EXE
      PID:4140
    - - C:\Windows\SysWOW64\Fhdfbfdh.exe
        
        C:\Windows\system32\Fhdfbfdh.exe
        5⤵
        Executes dropped EXE
        
        PID:220
      - C:\Windows\SysWOW64\Fkcboack.exe
        
        C:\Windows\system32\Fkcboack.exe
        6⤵
        Executes dropped EXE
        
        PID:5000
        
        C:\Windows\SysWOW64\Fgjccb32.exe
        
        C:\Windows\system32\Fgjccb32.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4564
        
        C:\Windows\SysWOW64\Gglpibgm.exe
        
        C:\Windows\system32\Gglpibgm.exe
        8⤵
        Executes dropped EXE
        
        PID:1340
        
        C:\Windows\SysWOW64\Gempgj32.exe
        
        C:\Windows\system32\Gempgj32.exe
        9⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Windows\SysWOW64\Gkjhoq32.exe
        
        C:\Windows\system32\Gkjhoq32.exe
        10⤵
        Executes dropped EXE
        
        PID:1276
        
        C:\Windows\SysWOW64\Gohaeo32.exe
        
        C:\Windows\system32\Gohaeo32.exe
        11⤵
        Executes dropped EXE
        
        PID:3104
        
        C:\Windows\SysWOW64\Gkobjpin.exe
        
        C:\Windows\system32\Gkobjpin.exe
        12⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Windows\SysWOW64\Gahjgj32.exe
        
        C:\Windows\system32\Gahjgj32.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:868
        
        C:\Windows\SysWOW64\Hakgmjoh.exe
        
        C:\Windows\system32\Hakgmjoh.exe
        14⤵
        Executes dropped EXE
        
        PID:3408
        
        C:\Windows\SysWOW64\Hbmcbime.exe
        
        C:\Windows\system32\Hbmcbime.exe
        15⤵
        Executes dropped EXE
        
        PID:4920
        
        C:\Windows\SysWOW64\Hkehkocf.exe
        
        C:\Windows\system32\Hkehkocf.exe
        16⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Hfklhhcl.exe
        
        C:\Windows\system32\Hfklhhcl.exe
        17⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\Hocqam32.exe
        
        C:\Windows\system32\Hocqam32.exe
        18⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\Hninbj32.exe
        
        C:\Windows\system32\Hninbj32.exe
        19⤵
        Modifies registry class
        
        PID:1528
        
        C:\Windows\SysWOW64\Iokgal32.exe
        
        C:\Windows\system32\Iokgal32.exe
        20⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\Igjeanmj.exe
        
        C:\Windows\system32\Igjeanmj.exe
        21⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\Ienekbld.exe
        
        C:\Windows\system32\Ienekbld.exe
        22⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\Jkhngl32.exe
        
        C:\Windows\system32\Jkhngl32.exe
        23⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Jeqbpb32.exe
        
        C:\Windows\system32\Jeqbpb32.exe
        24⤵
        Drops file in System32 directory
        
        PID:1268
        
        C:\Windows\SysWOW64\Jbileede.exe
        
        C:\Windows\system32\Jbileede.exe
        25⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\Jnpmjf32.exe
        
        C:\Windows\system32\Jnpmjf32.exe
        26⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Jejefqaf.exe
        
        C:\Windows\system32\Jejefqaf.exe
        27⤵
        Drops file in System32 directory
        
        PID:2096
        
        C:\Windows\SysWOW64\Kbnepe32.exe
        
        C:\Windows\system32\Kbnepe32.exe
        28⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\Klfjijgq.exe
        
        C:\Windows\system32\Klfjijgq.exe
        29⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\Keonap32.exe
        
        C:\Windows\system32\Keonap32.exe
        30⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\Kpdboimg.exe
        
        C:\Windows\system32\Kpdboimg.exe
        31⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\Keakgpko.exe
        
        C:\Windows\system32\Keakgpko.exe
        32⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Kbekqdjh.exe
        
        C:\Windows\system32\Kbekqdjh.exe
        33⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\Khbdikip.exe
        
        C:\Windows\system32\Khbdikip.exe
        34⤵
        
        PID:392
        
        C:\Windows\SysWOW64\Kiaqcnpb.exe
        
        C:\Windows\system32\Kiaqcnpb.exe
        35⤵
        Drops file in System32 directory
        
        PID:4388
        
        C:\Windows\SysWOW64\Lbjelc32.exe
        
        C:\Windows\system32\Lbjelc32.exe
        36⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\Lpneegel.exe
        
        C:\Windows\system32\Lpneegel.exe
        37⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\Lblaabdp.exe
        
        C:\Windows\system32\Lblaabdp.exe
        38⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\Lppbkgcj.exe
        
        C:\Windows\system32\Lppbkgcj.exe
        39⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\Lihfcm32.exe
        
        C:\Windows\system32\Lihfcm32.exe
        40⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2140
        
        C:\Windows\SysWOW64\Loeolc32.exe
        
        C:\Windows\system32\Loeolc32.exe
        41⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Loglacfo.exe
        
        C:\Windows\system32\Loglacfo.exe
        42⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\Miomdk32.exe
        
        C:\Windows\system32\Miomdk32.exe
        43⤵
        Modifies registry class
        
        PID:3656
        
        C:\Windows\SysWOW64\Mlnipg32.exe
        
        C:\Windows\system32\Mlnipg32.exe
        44⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\Mbhamajc.exe
        
        C:\Windows\system32\Mbhamajc.exe
        45⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\Mhdjehhj.exe
        
        C:\Windows\system32\Mhdjehhj.exe
        46⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\Moaogand.exe
        
        C:\Windows\system32\Moaogand.exe
        47⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\Mleoafmn.exe
        
        C:\Windows\system32\Mleoafmn.exe
        48⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\Mfjcnold.exe
        
        C:\Windows\system32\Mfjcnold.exe
        49⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\Npchgdcd.exe
        
        C:\Windows\system32\Npchgdcd.exe
        50⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\Nohehq32.exe
        
        C:\Windows\system32\Nohehq32.exe
        51⤵
        Modifies registry class
        
        PID:3224
        
        C:\Windows\SysWOW64\Ngomin32.exe
        
        C:\Windows\system32\Ngomin32.exe
        52⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\Nojanpej.exe
        
        C:\Windows\system32\Nojanpej.exe
        53⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\Nipekiep.exe
        
        C:\Windows\system32\Nipekiep.exe
        54⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\Npjnhc32.exe
        
        C:\Windows\system32\Npjnhc32.exe
        55⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\Nheble32.exe
        
        C:\Windows\system32\Nheble32.exe
        56⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\Oeicejia.exe
        
        C:\Windows\system32\Oeicejia.exe
        57⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\Oidofh32.exe
        
        C:\Windows\system32\Oidofh32.exe
        58⤵
        Drops file in System32 directory
        
        PID:5220
        
        C:\Windows\SysWOW64\Olehhc32.exe
        
        C:\Windows\system32\Olehhc32.exe
        59⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\Ocopdn32.exe
        
        C:\Windows\system32\Ocopdn32.exe
        60⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\Ogklelna.exe
        
        C:\Windows\system32\Ogklelna.exe
        61⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\Oiihahme.exe
        
        C:\Windows\system32\Oiihahme.exe
        62⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\Oileggkb.exe
        
        C:\Windows\system32\Oileggkb.exe
        63⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\Ocdjpmac.exe
        
        C:\Windows\system32\Ocdjpmac.exe
        64⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\Oebflhaf.exe
        
        C:\Windows\system32\Oebflhaf.exe
        65⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5528
        
        C:\Windows\SysWOW64\Ollnhb32.exe
        
        C:\Windows\system32\Ollnhb32.exe
        66⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\Pgbbek32.exe
        
        C:\Windows\system32\Pgbbek32.exe
        67⤵
        Modifies registry class
        
        PID:5616
        
        C:\Windows\SysWOW64\Pedbahod.exe
        
        C:\Windows\system32\Pedbahod.exe
        68⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\Ploknb32.exe
        
        C:\Windows\system32\Ploknb32.exe
        69⤵
        Drops file in System32 directory
        
        PID:5704
        
        C:\Windows\SysWOW64\Pgdokkfg.exe
        
        C:\Windows\system32\Pgdokkfg.exe
        70⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\Pfillg32.exe
        
        C:\Windows\system32\Pfillg32.exe
        71⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\Poaqemao.exe
        
        C:\Windows\system32\Poaqemao.exe
        72⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Pflibgil.exe
        
        C:\Windows\system32\Pflibgil.exe
        73⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\Phjenbhp.exe
        
        C:\Windows\system32\Phjenbhp.exe
        74⤵
        Drops file in System32 directory
        
        PID:5924
        
        C:\Windows\SysWOW64\Pcpikkge.exe
        
        C:\Windows\system32\Pcpikkge.exe
        75⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\Pfnegggi.exe
        
        C:\Windows\system32\Pfnegggi.exe
        76⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\Phlacbfm.exe
        
        C:\Windows\system32\Phlacbfm.exe
        77⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\Pqcjepfo.exe
        
        C:\Windows\system32\Pqcjepfo.exe
        78⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6096
        
        C:\Windows\SysWOW64\Qcbfakec.exe
        
        C:\Windows\system32\Qcbfakec.exe
        79⤵
        Modifies registry class
        
        PID:6140
        
        C:\Windows\SysWOW64\Qqffjo32.exe
        
        C:\Windows\system32\Qqffjo32.exe
        80⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\Qgpogili.exe
        
        C:\Windows\system32\Qgpogili.exe
        81⤵
        Modifies registry class
        
        PID:5236
        
        C:\Windows\SysWOW64\Qqhcpo32.exe
        
        C:\Windows\system32\Qqhcpo32.exe
        82⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\Aihaoqlp.exe
        
        C:\Windows\system32\Aihaoqlp.exe
        83⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\Aqaffn32.exe
        
        C:\Windows\system32\Aqaffn32.exe
        84⤵
        Modifies registry class
        
        PID:5428
        
        C:\Windows\SysWOW64\Afnnnd32.exe
        
        C:\Windows\system32\Afnnnd32.exe
        85⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\Bogcgj32.exe
        
        C:\Windows\system32\Bogcgj32.exe
        86⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\Bfqkddfd.exe
        
        C:\Windows\system32\Bfqkddfd.exe
        87⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\Boipmj32.exe
        
        C:\Windows\system32\Boipmj32.exe
        88⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\Bjodjb32.exe
        
        C:\Windows\system32\Bjodjb32.exe
        89⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:4080
        
        C:\Windows\SysWOW64\Boklbi32.exe
        
        C:\Windows\system32\Boklbi32.exe
        90⤵
        Drops file in System32 directory
        
        PID:5828
        
        C:\Windows\SysWOW64\Bjaqpbkh.exe
        
        C:\Windows\system32\Bjaqpbkh.exe
        91⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\Bqkill32.exe
        
        C:\Windows\system32\Bqkill32.exe
        92⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\Bmbiamhi.exe
        
        C:\Windows\system32\Bmbiamhi.exe
        93⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\Bggnof32.exe
        
        C:\Windows\system32\Bggnof32.exe
        94⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\Bjfjka32.exe
        
        C:\Windows\system32\Bjfjka32.exe
        95⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\Ccnncgmc.exe
        
        C:\Windows\system32\Ccnncgmc.exe
        96⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\Cjhfpa32.exe
        
        C:\Windows\system32\Cjhfpa32.exe
        97⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Cmipblaq.exe
        
        C:\Windows\system32\Cmipblaq.exe
        98⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\Ccchof32.exe
        
        C:\Windows\system32\Ccchof32.exe
        99⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Cjmpkqqj.exe
        
        C:\Windows\system32\Cjmpkqqj.exe
        100⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\Cgqqdeod.exe
        
        C:\Windows\system32\Cgqqdeod.exe
        101⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Caienjfd.exe
        
        C:\Windows\system32\Caienjfd.exe
        102⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5852
        
        C:\Windows\SysWOW64\Cgcmjd32.exe
        
        C:\Windows\system32\Cgcmjd32.exe
        103⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\Cjaifp32.exe
        
        C:\Windows\system32\Cjaifp32.exe
        104⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\Dmbbhkjf.exe
        
        C:\Windows\system32\Dmbbhkjf.exe
        105⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\Dhhfedil.exe
        
        C:\Windows\system32\Dhhfedil.exe
        106⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5392
        
        C:\Windows\SysWOW64\Dcogje32.exe
        
        C:\Windows\system32\Dcogje32.exe
        107⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\Dikpbl32.exe
        
        C:\Windows\system32\Dikpbl32.exe
        108⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\Ddadpdmn.exe
        
        C:\Windows\system32\Ddadpdmn.exe
        109⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\Daediilg.exe
        
        C:\Windows\system32\Daediilg.exe
        110⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\Dhomfc32.exe
        
        C:\Windows\system32\Dhomfc32.exe
        111⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\Eagaoh32.exe
        
        C:\Windows\system32\Eagaoh32.exe
        112⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\Ehailbaa.exe
        
        C:\Windows\system32\Ehailbaa.exe
        113⤵
        Modifies registry class
        
        PID:5664
        
        C:\Windows\SysWOW64\Eplnpeol.exe
        
        C:\Windows\system32\Eplnpeol.exe
        114⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\Efffmo32.exe
        
        C:\Windows\system32\Efffmo32.exe
        115⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\Edmclccp.exe
        
        C:\Windows\system32\Edmclccp.exe
        116⤵
        Modifies registry class
        
        PID:5604
        
        C:\Windows\SysWOW64\Efkphnbd.exe
        
        C:\Windows\system32\Efkphnbd.exe
        117⤵
        Modifies registry class
        
        PID:5948
        
        C:\Windows\SysWOW64\Ehjlaaig.exe
        
        C:\Windows\system32\Ehjlaaig.exe
        118⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\Fmgejhgn.exe
        
        C:\Windows\system32\Fmgejhgn.exe
        119⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\Fdamgb32.exe
        
        C:\Windows\system32\Fdamgb32.exe
        120⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\Fdcjlb32.exe
        
        C:\Windows\system32\Fdcjlb32.exe
        121⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\Fmlneg32.exe
        
        C:\Windows\system32\Fmlneg32.exe
        122⤵
        Modifies registry class
        
        PID:6252
        
        C:\Windows\SysWOW64\Fgdbnmji.exe
        
        C:\Windows\system32\Fgdbnmji.exe
        123⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\Fhdohp32.exe
        
        C:\Windows\system32\Fhdohp32.exe
        124⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\Fmqgpgoc.exe
        
        C:\Windows\system32\Fmqgpgoc.exe
        125⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\Fhflnpoi.exe
        
        C:\Windows\system32\Fhflnpoi.exe
        126⤵
        Drops file in System32 directory
        
        PID:6424
        
        C:\Windows\SysWOW64\Gpaqbbld.exe
        
        C:\Windows\system32\Gpaqbbld.exe
        127⤵
        Drops file in System32 directory
        
        PID:6472
        
        C:\Windows\SysWOW64\Ghhhcomg.exe
        
        C:\Windows\system32\Ghhhcomg.exe
        128⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Gmeakf32.exe
        
        C:\Windows\system32\Gmeakf32.exe
        129⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\Gpfjma32.exe
        
        C:\Windows\system32\Gpfjma32.exe
        130⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\Ggpbjkpl.exe
        
        C:\Windows\system32\Ggpbjkpl.exe
        131⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\Gddbcp32.exe
        
        C:\Windows\system32\Gddbcp32.exe
        132⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\Gnlgleef.exe
        
        C:\Windows\system32\Gnlgleef.exe
        133⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\Hkpheidp.exe
        
        C:\Windows\system32\Hkpheidp.exe
        134⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6776
        
        C:\Windows\SysWOW64\Hajpbckl.exe
        
        C:\Windows\system32\Hajpbckl.exe
        135⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\Hgghjjid.exe
        
        C:\Windows\system32\Hgghjjid.exe
        136⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\Hhfedm32.exe
        
        C:\Windows\system32\Hhfedm32.exe
        137⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\Hpbiip32.exe
        
        C:\Windows\system32\Hpbiip32.exe
        138⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\Hjjnae32.exe
        
        C:\Windows\system32\Hjjnae32.exe
        139⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Hdpbon32.exe
        
        C:\Windows\system32\Hdpbon32.exe
        140⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\Hkjjlhle.exe
        
        C:\Windows\system32\Hkjjlhle.exe
        141⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\Igqkqiai.exe
        
        C:\Windows\system32\Igqkqiai.exe
        142⤵
        Modifies registry class
        
        PID:7120
        
        C:\Windows\SysWOW64\Injcmc32.exe
        
        C:\Windows\system32\Injcmc32.exe
        143⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\Igchfiof.exe
        
        C:\Windows\system32\Igchfiof.exe
        144⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\Inmpcc32.exe
        
        C:\Windows\system32\Inmpcc32.exe
        145⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\Ijcahd32.exe
        
        C:\Windows\system32\Ijcahd32.exe
        146⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\Ihdafkdg.exe
        
        C:\Windows\system32\Ihdafkdg.exe
        147⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\Inainbcn.exe
        
        C:\Windows\system32\Inainbcn.exe
        148⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\Iqpfjnba.exe
        
        C:\Windows\system32\Iqpfjnba.exe
        149⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Ibobdqid.exe
        
        C:\Windows\system32\Ibobdqid.exe
        150⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\Jbaojpgb.exe
        
        C:\Windows\system32\Jbaojpgb.exe
        151⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\Jhlgfj32.exe
        
        C:\Windows\system32\Jhlgfj32.exe
        152⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\Jdbhkk32.exe
        
        C:\Windows\system32\Jdbhkk32.exe
        153⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\Jklphekp.exe
        
        C:\Windows\system32\Jklphekp.exe
        154⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\Jnkldqkc.exe
        
        C:\Windows\system32\Jnkldqkc.exe
        155⤵
        Drops file in System32 directory
        
        PID:6892
        
        C:\Windows\SysWOW64\Jbiejoaj.exe
        
        C:\Windows\system32\Jbiejoaj.exe
        156⤵
        Modifies registry class
        
        PID:6944
        
        C:\Windows\SysWOW64\Jgenbfoa.exe
        
        C:\Windows\system32\Jgenbfoa.exe
        157⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\Jjdjoane.exe
        
        C:\Windows\system32\Jjdjoane.exe
        158⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7076
        
        C:\Windows\SysWOW64\Jbkbpoog.exe
        
        C:\Windows\system32\Jbkbpoog.exe
        159⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\Kiejmi32.exe
        
        C:\Windows\system32\Kiejmi32.exe
        160⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\Knbbep32.exe
        
        C:\Windows\system32\Knbbep32.exe
        161⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\Kndojobi.exe
        
        C:\Windows\system32\Kndojobi.exe
        162⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6444
        
        C:\Windows\SysWOW64\Kijchhbo.exe
        
        C:\Windows\system32\Kijchhbo.exe
        163⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6544
        
        C:\Windows\SysWOW64\Kkhpdcab.exe
        
        C:\Windows\system32\Kkhpdcab.exe
        164⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\Kaehljpj.exe
        
        C:\Windows\system32\Kaehljpj.exe
        165⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Kniieo32.exe
        
        C:\Windows\system32\Kniieo32.exe
        166⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\Kageaj32.exe
        
        C:\Windows\system32\Kageaj32.exe
        167⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\Kinmcg32.exe
        
        C:\Windows\system32\Kinmcg32.exe
        168⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\Kgamnded.exe
        
        C:\Windows\system32\Kgamnded.exe
        169⤵
        Modifies registry class
        
        PID:6148
        
        C:\Windows\SysWOW64\Lajagj32.exe
        
        C:\Windows\system32\Lajagj32.exe
        170⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\Ljbfpo32.exe
        
        C:\Windows\system32\Ljbfpo32.exe
        171⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\Lnnbqnjn.exe
        
        C:\Windows\system32\Lnnbqnjn.exe
        172⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6812
        
        C:\Windows\SysWOW64\Licfngjd.exe
        
        C:\Windows\system32\Licfngjd.exe
        173⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\Lkabjbih.exe
        
        C:\Windows\system32\Lkabjbih.exe
        174⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\Lghcocol.exe
        
        C:\Windows\system32\Lghcocol.exe
        175⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7144
        
        C:\Windows\SysWOW64\Ljgpkonp.exe
        
        C:\Windows\system32\Ljgpkonp.exe
        176⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\Lijlof32.exe
        
        C:\Windows\system32\Lijlof32.exe
        177⤵
        Modifies registry class
        
        PID:6660
        
        C:\Windows\SysWOW64\Mhafeb32.exe
        
        C:\Windows\system32\Mhafeb32.exe
        178⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\Mnlnbl32.exe
        
        C:\Windows\system32\Mnlnbl32.exe
        179⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6192
        
        C:\Windows\SysWOW64\Majjng32.exe
        
        C:\Windows\system32\Majjng32.exe
        180⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\Miaboe32.exe
        
        C:\Windows\system32\Miaboe32.exe
        181⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\Mjbogmdb.exe
        
        C:\Windows\system32\Mjbogmdb.exe
        182⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\Mhfppabl.exe
        
        C:\Windows\system32\Mhfppabl.exe
        183⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\Mjellmbp.exe
        
        C:\Windows\system32\Mjellmbp.exe
        184⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\Mejpje32.exe
        
        C:\Windows\system32\Mejpje32.exe
        185⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\Njghbl32.exe
        
        C:\Windows\system32\Njghbl32.exe
        186⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Nhmeapmd.exe
        
        C:\Windows\system32\Nhmeapmd.exe
        187⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\Nafjjf32.exe
        
        C:\Windows\system32\Nafjjf32.exe
        188⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\Nojjcj32.exe
        
        C:\Windows\system32\Nojjcj32.exe
        189⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\Nahgoe32.exe
        
        C:\Windows\system32\Nahgoe32.exe
        190⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\Niooqcad.exe
        
        C:\Windows\system32\Niooqcad.exe
        191⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Nkqkhk32.exe
        
        C:\Windows\system32\Nkqkhk32.exe
        192⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\Niakfbpa.exe
        
        C:\Windows\system32\Niakfbpa.exe
        193⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\Objpoh32.exe
        
        C:\Windows\system32\Objpoh32.exe
        194⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\Oehlkc32.exe
        
        C:\Windows\system32\Oehlkc32.exe
        195⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\Olbdhn32.exe
        
        C:\Windows\system32\Olbdhn32.exe
        196⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\Oifeab32.exe
        
        C:\Windows\system32\Oifeab32.exe
        197⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\Okjnnj32.exe
        
        C:\Windows\system32\Okjnnj32.exe
        198⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\Oeoblb32.exe
        
        C:\Windows\system32\Oeoblb32.exe
        199⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\Oohgdhfn.exe
        
        C:\Windows\system32\Oohgdhfn.exe
        200⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\Pllgnl32.exe
        
        C:\Windows\system32\Pllgnl32.exe
        201⤵
        Drops file in System32 directory
        
        PID:7916
        
        C:\Windows\SysWOW64\Pedlgbkh.exe
        
        C:\Windows\system32\Pedlgbkh.exe
        202⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7960
        
        C:\Windows\SysWOW64\Peieba32.exe
        
        C:\Windows\system32\Peieba32.exe
        203⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\Poajkgnc.exe
        
        C:\Windows\system32\Poajkgnc.exe
        204⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\Pkhjph32.exe
        
        C:\Windows\system32\Pkhjph32.exe
        205⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\Pemomqcn.exe
        
        C:\Windows\system32\Pemomqcn.exe
        206⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\Qhlkilba.exe
        
        C:\Windows\system32\Qhlkilba.exe
        207⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\Qlggjk32.exe
        
        C:\Windows\system32\Qlggjk32.exe
        208⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\Qikgco32.exe
        
        C:\Windows\system32\Qikgco32.exe
        209⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\Qkmdkgob.exe
        
        C:\Windows\system32\Qkmdkgob.exe
        210⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\Allpejfe.exe
        
        C:\Windows\system32\Allpejfe.exe
        211⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\Acfhad32.exe
        
        C:\Windows\system32\Acfhad32.exe
        212⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\Aaiimadl.exe
        
        C:\Windows\system32\Aaiimadl.exe
        213⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\Ajpqnneo.exe
        
        C:\Windows\system32\Ajpqnneo.exe
        214⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\Akamff32.exe
        
        C:\Windows\system32\Akamff32.exe
        215⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\Ahgjejhd.exe
        
        C:\Windows\system32\Ahgjejhd.exe
        216⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\Ahjgjj32.exe
        
        C:\Windows\system32\Ahjgjj32.exe
        217⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7772
        
        C:\Windows\SysWOW64\Bjicdmmd.exe
        
        C:\Windows\system32\Bjicdmmd.exe
        218⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7860
        
        C:\Windows\SysWOW64\Blhpqhlh.exe
        
        C:\Windows\system32\Blhpqhlh.exe
        219⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\Boflmdkk.exe
        
        C:\Windows\system32\Boflmdkk.exe
        220⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8008
        
        C:\Windows\SysWOW64\Bcahmb32.exe
        
        C:\Windows\system32\Bcahmb32.exe
        221⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\Bfpdin32.exe
        
        C:\Windows\system32\Bfpdin32.exe
        222⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Bhoqeibl.exe
        
        C:\Windows\system32\Bhoqeibl.exe
        223⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\Bkmmaeap.exe
        
        C:\Windows\system32\Bkmmaeap.exe
        224⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\Bmlilh32.exe
        
        C:\Windows\system32\Bmlilh32.exe
        225⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\Bokehc32.exe
        
        C:\Windows\system32\Bokehc32.exe
        226⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\Bhcjqinf.exe
        
        C:\Windows\system32\Bhcjqinf.exe
        227⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\Ckfphc32.exe
        
        C:\Windows\system32\Ckfphc32.exe
        228⤵
        Modifies registry class
        
        PID:7684
        
        C:\Windows\SysWOW64\Ccmgiaig.exe
        
        C:\Windows\system32\Ccmgiaig.exe
        229⤵
        Drops file in System32 directory
        
        PID:7796
        
        C:\Windows\SysWOW64\Cfldelik.exe
        
        C:\Windows\system32\Cfldelik.exe
        230⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\Cjgpfk32.exe
        
        C:\Windows\system32\Cjgpfk32.exe
        231⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\Codhnb32.exe
        
        C:\Windows\system32\Codhnb32.exe
        232⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\Cjjlkk32.exe
        
        C:\Windows\system32\Cjjlkk32.exe
        233⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\Cmhigf32.exe
        
        C:\Windows\system32\Cmhigf32.exe
        234⤵
        Drops file in System32 directory
        
        PID:7384
        
        C:\Windows\SysWOW64\Cbeapmll.exe
        
        C:\Windows\system32\Cbeapmll.exe
        235⤵
        Modifies registry class
        
        PID:7564
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        236⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\Cjnffjkl.exe
        
        C:\Windows\system32\Cjnffjkl.exe
        237⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\Ccgjopal.exe
        
        C:\Windows\system32\Ccgjopal.exe
        238⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Dkbocbog.exe
        
        C:\Windows\system32\Dkbocbog.exe
        239⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\Dmdhcddh.exe
        
        C:\Windows\system32\Dmdhcddh.exe
        240⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\Djhimica.exe
        
        C:\Windows\system32\Djhimica.exe
        241⤵
        Drops file in System32 directory
        
        PID:7880
        
        C:\Windows\SysWOW64\Dcpmen32.exe
        
        C:\Windows\system32\Dcpmen32.exe
        242⤵
        Drops file in System32 directory
        
        PID:8060
        
        C:\Windows\SysWOW64\Dfoiaj32.exe
        
        C:\Windows\system32\Dfoiaj32.exe
        243⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\Dimenegi.exe
        
        C:\Windows\system32\Dimenegi.exe
        244⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\Dpgnjo32.exe
        
        C:\Windows\system32\Dpgnjo32.exe
        245⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\Ebejfk32.exe
        
        C:\Windows\system32\Ebejfk32.exe
        246⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\Elpkep32.exe
        
        C:\Windows\system32\Elpkep32.exe
        247⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\Ebjcajjd.exe
        
        C:\Windows\system32\Ebjcajjd.exe
        248⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\Eciplm32.exe
        
        C:\Windows\system32\Eciplm32.exe
        249⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\Eleepoob.exe
        
        C:\Windows\system32\Eleepoob.exe
        250⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\Eclmamod.exe
        
        C:\Windows\system32\Eclmamod.exe
        251⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\Emdajb32.exe
        
        C:\Windows\system32\Emdajb32.exe
        252⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\Ffmfchle.exe
        
        C:\Windows\system32\Ffmfchle.exe
        253⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\Flinkojm.exe
        
        C:\Windows\system32\Flinkojm.exe
        254⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\Fbcfhibj.exe
        
        C:\Windows\system32\Fbcfhibj.exe
        255⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\Fbfcmhpg.exe
        
        C:\Windows\system32\Fbfcmhpg.exe
        256⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\Fjmkoeqi.exe
        
        C:\Windows\system32\Fjmkoeqi.exe
        257⤵
        Drops file in System32 directory
        
        PID:8568
        
        C:\Windows\SysWOW64\Fipkjb32.exe
        
        C:\Windows\system32\Fipkjb32.exe
        258⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\Flngfn32.exe
        
        C:\Windows\system32\Flngfn32.exe
        259⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\Fpjcgm32.exe
        
        C:\Windows\system32\Fpjcgm32.exe
        260⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\Gpnmbl32.exe
        
        C:\Windows\system32\Gpnmbl32.exe
        261⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\Giinpa32.exe
        
        C:\Windows\system32\Giinpa32.exe
        262⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\Gdobnj32.exe
        
        C:\Windows\system32\Gdobnj32.exe
        263⤵
        Modifies registry class
        
        PID:8828
        
        C:\Windows\SysWOW64\Gljgbllj.exe
        
        C:\Windows\system32\Gljgbllj.exe
        264⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\Gbdoof32.exe
        
        C:\Windows\system32\Gbdoof32.exe
        265⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\Gphphj32.exe
        
        C:\Windows\system32\Gphphj32.exe
        266⤵
        Modifies registry class
        
        PID:8948
        
        C:\Windows\SysWOW64\Ggahedjn.exe
        
        C:\Windows\system32\Ggahedjn.exe
        267⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\Hloqml32.exe
        
        C:\Windows\system32\Hloqml32.exe
        268⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\Hdehni32.exe
        
        C:\Windows\system32\Hdehni32.exe
        269⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\Hibafp32.exe
        
        C:\Windows\system32\Hibafp32.exe
        270⤵
        Modifies registry class
        
        PID:9124
        
        C:\Windows\SysWOW64\Hplicjok.exe
        
        C:\Windows\system32\Hplicjok.exe
        271⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\Hckeoeno.exe
        
        C:\Windows\system32\Hckeoeno.exe
        272⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        273⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\Hcmbee32.exe
        
        C:\Windows\system32\Hcmbee32.exe
        274⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\Hkfglb32.exe
        
        C:\Windows\system32\Hkfglb32.exe
        275⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\Iljpij32.exe
        
        C:\Windows\system32\Iljpij32.exe
        276⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\Igpdfb32.exe
        
        C:\Windows\system32\Igpdfb32.exe
        277⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\Ikkpgafg.exe
        
        C:\Windows\system32\Ikkpgafg.exe
        278⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8616
        
        C:\Windows\SysWOW64\Injmcmej.exe
        
        C:\Windows\system32\Injmcmej.exe
        279⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\Idfaefkd.exe
        
        C:\Windows\system32\Idfaefkd.exe
        280⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\Iggjga32.exe
        
        C:\Windows\system32\Iggjga32.exe
        281⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\Ilccoh32.exe
        
        C:\Windows\system32\Ilccoh32.exe
        282⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8876
        
        C:\Windows\SysWOW64\Jlfpdh32.exe
        
        C:\Windows\system32\Jlfpdh32.exe
        283⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\Jkgpbp32.exe
        
        C:\Windows\system32\Jkgpbp32.exe
        284⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\Jlhljhbg.exe
        
        C:\Windows\system32\Jlhljhbg.exe
        285⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\Jjlmclqa.exe
        
        C:\Windows\system32\Jjlmclqa.exe
        286⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\Jgpmmp32.exe
        
        C:\Windows\system32\Jgpmmp32.exe
        287⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\Jnjejjgh.exe
        
        C:\Windows\system32\Jnjejjgh.exe
        288⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\Jnlbojee.exe
        
        C:\Windows\system32\Jnlbojee.exe
        289⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\Jgeghp32.exe
        
        C:\Windows\system32\Jgeghp32.exe
        290⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\Kjccdkki.exe
        
        C:\Windows\system32\Kjccdkki.exe
        291⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\Kqmkae32.exe
        
        C:\Windows\system32\Kqmkae32.exe
        292⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8732
        
        C:\Windows\SysWOW64\Kdkdgchl.exe
        
        C:\Windows\system32\Kdkdgchl.exe
        293⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\Kdmqmc32.exe
        
        C:\Windows\system32\Kdmqmc32.exe
        294⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8928
        
        C:\Windows\SysWOW64\Kjjiej32.exe
        
        C:\Windows\system32\Kjjiej32.exe
        295⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\Kgninn32.exe
        
        C:\Windows\system32\Kgninn32.exe
        296⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\Kqfngd32.exe
        
        C:\Windows\system32\Kqfngd32.exe
        297⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\Lnjnqh32.exe
        
        C:\Windows\system32\Lnjnqh32.exe
        298⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\Lgccinoe.exe
        
        C:\Windows\system32\Lgccinoe.exe
        299⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\Lqkgbcff.exe
        
        C:\Windows\system32\Lqkgbcff.exe
        300⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8728
        
        C:\Windows\SysWOW64\Lkalplel.exe
        
        C:\Windows\system32\Lkalplel.exe
        301⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\Lnohlgep.exe
        
        C:\Windows\system32\Lnohlgep.exe
        302⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\Lqndhcdc.exe
        
        C:\Windows\system32\Lqndhcdc.exe
        303⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\Ljfhqh32.exe
        
        C:\Windows\system32\Ljfhqh32.exe
        304⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:8476
        
        C:\Windows\SysWOW64\Lndagg32.exe
        
        C:\Windows\system32\Lndagg32.exe
        305⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\Mcqjon32.exe
        
        C:\Windows\system32\Mcqjon32.exe
        306⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\Mkhapk32.exe
        
        C:\Windows\system32\Mkhapk32.exe
        307⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\Mminhceb.exe
        
        C:\Windows\system32\Mminhceb.exe
        308⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\Mjmoag32.exe
        
        C:\Windows\system32\Mjmoag32.exe
        309⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8444
        
        C:\Windows\SysWOW64\Mmnhcb32.exe
        
        C:\Windows\system32\Mmnhcb32.exe
        310⤵
        Drops file in System32 directory
        
        PID:9072
        
        C:\Windows\SysWOW64\Mkohaj32.exe
        
        C:\Windows\system32\Mkohaj32.exe
        311⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:8280
        
        C:\Windows\SysWOW64\Mcjmel32.exe
        
        C:\Windows\system32\Mcjmel32.exe
        312⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9228
        
        C:\Windows\SysWOW64\Mkadfj32.exe
        
        C:\Windows\system32\Mkadfj32.exe
        313⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\Mmbanbmg.exe
        
        C:\Windows\system32\Mmbanbmg.exe
        314⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\Nclikl32.exe
        
        C:\Windows\system32\Nclikl32.exe
        315⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\Nlcalieg.exe
        
        C:\Windows\system32\Nlcalieg.exe
        316⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\Njfagf32.exe
        
        C:\Windows\system32\Njfagf32.exe
        317⤵
        Modifies registry class
        
        PID:9488
        
        C:\Windows\SysWOW64\Nmenca32.exe
        
        C:\Windows\system32\Nmenca32.exe
        318⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\Nelfeo32.exe
        
        C:\Windows\system32\Nelfeo32.exe
        319⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\Nndjndbh.exe
        
        C:\Windows\system32\Nndjndbh.exe
        320⤵
        Modifies registry class
        
        PID:9668
        
        C:\Windows\SysWOW64\Nabfjpak.exe
        
        C:\Windows\system32\Nabfjpak.exe
        321⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\Nhmofj32.exe
        
        C:\Windows\system32\Nhmofj32.exe
        322⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\Nlhkgi32.exe
        
        C:\Windows\system32\Nlhkgi32.exe
        323⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9800
        
        C:\Windows\SysWOW64\Nnfgcd32.exe
        
        C:\Windows\system32\Nnfgcd32.exe
        324⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\Naecop32.exe
        
        C:\Windows\system32\Naecop32.exe
        325⤵
        Drops file in System32 directory
        
        PID:9904
        
        C:\Windows\SysWOW64\Neqopnhb.exe
        
        C:\Windows\system32\Neqopnhb.exe
        326⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\Nccokk32.exe
        
        C:\Windows\system32\Nccokk32.exe
        327⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\Nlkgmh32.exe
        
        C:\Windows\system32\Nlkgmh32.exe
        328⤵
        Drops file in System32 directory
        
        PID:10036
        
        C:\Windows\SysWOW64\Nagpeo32.exe
        
        C:\Windows\system32\Nagpeo32.exe
        329⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10092
        
        C:\Windows\SysWOW64\Ndflak32.exe
        
        C:\Windows\system32\Ndflak32.exe
        330⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\Nhahaiec.exe
        
        C:\Windows\system32\Nhahaiec.exe
        331⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\Njpdnedf.exe
        
        C:\Windows\system32\Njpdnedf.exe
        332⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\Nnkpnclp.exe
        
        C:\Windows\system32\Nnkpnclp.exe
        333⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\Onnmdcjm.exe
        
        C:\Windows\system32\Onnmdcjm.exe
        334⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\Omqmop32.exe
        
        C:\Windows\system32\Omqmop32.exe
        335⤵
        Modifies registry class
        
        PID:9376
        
        C:\Windows\SysWOW64\Onpjichj.exe
        
        C:\Windows\system32\Onpjichj.exe
        336⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\Ohhnbhok.exe
        
        C:\Windows\system32\Ohhnbhok.exe
        337⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9548
        
        C:\Windows\SysWOW64\Oaqbkn32.exe
        
        C:\Windows\system32\Oaqbkn32.exe
        338⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\Ojigdcll.exe
        
        C:\Windows\system32\Ojigdcll.exe
        339⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\Pahilmoc.exe
        
        C:\Windows\system32\Pahilmoc.exe
        340⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\Poliea32.exe
        
        C:\Windows\system32\Poliea32.exe
        341⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\Pefabkej.exe
        
        C:\Windows\system32\Pefabkej.exe
        342⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\Phdnngdn.exe
        
        C:\Windows\system32\Phdnngdn.exe
        343⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\Pkbjjbda.exe
        
        C:\Windows\system32\Pkbjjbda.exe
        344⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\Palbgl32.exe
        
        C:\Windows\system32\Palbgl32.exe
        345⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\Phfjcf32.exe
        
        C:\Windows\system32\Phfjcf32.exe
        346⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\Pkegpb32.exe
        
        C:\Windows\system32\Pkegpb32.exe
        347⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Popbpqjh.exe
        
        C:\Windows\system32\Popbpqjh.exe
        348⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\Paoollik.exe
        
        C:\Windows\system32\Paoollik.exe
        349⤵
        Modifies registry class
        
        PID:9544
        
        C:\Windows\SysWOW64\Pejkmk32.exe
        
        C:\Windows\system32\Pejkmk32.exe
        350⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\Pkgcea32.exe
        
        C:\Windows\system32\Pkgcea32.exe
        351⤵
        Drops file in System32 directory
        
        PID:9788
        
        C:\Windows\SysWOW64\Qmepam32.exe
        
        C:\Windows\system32\Qmepam32.exe
        352⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\Qemhbj32.exe
        
        C:\Windows\system32\Qemhbj32.exe
        353⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\Qdphngfl.exe
        
        C:\Windows\system32\Qdphngfl.exe
        354⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\Qhkdof32.exe
        
        C:\Windows\system32\Qhkdof32.exe
        355⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\Qoelkp32.exe
        
        C:\Windows\system32\Qoelkp32.exe
        356⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\Qdbdcg32.exe
        
        C:\Windows\system32\Qdbdcg32.exe
        357⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\Qlimed32.exe
        
        C:\Windows\system32\Qlimed32.exe
        358⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\Aeaanjkl.exe
        
        C:\Windows\system32\Aeaanjkl.exe
        359⤵
        Modifies registry class
        
        PID:9652
        
        C:\Windows\SysWOW64\Alkijdci.exe
        
        C:\Windows\system32\Alkijdci.exe
        360⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\Anmfbl32.exe
        
        C:\Windows\system32\Anmfbl32.exe
        361⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\Alnfpcag.exe
        
        C:\Windows\system32\Alnfpcag.exe
        362⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\Akccap32.exe
        
        C:\Windows\system32\Akccap32.exe
        363⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\Anaomkdb.exe
        
        C:\Windows\system32\Anaomkdb.exe
        364⤵
        Drops file in System32 directory
        
        PID:3048
        
        C:\Windows\SysWOW64\Adkgje32.exe
        
        C:\Windows\system32\Adkgje32.exe
        365⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\Albpkc32.exe
        
        C:\Windows\system32\Albpkc32.exe
        366⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\Akepfpcl.exe
        
        C:\Windows\system32\Akepfpcl.exe
        367⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4420
        
        C:\Windows\SysWOW64\Aoalgn32.exe
        
        C:\Windows\system32\Aoalgn32.exe
        368⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\Aaohcj32.exe
        
        C:\Windows\system32\Aaohcj32.exe
        369⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1052
        
        C:\Windows\SysWOW64\Bochmn32.exe
        
        C:\Windows\system32\Bochmn32.exe
        370⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\Bdpaeehj.exe
        
        C:\Windows\system32\Bdpaeehj.exe
        371⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\Bepmoh32.exe
        
        C:\Windows\system32\Bepmoh32.exe
        372⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1248
        
        C:\Windows\SysWOW64\Bohbhmfm.exe
        
        C:\Windows\system32\Bohbhmfm.exe
        373⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\Bhpfqcln.exe
        
        C:\Windows\system32\Bhpfqcln.exe
        374⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\Bnmoijje.exe
        
        C:\Windows\system32\Bnmoijje.exe
        375⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Bedgjgkg.exe
        
        C:\Windows\system32\Bedgjgkg.exe
        376⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9916
        
        C:\Windows\SysWOW64\Bhbcfbjk.exe
        
        C:\Windows\system32\Bhbcfbjk.exe
        377⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\Blnoga32.exe
        
        C:\Windows\system32\Blnoga32.exe
        378⤵
        
        PID:840
        
        C:\Windows\SysWOW64\Bomkcm32.exe
        
        C:\Windows\system32\Bomkcm32.exe
        379⤵
        
        PID:368
        
        C:\Windows\SysWOW64\Ckclhn32.exe
        
        C:\Windows\system32\Ckclhn32.exe
        380⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\Coohhlpe.exe
        
        C:\Windows\system32\Coohhlpe.exe
        381⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\Cnahdi32.exe
        
        C:\Windows\system32\Cnahdi32.exe
        382⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\Cdlqqcnl.exe
        
        C:\Windows\system32\Cdlqqcnl.exe
        383⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\Ckeimm32.exe
        
        C:\Windows\system32\Ckeimm32.exe
        384⤵
        
        PID:552
        
        C:\Windows\SysWOW64\Coadnlnb.exe
        
        C:\Windows\system32\Coadnlnb.exe
        385⤵
        Drops file in System32 directory
        
        PID:3772
        
        C:\Windows\SysWOW64\Clgbmp32.exe
        
        C:\Windows\system32\Clgbmp32.exe
        386⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\Ckjbhmad.exe
        
        C:\Windows\system32\Ckjbhmad.exe
        387⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\Cnindhpg.exe
        
        C:\Windows\system32\Cnindhpg.exe
        388⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\Cbdjeg32.exe
        
        C:\Windows\system32\Cbdjeg32.exe
        389⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\Chnbbqpn.exe
        
        C:\Windows\system32\Chnbbqpn.exe
        390⤵
        
        PID:452
        
        C:\Windows\SysWOW64\Cljobphg.exe
        
        C:\Windows\system32\Cljobphg.exe
        391⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\Cohkokgj.exe
        
        C:\Windows\system32\Cohkokgj.exe
        392⤵
        
        PID:924
        
        C:\Windows\SysWOW64\Cnkkjh32.exe
        
        C:\Windows\system32\Cnkkjh32.exe
        393⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\Cfbcke32.exe
        
        C:\Windows\system32\Cfbcke32.exe
        394⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\Dkokcl32.exe
        
        C:\Windows\system32\Dkokcl32.exe
        395⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\Dnmhpg32.exe
        
        C:\Windows\system32\Dnmhpg32.exe
        396⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\Dfdpad32.exe
        
        C:\Windows\system32\Dfdpad32.exe
        397⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\Dnpdegjp.exe
        
        C:\Windows\system32\Dnpdegjp.exe
        398⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\Dbnmke32.exe
        
        C:\Windows\system32\Dbnmke32.exe
        399⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\Dfiildio.exe
        
        C:\Windows\system32\Dfiildio.exe
        400⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Dbpjaeoc.exe
        
        C:\Windows\system32\Dbpjaeoc.exe
        401⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\Ddnfmqng.exe
        
        C:\Windows\system32\Ddnfmqng.exe
        402⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\Dmennnni.exe
        
        C:\Windows\system32\Dmennnni.exe
        403⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\Dkhnjk32.exe
        
        C:\Windows\system32\Dkhnjk32.exe
        404⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\Dngjff32.exe
        
        C:\Windows\system32\Dngjff32.exe
        405⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10356
        
        C:\Windows\SysWOW64\Dbbffdlq.exe
        
        C:\Windows\system32\Dbbffdlq.exe
        406⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        407⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\Ekkkoj32.exe
        
        C:\Windows\system32\Ekkkoj32.exe
        408⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\Enigke32.exe
        
        C:\Windows\system32\Enigke32.exe
        409⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\Efpomccg.exe
        
        C:\Windows\system32\Efpomccg.exe
        410⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\Eiokinbk.exe
        
        C:\Windows\system32\Eiokinbk.exe
        411⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\Ebgpad32.exe
        
        C:\Windows\system32\Ebgpad32.exe
        412⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\Eeelnp32.exe
        
        C:\Windows\system32\Eeelnp32.exe
        413⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\Emmdom32.exe
        
        C:\Windows\system32\Emmdom32.exe
        414⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\Ekodjiol.exe
        
        C:\Windows\system32\Ekodjiol.exe
        415⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10784
        
        C:\Windows\SysWOW64\Ennqfenp.exe
        
        C:\Windows\system32\Ennqfenp.exe
        416⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\Eicedn32.exe
        
        C:\Windows\system32\Eicedn32.exe
        417⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10856
        
        C:\Windows\SysWOW64\Ekaapi32.exe
        
        C:\Windows\system32\Ekaapi32.exe
        418⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\Efgemb32.exe
        
        C:\Windows\system32\Efgemb32.exe
        419⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\Eppjfgcp.exe
        
        C:\Windows\system32\Eppjfgcp.exe
        420⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\Enbjad32.exe
        
        C:\Windows\system32\Enbjad32.exe
        421⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\Efjbcakl.exe
        
        C:\Windows\system32\Efjbcakl.exe
        422⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\Fihnomjp.exe
        
        C:\Windows\system32\Fihnomjp.exe
        423⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\Flfkkhid.exe
        
        C:\Windows\system32\Flfkkhid.exe
        424⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\Fpbflg32.exe
        
        C:\Windows\system32\Fpbflg32.exe
        425⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\Fflohaij.exe
        
        C:\Windows\system32\Fflohaij.exe
        426⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\Feoodn32.exe
        
        C:\Windows\system32\Feoodn32.exe
        427⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\Fmfgek32.exe
        
        C:\Windows\system32\Fmfgek32.exe
        428⤵
        Drops file in System32 directory
        
        PID:10304
        
        C:\Windows\SysWOW64\Fligqhga.exe
        
        C:\Windows\system32\Fligqhga.exe
        429⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\Fpdcag32.exe
        
        C:\Windows\system32\Fpdcag32.exe
        430⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\Fbbpmb32.exe
        
        C:\Windows\system32\Fbbpmb32.exe
        431⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\Fimhjl32.exe
        
        C:\Windows\system32\Fimhjl32.exe
        432⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\Fbgihaji.exe
        
        C:\Windows\system32\Fbgihaji.exe
        433⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\Fefedmil.exe
        
        C:\Windows\system32\Fefedmil.exe
        434⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Flpmagqi.exe
        
        C:\Windows\system32\Flpmagqi.exe
        435⤵
        Drops file in System32 directory
        
        PID:10692
        
        C:\Windows\SysWOW64\Gfeaopqo.exe
        
        C:\Windows\system32\Gfeaopqo.exe
        436⤵
        Drops file in System32 directory
        
        PID:10752
        
        C:\Windows\SysWOW64\Gmojkj32.exe
        
        C:\Windows\system32\Gmojkj32.exe
        437⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\Gblbca32.exe
        
        C:\Windows\system32\Gblbca32.exe
        438⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\Gifkpknp.exe
        
        C:\Windows\system32\Gifkpknp.exe
        439⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\Gncchb32.exe
        
        C:\Windows\system32\Gncchb32.exe
        440⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        441⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\Gmfplibd.exe
        
        C:\Windows\system32\Gmfplibd.exe
        442⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\Gimqajgh.exe
        
        C:\Windows\system32\Gimqajgh.exe
        443⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\Gbeejp32.exe
        
        C:\Windows\system32\Gbeejp32.exe
        444⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\Hfaajnfb.exe
        
        C:\Windows\system32\Hfaajnfb.exe
        445⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\Hipmfjee.exe
        
        C:\Windows\system32\Hipmfjee.exe
        446⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\Hpiecd32.exe
        
        C:\Windows\system32\Hpiecd32.exe
        447⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\Hplbickp.exe
        
        C:\Windows\system32\Hplbickp.exe
        448⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\Hbjoeojc.exe
        
        C:\Windows\system32\Hbjoeojc.exe
        449⤵
        
        PID:844
        
        C:\Windows\SysWOW64\Hpnoncim.exe
        
        C:\Windows\system32\Hpnoncim.exe
        450⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\Hfhgkmpj.exe
        
        C:\Windows\system32\Hfhgkmpj.exe
        451⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\Hemdlj32.exe
        
        C:\Windows\system32\Hemdlj32.exe
        452⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\Iikmbh32.exe
        
        C:\Windows\system32\Iikmbh32.exe
        453⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\Illfdc32.exe
        
        C:\Windows\system32\Illfdc32.exe
        454⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\Ibfnqmpf.exe
        
        C:\Windows\system32\Ibfnqmpf.exe
        455⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\Iedjmioj.exe
        
        C:\Windows\system32\Iedjmioj.exe
        456⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\Iipfmggc.exe
        
        C:\Windows\system32\Iipfmggc.exe
        457⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:2856
        
        C:\Windows\SysWOW64\Iibccgep.exe
        
        C:\Windows\system32\Iibccgep.exe
        458⤵
        Modifies registry class
        
        PID:496
        
        C:\Windows\SysWOW64\Iidphgcn.exe
        
        C:\Windows\system32\Iidphgcn.exe
        459⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\Ilcldb32.exe
        
        C:\Windows\system32\Ilcldb32.exe
        460⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\Joahqn32.exe
        
        C:\Windows\system32\Joahqn32.exe
        461⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\Jcmdaljn.exe
        
        C:\Windows\system32\Jcmdaljn.exe
        462⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\Jiglnf32.exe
        
        C:\Windows\system32\Jiglnf32.exe
        463⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\Jmbhoeid.exe
        
        C:\Windows\system32\Jmbhoeid.exe
        464⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\Jpaekqhh.exe
        
        C:\Windows\system32\Jpaekqhh.exe
        465⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\Jcoaglhk.exe
        
        C:\Windows\system32\Jcoaglhk.exe
        466⤵
        Drops file in System32 directory
        
        PID:3820
        
        C:\Windows\SysWOW64\Jgkmgk32.exe
        
        C:\Windows\system32\Jgkmgk32.exe
        467⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\Johnamkm.exe
        
        C:\Windows\system32\Johnamkm.exe
        468⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\Jniood32.exe
        
        C:\Windows\system32\Jniood32.exe
        469⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        470⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\Komhll32.exe
        
        C:\Windows\system32\Komhll32.exe
        471⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\Kgdpni32.exe
        
        C:\Windows\system32\Kgdpni32.exe
        472⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\Kjblje32.exe
        
        C:\Windows\system32\Kjblje32.exe
        473⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\Knnhjcog.exe
        
        C:\Windows\system32\Knnhjcog.exe
        474⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\Klahfp32.exe
        
        C:\Windows\system32\Klahfp32.exe
        475⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\Kpmdfonj.exe
        
        C:\Windows\system32\Kpmdfonj.exe
        476⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\Kckqbj32.exe
        
        C:\Windows\system32\Kckqbj32.exe
        477⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\Keimof32.exe
        
        C:\Windows\system32\Keimof32.exe
        478⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\Knqepc32.exe
        
        C:\Windows\system32\Knqepc32.exe
        479⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\Klcekpdo.exe
        
        C:\Windows\system32\Klcekpdo.exe
        480⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\Koaagkcb.exe
        
        C:\Windows\system32\Koaagkcb.exe
        481⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\Kcmmhj32.exe
        
        C:\Windows\system32\Kcmmhj32.exe
        482⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\Klfaapbl.exe
        
        C:\Windows\system32\Klfaapbl.exe
        483⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\Klhnfo32.exe
        
        C:\Windows\system32\Klhnfo32.exe
        484⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\Kjlopc32.exe
        
        C:\Windows\system32\Kjlopc32.exe
        485⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\Lcdciiec.exe
        
        C:\Windows\system32\Lcdciiec.exe
        486⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\Ljnlecmp.exe
        
        C:\Windows\system32\Ljnlecmp.exe
        487⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\Lnjgfb32.exe
        
        C:\Windows\system32\Lnjgfb32.exe
        488⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\Ljqhkckn.exe
        
        C:\Windows\system32\Ljqhkckn.exe
        489⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\Lgdidgjg.exe
        
        C:\Windows\system32\Lgdidgjg.exe
        490⤵
        Modifies registry class
        
        PID:4872
        
        C:\Windows\SysWOW64\Lfgipd32.exe
        
        C:\Windows\system32\Lfgipd32.exe
        491⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\Ljceqb32.exe
        
        C:\Windows\system32\Ljceqb32.exe
        492⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\Lopmii32.exe
        
        C:\Windows\system32\Lopmii32.exe
        493⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\Lfjfecno.exe
        
        C:\Windows\system32\Lfjfecno.exe
        494⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\Lobjni32.exe
        
        C:\Windows\system32\Lobjni32.exe
        495⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1856
        
        C:\Windows\SysWOW64\Lcnfohmi.exe
        
        C:\Windows\system32\Lcnfohmi.exe
        496⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Lflbkcll.exe
        
        C:\Windows\system32\Lflbkcll.exe
        497⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\Lncjlq32.exe
        
        C:\Windows\system32\Lncjlq32.exe
        498⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\Mgnlkfal.exe
        
        C:\Windows\system32\Mgnlkfal.exe
        499⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\Mqimikfj.exe
        
        C:\Windows\system32\Mqimikfj.exe
        500⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\Mokmdh32.exe
        
        C:\Windows\system32\Mokmdh32.exe
        501⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2336
        
        C:\Windows\SysWOW64\Mqkiok32.exe
        
        C:\Windows\system32\Mqkiok32.exe
        502⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\Mfhbga32.exe
        
        C:\Windows\system32\Mfhbga32.exe
        503⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3812
        
        C:\Windows\SysWOW64\Nmbjcljl.exe
        
        C:\Windows\system32\Nmbjcljl.exe
        504⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\Nopfpgip.exe
        
        C:\Windows\system32\Nopfpgip.exe
        505⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\Nqpcjj32.exe
        
        C:\Windows\system32\Nqpcjj32.exe
        506⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\Nflkbanj.exe
        
        C:\Windows\system32\Nflkbanj.exe
        507⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\Nncccnol.exe
        
        C:\Windows\system32\Nncccnol.exe
        508⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\Nmfcok32.exe
        
        C:\Windows\system32\Nmfcok32.exe
        509⤵
        
        PID:964
        
        C:\Windows\SysWOW64\Nnfpinmi.exe
        
        C:\Windows\system32\Nnfpinmi.exe
        510⤵
        
        PID:376
        
        C:\Windows\SysWOW64\Npgmpf32.exe
        
        C:\Windows\system32\Npgmpf32.exe
        511⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\Ngndaccj.exe
        
        C:\Windows\system32\Ngndaccj.exe
        512⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Nfaemp32.exe
        
        C:\Windows\system32\Nfaemp32.exe
        513⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10976
        
        C:\Windows\SysWOW64\Nnhmnn32.exe
        
        C:\Windows\system32\Nnhmnn32.exe
        514⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\Nmkmjjaa.exe
        
        C:\Windows\system32\Nmkmjjaa.exe
        515⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Onkidm32.exe
        
        C:\Windows\system32\Onkidm32.exe
        516⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\Offnhpfo.exe
        
        C:\Windows\system32\Offnhpfo.exe
        517⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\Ojajin32.exe
        
        C:\Windows\system32\Ojajin32.exe
        518⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\Onmfimga.exe
        
        C:\Windows\system32\Onmfimga.exe
        519⤵
        Drops file in System32 directory
        
        PID:4924
        
        C:\Windows\SysWOW64\Ocjoadei.exe
        
        C:\Windows\system32\Ocjoadei.exe
        520⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\Onocomdo.exe
        
        C:\Windows\system32\Onocomdo.exe
        521⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\Omdppiif.exe
        
        C:\Windows\system32\Omdppiif.exe
        522⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\Oaplqh32.exe
        
        C:\Windows\system32\Oaplqh32.exe
        523⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11072
        
        C:\Windows\SysWOW64\Opclldhj.exe
        
        C:\Windows\system32\Opclldhj.exe
        524⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\Ogjdmbil.exe
        
        C:\Windows\system32\Ogjdmbil.exe
        525⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Omgmeigd.exe
        
        C:\Windows\system32\Omgmeigd.exe
        526⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Ocaebc32.exe
        
        C:\Windows\system32\Ocaebc32.exe
        527⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:948
        
        C:\Windows\SysWOW64\Pjkmomfn.exe
        
        C:\Windows\system32\Pjkmomfn.exe
        528⤵
        Drops file in System32 directory
        
        PID:3628
        
        C:\Windows\SysWOW64\Pccahbmn.exe
        
        C:\Windows\system32\Pccahbmn.exe
        529⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:412
        
        C:\Windows\SysWOW64\Pfandnla.exe
        
        C:\Windows\system32\Pfandnla.exe
        530⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\Pnifekmd.exe
        
        C:\Windows\system32\Pnifekmd.exe
        531⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\Ppjbmc32.exe
        
        C:\Windows\system32\Ppjbmc32.exe
        532⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\Phajna32.exe
        
        C:\Windows\system32\Phajna32.exe
        533⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\Pjpfjl32.exe
        
        C:\Windows\system32\Pjpfjl32.exe
        534⤵
        Drops file in System32 directory
        
        PID:5324
        
        C:\Windows\SysWOW64\Pmnbfhal.exe
        
        C:\Windows\system32\Pmnbfhal.exe
        535⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\Paiogf32.exe
        
        C:\Windows\system32\Paiogf32.exe
        536⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\Phcgcqab.exe
        
        C:\Windows\system32\Phcgcqab.exe
        537⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\Pjbcplpe.exe
        
        C:\Windows\system32\Pjbcplpe.exe
        538⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\Pnmopk32.exe
        
        C:\Windows\system32\Pnmopk32.exe
        539⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\Ppolhcnm.exe
        
        C:\Windows\system32\Ppolhcnm.exe
        540⤵
        Modifies registry class
        
        PID:60
        
        C:\Windows\SysWOW64\Pdjgha32.exe
        
        C:\Windows\system32\Pdjgha32.exe
        541⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5856
        
        C:\Windows\SysWOW64\Pfiddm32.exe
        
        C:\Windows\system32\Pfiddm32.exe
        542⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\Qfkqjmdg.exe
        
        C:\Windows\system32\Qfkqjmdg.exe
        543⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\Qaqegecm.exe
        
        C:\Windows\system32\Qaqegecm.exe
        544⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Qdoacabq.exe
        
        C:\Windows\system32\Qdoacabq.exe
        545⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\Qhjmdp32.exe
        
        C:\Windows\system32\Qhjmdp32.exe
        546⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\Qfmmplad.exe
        
        C:\Windows\system32\Qfmmplad.exe
        547⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\Qodeajbg.exe
        
        C:\Windows\system32\Qodeajbg.exe
        548⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\Qacameaj.exe
        
        C:\Windows\system32\Qacameaj.exe
        549⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\Aknbkjfh.exe
        
        C:\Windows\system32\Aknbkjfh.exe
        550⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\Ahaceo32.exe
        
        C:\Windows\system32\Ahaceo32.exe
        551⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6024

C:\Windows\SysWOW64\Agdcpkll.exe
C:\Windows\system32\Agdcpkll.exe
1⤵
PID:5796
- C:\Windows\SysWOW64\Aajhndkb.exe
  C:\Windows\system32\Aajhndkb.exe
  2⤵
  PID:6112
- - C:\Windows\SysWOW64\Amqhbe32.exe
    C:\Windows\system32\Amqhbe32.exe
    3⤵
    PID:1924
  - - C:\Windows\SysWOW64\Apaadpng.exe
      C:\Windows\system32\Apaadpng.exe
      4⤵
      PID:5332
    - - C:\Windows\SysWOW64\Bhhiemoj.exe
        
        C:\Windows\system32\Bhhiemoj.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5752
      - C:\Windows\SysWOW64\Bgkiaj32.exe
        
        C:\Windows\system32\Bgkiaj32.exe
        6⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\Bdojjo32.exe
        
        C:\Windows\system32\Bdojjo32.exe
        7⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\Boenhgdd.exe
        
        C:\Windows\system32\Boenhgdd.exe
        8⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Bacjdbch.exe
        
        C:\Windows\system32\Bacjdbch.exe
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\Bdagpnbk.exe
        
        C:\Windows\system32\Bdagpnbk.exe
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\Bmjkic32.exe
        
        C:\Windows\system32\Bmjkic32.exe
        11⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\Bphgeo32.exe
        
        C:\Windows\system32\Bphgeo32.exe
        12⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6028

C:\Windows\SysWOW64\Bhpofl32.exe
C:\Windows\system32\Bhpofl32.exe
1⤵
PID:5224
- C:\Windows\SysWOW64\Boihcf32.exe
  C:\Windows\system32\Boihcf32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Drops file in System32 directory
  PID:5624
- - C:\Windows\SysWOW64\Bahdob32.exe
    C:\Windows\system32\Bahdob32.exe
    3⤵
    PID:6052
  - - C:\Windows\SysWOW64\Bpkdjofm.exe
      C:\Windows\system32\Bpkdjofm.exe
      4⤵
      PID:5968
    - - C:\Windows\SysWOW64\Bgelgi32.exe
        
        C:\Windows\system32\Bgelgi32.exe
        5⤵
        
        PID:5472
      - C:\Windows\SysWOW64\Bnoddcef.exe
        
        C:\Windows\system32\Bnoddcef.exe
        6⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\Bajqda32.exe
        
        C:\Windows\system32\Bajqda32.exe
        7⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\Conanfli.exe
        
        C:\Windows\system32\Conanfli.exe
        8⤵
        Modifies registry class
        
        PID:5428
        
        C:\Windows\SysWOW64\Cammjakm.exe
        
        C:\Windows\system32\Cammjakm.exe
        9⤵
        Modifies registry class
        
        PID:5508
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        10⤵
        Modifies registry class
        
        PID:5924
        
        C:\Windows\SysWOW64\Cgifbhid.exe
        
        C:\Windows\system32\Cgifbhid.exe
        11⤵
        Drops file in System32 directory
        
        PID:5160
        
        C:\Windows\SysWOW64\Ckebcg32.exe
        
        C:\Windows\system32\Ckebcg32.exe
        12⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\Coqncejg.exe
        
        C:\Windows\system32\Coqncejg.exe
        13⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\Caojpaij.exe
        
        C:\Windows\system32\Caojpaij.exe
        14⤵
        Modifies registry class
        
        PID:5388
        
        C:\Windows\SysWOW64\Chiblk32.exe
        
        C:\Windows\system32\Chiblk32.exe
        15⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\Cnfkdb32.exe
        
        C:\Windows\system32\Cnfkdb32.exe
        16⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\Chkobkod.exe
        
        C:\Windows\system32\Chkobkod.exe
        17⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\Cgnomg32.exe
        
        C:\Windows\system32\Cgnomg32.exe
        18⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\Cdbpgl32.exe
        
        C:\Windows\system32\Cdbpgl32.exe
        19⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\Cgqlcg32.exe
        
        C:\Windows\system32\Cgqlcg32.exe
        20⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\Cklhcfle.exe
        
        C:\Windows\system32\Cklhcfle.exe
        21⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Dddllkbf.exe
        
        C:\Windows\system32\Dddllkbf.exe
        22⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\Dgcihgaj.exe
        
        C:\Windows\system32\Dgcihgaj.exe
        23⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11336
        
        C:\Windows\SysWOW64\Dpkmal32.exe
        
        C:\Windows\system32\Dpkmal32.exe
        24⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\Dolmodpi.exe
        
        C:\Windows\system32\Dolmodpi.exe
        25⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\Dakikoom.exe
        
        C:\Windows\system32\Dakikoom.exe
        26⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\Dqnjgl32.exe
        
        C:\Windows\system32\Dqnjgl32.exe
        27⤵
        Drops file in System32 directory
        
        PID:11500
        
        C:\Windows\SysWOW64\Dhdbhifj.exe
        
        C:\Windows\system32\Dhdbhifj.exe
        28⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\Dggbcf32.exe
        
        C:\Windows\system32\Dggbcf32.exe
        29⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\Doojec32.exe
        
        C:\Windows\system32\Doojec32.exe
        30⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\Dnajppda.exe
        
        C:\Windows\system32\Dnajppda.exe
        31⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\Dqpfmlce.exe
        
        C:\Windows\system32\Dqpfmlce.exe
        32⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\Ddkbmj32.exe
        
        C:\Windows\system32\Ddkbmj32.exe
        33⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\Dhgonidg.exe
        
        C:\Windows\system32\Dhgonidg.exe
        34⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\Dkekjdck.exe
        
        C:\Windows\system32\Dkekjdck.exe
        35⤵
        Drops file in System32 directory
        
        PID:11848
        
        C:\Windows\SysWOW64\Dndgfpbo.exe
        
        C:\Windows\system32\Dndgfpbo.exe
        36⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\Dbocfo32.exe
        
        C:\Windows\system32\Dbocfo32.exe
        37⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\Dqbcbkab.exe
        
        C:\Windows\system32\Dqbcbkab.exe
        38⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\Dglkoeio.exe
        
        C:\Windows\system32\Dglkoeio.exe
        39⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\Eqdpgk32.exe
        
        C:\Windows\system32\Eqdpgk32.exe
        40⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\Ehlhih32.exe
        
        C:\Windows\system32\Ehlhih32.exe
        41⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\Ekjded32.exe
        
        C:\Windows\system32\Ekjded32.exe
        42⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\Eqgmmk32.exe
        
        C:\Windows\system32\Eqgmmk32.exe
        43⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\Egaejeej.exe
        
        C:\Windows\system32\Egaejeej.exe
        44⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\Eohmkb32.exe
        
        C:\Windows\system32\Eohmkb32.exe
        45⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\Eqiibjlj.exe
        
        C:\Windows\system32\Eqiibjlj.exe
        46⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Egcaod32.exe
        
        C:\Windows\system32\Egcaod32.exe
        47⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:5460
        
        C:\Windows\SysWOW64\Eqlfhjig.exe
        
        C:\Windows\system32\Eqlfhjig.exe
        48⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\Ehbnigjj.exe
        
        C:\Windows\system32\Ehbnigjj.exe
        49⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\Eomffaag.exe
        
        C:\Windows\system32\Eomffaag.exe
        50⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\Enpfan32.exe
        
        C:\Windows\system32\Enpfan32.exe
        51⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\Edionhpn.exe
        
        C:\Windows\system32\Edionhpn.exe
        52⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\Eiekog32.exe
        
        C:\Windows\system32\Eiekog32.exe
        53⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\Ekcgkb32.exe
        
        C:\Windows\system32\Ekcgkb32.exe
        54⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:11748
        
        C:\Windows\SysWOW64\Fnbcgn32.exe
        
        C:\Windows\system32\Fnbcgn32.exe
        55⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\Fqppci32.exe
        
        C:\Windows\system32\Fqppci32.exe
        56⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\Figgdg32.exe
        
        C:\Windows\system32\Figgdg32.exe
        57⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\Fgjhpcmo.exe
        
        C:\Windows\system32\Fgjhpcmo.exe
        58⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\Fbplml32.exe
        
        C:\Windows\system32\Fbplml32.exe
        59⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\Fdnhih32.exe
        
        C:\Windows\system32\Fdnhih32.exe
        60⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\Fniihmpf.exe
        
        C:\Windows\system32\Fniihmpf.exe
        61⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\Fqgedh32.exe
        
        C:\Windows\system32\Fqgedh32.exe
        62⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\Fnkfmm32.exe
        
        C:\Windows\system32\Fnkfmm32.exe
        63⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\Feenjgfq.exe
        
        C:\Windows\system32\Feenjgfq.exe
        64⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\Fiqjke32.exe
        
        C:\Windows\system32\Fiqjke32.exe
        65⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\Fkofga32.exe
        
        C:\Windows\system32\Fkofga32.exe
        66⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Gokbgpeg.exe
        
        C:\Windows\system32\Gokbgpeg.exe
        67⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\Gbiockdj.exe
        
        C:\Windows\system32\Gbiockdj.exe
        68⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\Gegkpf32.exe
        
        C:\Windows\system32\Gegkpf32.exe
        69⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\Ggfglb32.exe
        
        C:\Windows\system32\Ggfglb32.exe
        70⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\Gnpphljo.exe
        
        C:\Windows\system32\Gnpphljo.exe
        71⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\Ganldgib.exe
        
        C:\Windows\system32\Ganldgib.exe
        72⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\Gbnhoj32.exe
        
        C:\Windows\system32\Gbnhoj32.exe
        73⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\Gihpkd32.exe
        
        C:\Windows\system32\Gihpkd32.exe
        74⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\Gpaihooo.exe
        
        C:\Windows\system32\Gpaihooo.exe
        75⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\Ggmmlamj.exe
        
        C:\Windows\system32\Ggmmlamj.exe
        76⤵
        Modifies registry class
        
        PID:5604
        
        C:\Windows\SysWOW64\Gpdennml.exe
        
        C:\Windows\system32\Gpdennml.exe
        77⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\Gbbajjlp.exe
        
        C:\Windows\system32\Gbbajjlp.exe
        78⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\Hpfbcn32.exe
        
        C:\Windows\system32\Hpfbcn32.exe
        79⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\Hnibokbd.exe
        
        C:\Windows\system32\Hnibokbd.exe
        80⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\Hecjke32.exe
        
        C:\Windows\system32\Hecjke32.exe
        81⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\Hioflcbj.exe
        
        C:\Windows\system32\Hioflcbj.exe
        82⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\Hlmchoan.exe
        
        C:\Windows\system32\Hlmchoan.exe
        83⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\Hnlodjpa.exe
        
        C:\Windows\system32\Hnlodjpa.exe
        84⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\Hajkqfoe.exe
        
        C:\Windows\system32\Hajkqfoe.exe
        85⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\Hpkknmgd.exe
        
        C:\Windows\system32\Hpkknmgd.exe
        86⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\Hbihjifh.exe
        
        C:\Windows\system32\Hbihjifh.exe
        87⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\Hpmhdmea.exe
        
        C:\Windows\system32\Hpmhdmea.exe
        88⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\Hbldphde.exe
        
        C:\Windows\system32\Hbldphde.exe
        89⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\Haodle32.exe
        
        C:\Windows\system32\Haodle32.exe
        90⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\Hppeim32.exe
        
        C:\Windows\system32\Hppeim32.exe
        91⤵
        Modifies registry class
        
        PID:6748
        
        C:\Windows\SysWOW64\Hemmac32.exe
        
        C:\Windows\system32\Hemmac32.exe
        92⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\Ihkjno32.exe
        
        C:\Windows\system32\Ihkjno32.exe
        93⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\Ipbaol32.exe
        
        C:\Windows\system32\Ipbaol32.exe
        94⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\Iacngdgj.exe
        
        C:\Windows\system32\Iacngdgj.exe
        95⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\Ilibdmgp.exe
        
        C:\Windows\system32\Ilibdmgp.exe
        96⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6564
        
        C:\Windows\SysWOW64\Iogopi32.exe
        
        C:\Windows\system32\Iogopi32.exe
        97⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\Iafkld32.exe
        
        C:\Windows\system32\Iafkld32.exe
        98⤵
        Modifies registry class
        
        PID:11884
        
        C:\Windows\SysWOW64\Iimcma32.exe
        
        C:\Windows\system32\Iimcma32.exe
        99⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\Ihpcinld.exe
        
        C:\Windows\system32\Ihpcinld.exe
        100⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\Ipgkjlmg.exe
        
        C:\Windows\system32\Ipgkjlmg.exe
        101⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\Ibegfglj.exe
        
        C:\Windows\system32\Ibegfglj.exe
        102⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\Iahgad32.exe
        
        C:\Windows\system32\Iahgad32.exe
        103⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\Ihbponja.exe
        
        C:\Windows\system32\Ihbponja.exe
        104⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\Ibgdlg32.exe
        
        C:\Windows\system32\Ibgdlg32.exe
        105⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5492
        
        C:\Windows\SysWOW64\Iialhaad.exe
        
        C:\Windows\system32\Iialhaad.exe
        106⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\Ilphdlqh.exe
        
        C:\Windows\system32\Ilphdlqh.exe
        107⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\Jhgiim32.exe
        
        C:\Windows\system32\Jhgiim32.exe
        108⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\Jblmgf32.exe
        
        C:\Windows\system32\Jblmgf32.exe
        109⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\Jaonbc32.exe
        
        C:\Windows\system32\Jaonbc32.exe
        110⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\Jifecp32.exe
        
        C:\Windows\system32\Jifecp32.exe
        111⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\Jldbpl32.exe
        
        C:\Windows\system32\Jldbpl32.exe
        112⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\Jocnlg32.exe
        
        C:\Windows\system32\Jocnlg32.exe
        113⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11392
        
        C:\Windows\SysWOW64\Jaajhb32.exe
        
        C:\Windows\system32\Jaajhb32.exe
        114⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\Jemfhacc.exe
        
        C:\Windows\system32\Jemfhacc.exe
        115⤵
        Modifies registry class
        
        PID:6600
        
        C:\Windows\SysWOW64\Jhkbdmbg.exe
        
        C:\Windows\system32\Jhkbdmbg.exe
        116⤵
        Drops file in System32 directory
        
        PID:6236
        
        C:\Windows\SysWOW64\Jadgnb32.exe
        
        C:\Windows\system32\Jadgnb32.exe
        117⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\Jlikkkhn.exe
        
        C:\Windows\system32\Jlikkkhn.exe
        118⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6724
        
        C:\Windows\SysWOW64\Johggfha.exe
        
        C:\Windows\system32\Johggfha.exe
        119⤵
        Modifies registry class
        
        PID:6364
        
        C:\Windows\SysWOW64\Jafdcbge.exe
        
        C:\Windows\system32\Jafdcbge.exe
        120⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\Jimldogg.exe
        
        C:\Windows\system32\Jimldogg.exe
        121⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6272
        
        C:\Windows\SysWOW64\Jhplpl32.exe
        
        C:\Windows\system32\Jhplpl32.exe
        122⤵
        Drops file in System32 directory
        
        PID:6928
        
        C:\Windows\SysWOW64\Jpgdai32.exe
        
        C:\Windows\system32\Jpgdai32.exe
        123⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\Khbiello.exe
        
        C:\Windows\system32\Khbiello.exe
        124⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\Kpiqfima.exe
        
        C:\Windows\system32\Kpiqfima.exe
        125⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Kibeoo32.exe
        
        C:\Windows\system32\Kibeoo32.exe
        126⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\Klpakj32.exe
        
        C:\Windows\system32\Klpakj32.exe
        127⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\Koonge32.exe
        
        C:\Windows\system32\Koonge32.exe
        128⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\Kamjda32.exe
        
        C:\Windows\system32\Kamjda32.exe
        129⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\Kidben32.exe
        
        C:\Windows\system32\Kidben32.exe
        130⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\Klbnajqc.exe
        
        C:\Windows\system32\Klbnajqc.exe
        131⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\Kcmfnd32.exe
        
        C:\Windows\system32\Kcmfnd32.exe
        132⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\Kifojnol.exe
        
        C:\Windows\system32\Kifojnol.exe
        133⤵
        Drops file in System32 directory
        
        PID:6952
        
        C:\Windows\SysWOW64\Klekfinp.exe
        
        C:\Windows\system32\Klekfinp.exe
        134⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6160
        
        C:\Windows\SysWOW64\Kpqggh32.exe
        
        C:\Windows\system32\Kpqggh32.exe
        135⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\Kcoccc32.exe
        
        C:\Windows\system32\Kcoccc32.exe
        136⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\Kiikpnmj.exe
        
        C:\Windows\system32\Kiikpnmj.exe
        137⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Klggli32.exe
        
        C:\Windows\system32\Klggli32.exe
        138⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\Kofdhd32.exe
        
        C:\Windows\system32\Kofdhd32.exe
        139⤵
        Drops file in System32 directory
        
        PID:5832
        
        C:\Windows\SysWOW64\Kcapicdj.exe
        
        C:\Windows\system32\Kcapicdj.exe
        140⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\Lepleocn.exe
        
        C:\Windows\system32\Lepleocn.exe
        141⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\Lhnhajba.exe
        
        C:\Windows\system32\Lhnhajba.exe
        142⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\Lllagh32.exe
        
        C:\Windows\system32\Lllagh32.exe
        143⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\Lcfidb32.exe
        
        C:\Windows\system32\Lcfidb32.exe
        144⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\Lcfidb32.exe
        
        C:\Windows\system32\Lcfidb32.exe
        145⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\Laiipofp.exe
        
        C:\Windows\system32\Laiipofp.exe
        146⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Ljpaqmgb.exe
        
        C:\Windows\system32\Ljpaqmgb.exe
        147⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\Llnnmhfe.exe
        
        C:\Windows\system32\Llnnmhfe.exe
        148⤵
        Drops file in System32 directory
        
        PID:6304
        
        C:\Windows\SysWOW64\Legben32.exe
        
        C:\Windows\system32\Legben32.exe
        149⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6276
        
        C:\Windows\SysWOW64\Ljbnfleo.exe
        
        C:\Windows\system32\Ljbnfleo.exe
        150⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\Lckboblp.exe
        
        C:\Windows\system32\Lckboblp.exe
        151⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\Llcghg32.exe
        
        C:\Windows\system32\Llcghg32.exe
        152⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\Loacdc32.exe
        
        C:\Windows\system32\Loacdc32.exe
        153⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\Mapppn32.exe
        
        C:\Windows\system32\Mapppn32.exe
        154⤵
        Modifies registry class
        
        PID:12428
        
        C:\Windows\SysWOW64\Mjggal32.exe
        
        C:\Windows\system32\Mjggal32.exe
        155⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\Mledmg32.exe
        
        C:\Windows\system32\Mledmg32.exe
        156⤵
        Modifies registry class
        
        PID:12516
        
        C:\Windows\SysWOW64\Modpib32.exe
        
        C:\Windows\system32\Modpib32.exe
        157⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\Mablfnne.exe
        
        C:\Windows\system32\Mablfnne.exe
        158⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\Mjidgkog.exe
        
        C:\Windows\system32\Mjidgkog.exe
        159⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\Mhldbh32.exe
        
        C:\Windows\system32\Mhldbh32.exe
        160⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\Mofmobmo.exe
        
        C:\Windows\system32\Mofmobmo.exe
        161⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\Mfpell32.exe
        
        C:\Windows\system32\Mfpell32.exe
        162⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\Mpeiie32.exe
        
        C:\Windows\system32\Mpeiie32.exe
        163⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\Mfbaalbi.exe
        
        C:\Windows\system32\Mfbaalbi.exe
        164⤵
        Drops file in System32 directory
        
        PID:12820
        
        C:\Windows\SysWOW64\Mokfja32.exe
        
        C:\Windows\system32\Mokfja32.exe
        165⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\Mlofcf32.exe
        
        C:\Windows\system32\Mlofcf32.exe
        166⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\Momcpa32.exe
        
        C:\Windows\system32\Momcpa32.exe
        167⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12932
        
        C:\Windows\SysWOW64\Nblolm32.exe
        
        C:\Windows\system32\Nblolm32.exe
        168⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\Nhegig32.exe
        
        C:\Windows\system32\Nhegig32.exe
        169⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\Nbnlaldg.exe
        
        C:\Windows\system32\Nbnlaldg.exe
        170⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13044
        
        C:\Windows\SysWOW64\Nmcpoedn.exe
        
        C:\Windows\system32\Nmcpoedn.exe
        171⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13084
        
        C:\Windows\SysWOW64\Nfldgk32.exe
        
        C:\Windows\system32\Nfldgk32.exe
        172⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\Nodiqp32.exe
        
        C:\Windows\system32\Nodiqp32.exe
        173⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\Nbbeml32.exe
        
        C:\Windows\system32\Nbbeml32.exe
        174⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13204
        
        C:\Windows\SysWOW64\Nqcejcha.exe
        
        C:\Windows\system32\Nqcejcha.exe
        175⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\Ncbafoge.exe
        
        C:\Windows\system32\Ncbafoge.exe
        176⤵
        Drops file in System32 directory
        
        PID:13300
        
        C:\Windows\SysWOW64\Nmjfodne.exe
        
        C:\Windows\system32\Nmjfodne.exe
        177⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\Nqfbpb32.exe
        
        C:\Windows\system32\Nqfbpb32.exe
        178⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\Ooibkpmi.exe
        
        C:\Windows\system32\Ooibkpmi.exe
        179⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\Ommceclc.exe
        
        C:\Windows\system32\Ommceclc.exe
        180⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\Oonlfo32.exe
        
        C:\Windows\system32\Oonlfo32.exe
        181⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12524
        
        C:\Windows\SysWOW64\Oblhcj32.exe
        
        C:\Windows\system32\Oblhcj32.exe
        182⤵
        Drops file in System32 directory
        
        PID:12544
        
        C:\Windows\SysWOW64\Ofgdcipq.exe
        
        C:\Windows\system32\Ofgdcipq.exe
        183⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\Oifppdpd.exe
        
        C:\Windows\system32\Oifppdpd.exe
        184⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\Oqmhqapg.exe
        
        C:\Windows\system32\Oqmhqapg.exe
        185⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\Ockdmmoj.exe
        
        C:\Windows\system32\Ockdmmoj.exe
        186⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\Ofjqihnn.exe
        
        C:\Windows\system32\Ofjqihnn.exe
        187⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\Ojemig32.exe
        
        C:\Windows\system32\Ojemig32.exe
        188⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\Oqoefand.exe
        
        C:\Windows\system32\Oqoefand.exe
        189⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\Pqbala32.exe
        
        C:\Windows\system32\Pqbala32.exe
        190⤵
        Drops file in System32 directory
        
        PID:12960
        
        C:\Windows\SysWOW64\Pimfpc32.exe
        
        C:\Windows\system32\Pimfpc32.exe
        191⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\Padnaq32.exe
        
        C:\Windows\system32\Padnaq32.exe
        192⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\Ppgomnai.exe
        
        C:\Windows\system32\Ppgomnai.exe
        193⤵
        Drops file in System32 directory
        
        PID:13052
        
        C:\Windows\SysWOW64\Pcbkml32.exe
        
        C:\Windows\system32\Pcbkml32.exe
        194⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\Pcegclgp.exe
        
        C:\Windows\system32\Pcegclgp.exe
        195⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\Pjoppf32.exe
        
        C:\Windows\system32\Pjoppf32.exe
        196⤵
        Modifies registry class
        
        PID:7500
        
        C:\Windows\SysWOW64\Piapkbeg.exe
        
        C:\Windows\system32\Piapkbeg.exe
        197⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\Pakdbp32.exe
        
        C:\Windows\system32\Pakdbp32.exe
        198⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\Pmbegqjk.exe
        
        C:\Windows\system32\Pmbegqjk.exe
        199⤵
        Modifies registry class
        
        PID:13280
        
        C:\Windows\SysWOW64\Qamago32.exe
        
        C:\Windows\system32\Qamago32.exe
        200⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\Qclmck32.exe
        
        C:\Windows\system32\Qclmck32.exe
        201⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\Qjffpe32.exe
        
        C:\Windows\system32\Qjffpe32.exe
        202⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\Amfobp32.exe
        
        C:\Windows\system32\Amfobp32.exe
        203⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\Acqgojmb.exe
        
        C:\Windows\system32\Acqgojmb.exe
        204⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\Abcgjg32.exe
        
        C:\Windows\system32\Abcgjg32.exe
        205⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\Ajjokd32.exe
        
        C:\Windows\system32\Ajjokd32.exe
        206⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\Amikgpcc.exe
        
        C:\Windows\system32\Amikgpcc.exe
        207⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\Acccdj32.exe
        
        C:\Windows\system32\Acccdj32.exe
        208⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\Afappe32.exe
        
        C:\Windows\system32\Afappe32.exe
        209⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\Aagdnn32.exe
        
        C:\Windows\system32\Aagdnn32.exe
        210⤵
        Modifies registry class
        
        PID:7888
        
        C:\Windows\SysWOW64\Apjdikqd.exe
        
        C:\Windows\system32\Apjdikqd.exe
        211⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\Abhqefpg.exe
        
        C:\Windows\system32\Abhqefpg.exe
        212⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\Afcmfe32.exe
        
        C:\Windows\system32\Afcmfe32.exe
        213⤵
        Drops file in System32 directory
        
        PID:6784
        
        C:\Windows\SysWOW64\Aaiqcnhg.exe
        
        C:\Windows\system32\Aaiqcnhg.exe
        214⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\Aplaoj32.exe
        
        C:\Windows\system32\Aplaoj32.exe
        215⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\Abjmkf32.exe
        
        C:\Windows\system32\Abjmkf32.exe
        216⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\Aidehpea.exe
        
        C:\Windows\system32\Aidehpea.exe
        217⤵
        Drops file in System32 directory
        
        PID:8100
        
        C:\Windows\SysWOW64\Abmjqe32.exe
        
        C:\Windows\system32\Abmjqe32.exe
        218⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\Ajdbac32.exe
        
        C:\Windows\system32\Ajdbac32.exe
        219⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\Bmbnnn32.exe
        
        C:\Windows\system32\Bmbnnn32.exe
        220⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\Bfmolc32.exe
        
        C:\Windows\system32\Bfmolc32.exe
        221⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\Bpedeiff.exe
        
        C:\Windows\system32\Bpedeiff.exe
        222⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\Bmidnm32.exe
        
        C:\Windows\system32\Bmidnm32.exe
        223⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\Baepolni.exe
        
        C:\Windows\system32\Baepolni.exe
        224⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\Bdcmkgmm.exe
        
        C:\Windows\system32\Bdcmkgmm.exe
        225⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\Bipecnkd.exe
        
        C:\Windows\system32\Bipecnkd.exe
        226⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\Ckpamabg.exe
        
        C:\Windows\system32\Ckpamabg.exe
        227⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\Cibain32.exe
        
        C:\Windows\system32\Cibain32.exe
        228⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\Cajjjk32.exe
        
        C:\Windows\system32\Cajjjk32.exe
        229⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\Cpljehpo.exe
        
        C:\Windows\system32\Cpljehpo.exe
        230⤵
        Modifies registry class
        
        PID:7252
        
        C:\Windows\SysWOW64\Cbkfbcpb.exe
        
        C:\Windows\system32\Cbkfbcpb.exe
        231⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\Ckbncapd.exe
        
        C:\Windows\system32\Ckbncapd.exe
        232⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\Cgiohbfi.exe
        
        C:\Windows\system32\Cgiohbfi.exe
        233⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\Cancekeo.exe
        
        C:\Windows\system32\Cancekeo.exe
        234⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Cmgqpkip.exe
        
        C:\Windows\system32\Cmgqpkip.exe
        235⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\Daeifj32.exe
        
        C:\Windows\system32\Daeifj32.exe
        236⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\Ddcebe32.exe
        
        C:\Windows\system32\Ddcebe32.exe
        237⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\Dpjfgf32.exe
        
        C:\Windows\system32\Dpjfgf32.exe
        238⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\Dcibca32.exe
        
        C:\Windows\system32\Dcibca32.exe
        239⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\Dgdncplk.exe
        
        C:\Windows\system32\Dgdncplk.exe
        240⤵
        Drops file in System32 directory
        
        PID:7072
        
        C:\Windows\SysWOW64\Dajbaika.exe
        
        C:\Windows\system32\Dajbaika.exe
        241⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\Ddhomdje.exe
        
        C:\Windows\system32\Ddhomdje.exe
        242⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\Dggkipii.exe
        
        C:\Windows\system32\Dggkipii.exe
        243⤵
        Drops file in System32 directory
        
        PID:8164
        
        C:\Windows\SysWOW64\Dkbgjo32.exe
        
        C:\Windows\system32\Dkbgjo32.exe
        244⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\Dalofi32.exe
        
        C:\Windows\system32\Dalofi32.exe
        245⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\Dcnlnaom.exe
        
        C:\Windows\system32\Dcnlnaom.exe
        246⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\Dncpkjoc.exe
        
        C:\Windows\system32\Dncpkjoc.exe
        247⤵
        Drops file in System32 directory
        
        PID:7756
        
        C:\Windows\SysWOW64\Dcphdqmj.exe
        
        C:\Windows\system32\Dcphdqmj.exe
        248⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\Ejlnfjbd.exe
        
        C:\Windows\system32\Ejlnfjbd.exe
        249⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\Ecdbop32.exe
        
        C:\Windows\system32\Ecdbop32.exe
        250⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\Eafbmgad.exe
        
        C:\Windows\system32\Eafbmgad.exe
        251⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\Eahobg32.exe
        
        C:\Windows\system32\Eahobg32.exe
        252⤵
        Drops file in System32 directory
        
        PID:13236
        
        C:\Windows\SysWOW64\Eqkondfl.exe
        
        C:\Windows\system32\Eqkondfl.exe
        253⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\Enopghee.exe
        
        C:\Windows\system32\Enopghee.exe
        254⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\Fnalmh32.exe
        
        C:\Windows\system32\Fnalmh32.exe
        255⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\Fqphic32.exe
        
        C:\Windows\system32\Fqphic32.exe
        256⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\Fcneeo32.exe
        
        C:\Windows\system32\Fcneeo32.exe
        257⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\Fkemfl32.exe
        
        C:\Windows\system32\Fkemfl32.exe
        258⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8048
        
        C:\Windows\SysWOW64\Fqbeoc32.exe
        
        C:\Windows\system32\Fqbeoc32.exe
        259⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\Fjjjgh32.exe
        
        C:\Windows\system32\Fjjjgh32.exe
        260⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\Fnffhgon.exe
        
        C:\Windows\system32\Fnffhgon.exe
        261⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\Fdpnda32.exe
        
        C:\Windows\system32\Fdpnda32.exe
        262⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\Fqfojblo.exe
        
        C:\Windows\system32\Fqfojblo.exe
        263⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\Fklcgk32.exe
        
        C:\Windows\system32\Fklcgk32.exe
        264⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\Fbfkceca.exe
        
        C:\Windows\system32\Fbfkceca.exe
        265⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\Gddgpqbe.exe
        
        C:\Windows\system32\Gddgpqbe.exe
        266⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 424
        267⤵
        Program crash
        
        PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7808 -ip 7808
1⤵
PID:7328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aabmqd32.exe

Filesize
138KB

MD5
993f96778c27762d4c2808ea1c8bb72c

SHA1
02d1f54417a9ac23aaa1c9d1cb70066b2d94a82c

SHA256
d9a670c906d6de88039dfbd3d5fcaf51ddcc8ba5547cb57fd4186b3b6b4d0ae9

SHA512
871fad18ebc8569d28a0ab572082eadba86d9dfc102a5f10d7ea57ef939ccea98b03adadcf464d43231c8091e9c34f15b276c9eeb1137c9352d435ac287e7b5c

Download Submit
C:\Windows\SysWOW64\Aabmqd32.exe

Filesize
138KB

MD5
993f96778c27762d4c2808ea1c8bb72c

SHA1
02d1f54417a9ac23aaa1c9d1cb70066b2d94a82c

SHA256
d9a670c906d6de88039dfbd3d5fcaf51ddcc8ba5547cb57fd4186b3b6b4d0ae9

SHA512
871fad18ebc8569d28a0ab572082eadba86d9dfc102a5f10d7ea57ef939ccea98b03adadcf464d43231c8091e9c34f15b276c9eeb1137c9352d435ac287e7b5c

Download Submit
C:\Windows\SysWOW64\Aclpap32.exe

Filesize
138KB

MD5
c48dc3eeabb9a738141d5fcf9d9c5cf3

SHA1
5d128fd5f5cf85a3d127f731b65a6f8a2afe1d44

SHA256
b9e5d0bd58d8e862d736845af097b5959f5484a7dcb81533ba4eae788fcf0548

SHA512
aead6f502f16016d90855e807b7f954c981cd04bdfc72bf697aa8ae3d91b1d44dedf538d61ea020cb2213f35480ecd6bc381b3135e292a57a9ddd857e4266903

Download Submit
C:\Windows\SysWOW64\Aclpap32.exe

Filesize
138KB

MD5
c48dc3eeabb9a738141d5fcf9d9c5cf3

SHA1
5d128fd5f5cf85a3d127f731b65a6f8a2afe1d44

SHA256
b9e5d0bd58d8e862d736845af097b5959f5484a7dcb81533ba4eae788fcf0548

SHA512
aead6f502f16016d90855e807b7f954c981cd04bdfc72bf697aa8ae3d91b1d44dedf538d61ea020cb2213f35480ecd6bc381b3135e292a57a9ddd857e4266903

Download Submit
C:\Windows\SysWOW64\Aihaoqlp.exe

Filesize
138KB

MD5
59212d21f0a323bcb1569e8acaa15935

SHA1
c8829736f4b9f048d222cb6addb2600ec738177c

SHA256
3ea96f484e385144fe55798664122d5ab49592db9f51b97427bd281e791118da

SHA512
7ac86a9ee414bcad0c166c85c1e77195aa4913621a5b034007b246a5b115018343624d49f0004f2376d911c243876b008ea6787f32c2d6cca337dfa176a4edc3

Download Submit
C:\Windows\SysWOW64\Aknbkjfh.exe

Filesize
138KB

MD5
fe424d5782360a6f144ac5bce287c4a5

SHA1
8ab69330a9498df6d0c92f6b242413fa97bba623

SHA256
611660a4c4d28535a7fd0c04aeab751cadd81fd498c1f23a9b85a8e9ec469929

SHA512
4fb9f6b74d31ff9ff43ec32f9856c212ebdb58c038241e19cc45daa61306217e48b6d1528c53693d40a220ec77fced89b5d7963138476a5b725678a8543fd313

Download Submit
C:\Windows\SysWOW64\Alnfpcag.exe

Filesize
138KB

MD5
2542e4b3ebdd88f47e0bf0fcc9514b38

SHA1
91dcff384ff54dc152618ea59a59e3b503573cbf

SHA256
de4a41acab675c431628eb3fe695babaeb588239a0901f829c89bd8b07f6ac98

SHA512
405287777e4363faa38c7e55392b27a7d844ac4e1c0fad2676c474d697d142b7baa29d157aea1e40948b5320ea63dbbca267dc611ebbbdf4e22a69a1b26f6f0b

Download Submit
C:\Windows\SysWOW64\Aqkgpedc.exe

Filesize
138KB

MD5
84107186beefdab845494db73bce8e09

SHA1
39b17d69e226531e41718aebb82e68f277b68993

SHA256
3740d46ae89b6c8fc9fefbfa86d12de12b0b4d1f1a8b2fbde3e7eb739e0a4f12

SHA512
066fe30bebdf4a458ad79c8b1bdb467463672d681a934f86be602647b6b89fe22c20c584bd7075b32ad59c5f85584b6297f7b71ad76c55bf903daaeb809c599b

Download Submit
C:\Windows\SysWOW64\Aqkgpedc.exe

Filesize
138KB

MD5
84107186beefdab845494db73bce8e09

SHA1
39b17d69e226531e41718aebb82e68f277b68993

SHA256
3740d46ae89b6c8fc9fefbfa86d12de12b0b4d1f1a8b2fbde3e7eb739e0a4f12

SHA512
066fe30bebdf4a458ad79c8b1bdb467463672d681a934f86be602647b6b89fe22c20c584bd7075b32ad59c5f85584b6297f7b71ad76c55bf903daaeb809c599b

Download Submit
C:\Windows\SysWOW64\Aqppkd32.exe

Filesize
138KB

MD5
18d66112abb3a84fb7e1cacdb4dabb93

SHA1
c76e8c38dad15a015ad740c95666313187a72726

SHA256
3291ccae9d143d1dcf59a75b81055b96ed6e60bf1a6b5334608ff48cf269fee0

SHA512
a038719a009ca1631d72e4b80b3e71220d63f7409946b15ab546e09f4c2aecdd26d348fdb25e5a42e23a216a4fe33216ae698fe13d53749e5fc8a378dfcb9b23

Download Submit
C:\Windows\SysWOW64\Aqppkd32.exe

Filesize
138KB

MD5
18d66112abb3a84fb7e1cacdb4dabb93

SHA1
c76e8c38dad15a015ad740c95666313187a72726

SHA256
3291ccae9d143d1dcf59a75b81055b96ed6e60bf1a6b5334608ff48cf269fee0

SHA512
a038719a009ca1631d72e4b80b3e71220d63f7409946b15ab546e09f4c2aecdd26d348fdb25e5a42e23a216a4fe33216ae698fe13d53749e5fc8a378dfcb9b23

Download Submit
C:\Windows\SysWOW64\Bcoenmao.exe

Filesize
128KB

MD5
00196d257a508c9010f64ddcaec879e3

SHA1
2172b296be0f9fecd8c5428ad0c0c56e121abab2

SHA256
55db1a43d1a9b9271e9209c39d995c1e710b396aa5264ebe4747b8e32799cfd2

SHA512
b95205375de8ba75585150e9e679e526ab0464525941a719005bb8a2cd74fb41a693742e73eae5b5cc4f15065044ecf4d7fddec7016211590d6b5dde382f8abd

Download Submit
C:\Windows\SysWOW64\Bcoenmao.exe

Filesize
138KB

MD5
b869400a1499bd7373daf4224a079d60

SHA1
0f37cb8ecb58bdb20875a6443ae4adc35067daef

SHA256
c319b3d82782a76dc58ae43a38a615cff1e5a0b690d4bdafcb0e46e7e691a8e2

SHA512
38d0a227e0d797e900800cce87c9cbb21472351d5dd38b86144f1a2c2e3afaca75fbe47e26adc0db003ab57dc63222d151640e923642539a4c70d972acd62461

Download Submit
C:\Windows\SysWOW64\Bcoenmao.exe

Filesize
138KB

MD5
b869400a1499bd7373daf4224a079d60

SHA1
0f37cb8ecb58bdb20875a6443ae4adc35067daef

SHA256
c319b3d82782a76dc58ae43a38a615cff1e5a0b690d4bdafcb0e46e7e691a8e2

SHA512
38d0a227e0d797e900800cce87c9cbb21472351d5dd38b86144f1a2c2e3afaca75fbe47e26adc0db003ab57dc63222d151640e923642539a4c70d972acd62461

Download Submit
C:\Windows\SysWOW64\Bdjinlko.dll

Filesize
7KB

MD5
329135b43230c5ed3e4c06329e0d9100

SHA1
45d74e4c1da7ec5793df606ece801d571be8315f

SHA256
5d380235a485393c1da01878dfbce8b3e1cb1a909284b0a3791d499988057e95

SHA512
3527501c138108def7ef4fc1ade61a876a146cba280194108d2e03fe3b496022c4b5f3ce844d17aba77a92738bd1e0ee705178700c011f4eae5f598341d4f586

Download Submit
C:\Windows\SysWOW64\Bfabnjjp.exe

Filesize
138KB

MD5
8b2e8fcc674eb99e46bd83483f597b22

SHA1
b6392bd77dc63d6f61811087818bc3ccf0337f42

SHA256
7cd3f102953e6778556be9d9ba93a30ee42574f220ccf25314da2a1ed9c05a74

SHA512
f35011ba2e466e1a4250c51a076254118d4c62fc2d1cd676c94013fbbd786bb1a3d44d1fb4bfd1c6d9464c5839efc6644839c225af045a6661ee4662840e2bd4

Download Submit
C:\Windows\SysWOW64\Bfabnjjp.exe

Filesize
138KB

MD5
8b2e8fcc674eb99e46bd83483f597b22

SHA1
b6392bd77dc63d6f61811087818bc3ccf0337f42

SHA256
7cd3f102953e6778556be9d9ba93a30ee42574f220ccf25314da2a1ed9c05a74

SHA512
f35011ba2e466e1a4250c51a076254118d4c62fc2d1cd676c94013fbbd786bb1a3d44d1fb4bfd1c6d9464c5839efc6644839c225af045a6661ee4662840e2bd4

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
138KB

MD5
38f6bc389d2e153eba3a55284da5492d

SHA1
803a3960e0b80fc64f740d901d87df97f4b808ab

SHA256
70751ff31f0485a757f02727899c99c8de016d3b16f149d4203d0351642cb4d9

SHA512
ee3158cab702202c050fa869a7f0e5b0130af992ad554ac5cc4cd018bb75ee912158b752dcbf6c323e3a2574b63dcdccb7723f3e420be8ba9755d3e380a78999

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
138KB

MD5
38f6bc389d2e153eba3a55284da5492d

SHA1
803a3960e0b80fc64f740d901d87df97f4b808ab

SHA256
70751ff31f0485a757f02727899c99c8de016d3b16f149d4203d0351642cb4d9

SHA512
ee3158cab702202c050fa869a7f0e5b0130af992ad554ac5cc4cd018bb75ee912158b752dcbf6c323e3a2574b63dcdccb7723f3e420be8ba9755d3e380a78999

Download Submit
C:\Windows\SysWOW64\Bgehcmmm.exe

Filesize
138KB

MD5
50fa4aee8f9f299b49493fb976edc7d8

SHA1
dd84fa6126cc1a0012cad5f53c496f7c1110be4e

SHA256
53efa884996d45f7b01d855690750ed5667fa6ad1bf96e10c8088b9ab42730ea

SHA512
05bf2db3ba08a745f3f96a11e0ac725cce441ba92f3b2b38bbe043d21559b8d60f6cc8f55e78a22db77da83d052d7794989de7b7ee293043f811ef4b363e045d

Download Submit
C:\Windows\SysWOW64\Bgehcmmm.exe

Filesize
138KB

MD5
50fa4aee8f9f299b49493fb976edc7d8

SHA1
dd84fa6126cc1a0012cad5f53c496f7c1110be4e

SHA256
53efa884996d45f7b01d855690750ed5667fa6ad1bf96e10c8088b9ab42730ea

SHA512
05bf2db3ba08a745f3f96a11e0ac725cce441ba92f3b2b38bbe043d21559b8d60f6cc8f55e78a22db77da83d052d7794989de7b7ee293043f811ef4b363e045d

Download Submit
C:\Windows\SysWOW64\Bhhdil32.exe

Filesize
138KB

MD5
aaccf8635ef6dd5c882d32cb2aa281dc

SHA1
8a60d454f5b1f16a6c281f35f4f5a1587f4bb782

SHA256
cf4d6940485e6caff91cbc74277d9fada01a252dbeb8d4766f2dec69c586e155

SHA512
9ee87950358b0b2bf0f65aa071715c500abdd53a1717bbd4cafac8b9cf34a4e626142e3920b36788d0a46d25a83558ae46d89f655152f1bd13b7888c9626a08d

Download Submit
C:\Windows\SysWOW64\Bhhdil32.exe

Filesize
138KB

MD5
aaccf8635ef6dd5c882d32cb2aa281dc

SHA1
8a60d454f5b1f16a6c281f35f4f5a1587f4bb782

SHA256
cf4d6940485e6caff91cbc74277d9fada01a252dbeb8d4766f2dec69c586e155

SHA512
9ee87950358b0b2bf0f65aa071715c500abdd53a1717bbd4cafac8b9cf34a4e626142e3920b36788d0a46d25a83558ae46d89f655152f1bd13b7888c9626a08d

Download Submit
C:\Windows\SysWOW64\Bmngqdpj.exe

Filesize
138KB

MD5
23230a5f7b98ca1e6400f059ed5bd398

SHA1
c31d2db26936fc9edd1c462eba435c4e835b26c1

SHA256
49ae123671685e1ff9382a1bfc5a4a403f49de19018884070ffbf85b3fc394ec

SHA512
a7d85640ed0584c7320f995a47f5aac8524c1ad3b3b886c7988cb52454d6f38e6b762cb68bb823e38981f1a9aeff9e3e123b10d43135aae3a394f34c137cc488

Download Submit
C:\Windows\SysWOW64\Bmngqdpj.exe

Filesize
138KB

MD5
23230a5f7b98ca1e6400f059ed5bd398

SHA1
c31d2db26936fc9edd1c462eba435c4e835b26c1

SHA256
49ae123671685e1ff9382a1bfc5a4a403f49de19018884070ffbf85b3fc394ec

SHA512
a7d85640ed0584c7320f995a47f5aac8524c1ad3b3b886c7988cb52454d6f38e6b762cb68bb823e38981f1a9aeff9e3e123b10d43135aae3a394f34c137cc488

Download Submit
C:\Windows\SysWOW64\Bmpcfdmg.exe

Filesize
138KB

MD5
d9d9d6577a01cf9b16e1b4d9cce42031

SHA1
e7df846ab6cc01f4bc381f9835d0463b4ee2cad5

SHA256
a1b3fda9ae2f1f08eb863be0c0c2054fce84a4a3771cdf97e613769268f26dc4

SHA512
12920ec04a457dd41fb617695727858bc3f317718e8cd02ff252377c8688c782fefb16e08b5983e6749234f8c0460720e686934f50720ce0479dbb104862f064

Download Submit
C:\Windows\SysWOW64\Bmpcfdmg.exe

Filesize
138KB

MD5
d9d9d6577a01cf9b16e1b4d9cce42031

SHA1
e7df846ab6cc01f4bc381f9835d0463b4ee2cad5

SHA256
a1b3fda9ae2f1f08eb863be0c0c2054fce84a4a3771cdf97e613769268f26dc4

SHA512
12920ec04a457dd41fb617695727858bc3f317718e8cd02ff252377c8688c782fefb16e08b5983e6749234f8c0460720e686934f50720ce0479dbb104862f064

Download Submit
C:\Windows\SysWOW64\Cdcoim32.exe

Filesize
138KB

MD5
3d21743d5763d6022b3174f446933fd9

SHA1
c50e6023db85d8fc4054d4030877bf3fd176a813

SHA256
38b0cbe912ee22faa8da6df67537a6058d66cab58400f14b3382f63e461e6a75

SHA512
e4a9b98b7220449571dc64574633448f89dbf5d8c8d0e98e752101fcc5645a0e921c9671f0f8b91784a5f14fccd0af6eda5d77e9aff6f2971688500456683f49

Download Submit
C:\Windows\SysWOW64\Cdcoim32.exe

Filesize
138KB

MD5
3d21743d5763d6022b3174f446933fd9

SHA1
c50e6023db85d8fc4054d4030877bf3fd176a813

SHA256
38b0cbe912ee22faa8da6df67537a6058d66cab58400f14b3382f63e461e6a75

SHA512
e4a9b98b7220449571dc64574633448f89dbf5d8c8d0e98e752101fcc5645a0e921c9671f0f8b91784a5f14fccd0af6eda5d77e9aff6f2971688500456683f49

Download Submit
C:\Windows\SysWOW64\Ceehho32.exe

Filesize
138KB

MD5
995b910cacdfee81105e6568fad57f3e

SHA1
dd563a4254563561046a4abd37be704c9bc408c7

SHA256
4fc5b573e13456bdc410d9c9fc173889afe2978c71b36b215d464ff393d557ad

SHA512
e954c6e98c18463fc545e62e2c6f71e5e583fc4dbafa476c22fba68b2d1f04869c0ab1df2086969a1d96835a6f46155561790915404d117c6673e9bb6a238450

Download Submit
C:\Windows\SysWOW64\Ceehho32.exe

Filesize
138KB

MD5
995b910cacdfee81105e6568fad57f3e

SHA1
dd563a4254563561046a4abd37be704c9bc408c7

SHA256
4fc5b573e13456bdc410d9c9fc173889afe2978c71b36b215d464ff393d557ad

SHA512
e954c6e98c18463fc545e62e2c6f71e5e583fc4dbafa476c22fba68b2d1f04869c0ab1df2086969a1d96835a6f46155561790915404d117c6673e9bb6a238450

Download Submit
C:\Windows\SysWOW64\Cfbkeh32.exe

Filesize
138KB

MD5
e9f35176077598a7a381e755bf867992

SHA1
2df5f3ddeb0037177feb16445043ba4af8644bed

SHA256
a18d9a17fa865c03260f78ad6acff09b6cfcb44747cb3d478f82f7fd05e81d7c

SHA512
5e04357590720108637b439811d1889cbe0ce71f4b362c68a6b170b6f6a605590a6cebddfda325dc88050a31c3904e2b15c294f8477a5a4bde306780e7971704

Download Submit
C:\Windows\SysWOW64\Cfbkeh32.exe

Filesize
138KB

MD5
e9f35176077598a7a381e755bf867992

SHA1
2df5f3ddeb0037177feb16445043ba4af8644bed

SHA256
a18d9a17fa865c03260f78ad6acff09b6cfcb44747cb3d478f82f7fd05e81d7c

SHA512
5e04357590720108637b439811d1889cbe0ce71f4b362c68a6b170b6f6a605590a6cebddfda325dc88050a31c3904e2b15c294f8477a5a4bde306780e7971704

Download Submit
C:\Windows\SysWOW64\Chmndlge.exe

Filesize
138KB

MD5
3a0ef66a8083a691424683d2d84a6a19

SHA1
fbde5112af64858f759aeda19212938ba8c101d3

SHA256
4be9f692833590046c171d58f3b09397f58aaa6c0ab0d61b26cd5df86323dcca

SHA512
d7897a2356a11d4124646a3abeada54bf0acec6a39785f96ff3ef87f4e72455478847540e6c2810cfd493e880a194daba0faa8601389a0be92e7f72bf4eb5ba9

Download Submit
C:\Windows\SysWOW64\Chmndlge.exe

Filesize
138KB

MD5
3a0ef66a8083a691424683d2d84a6a19

SHA1
fbde5112af64858f759aeda19212938ba8c101d3

SHA256
4be9f692833590046c171d58f3b09397f58aaa6c0ab0d61b26cd5df86323dcca

SHA512
d7897a2356a11d4124646a3abeada54bf0acec6a39785f96ff3ef87f4e72455478847540e6c2810cfd493e880a194daba0faa8601389a0be92e7f72bf4eb5ba9

Download Submit
C:\Windows\SysWOW64\Cjpckf32.exe

Filesize
138KB

MD5
a0a5711edb5fb85a2731884cea9ab61c

SHA1
1f88786d40dc53127d8d3d9cef592aeaa3d99770

SHA256
8b73c9519d33e759b80a7147cb0eb1febc11e572c7173e93bc7455ae90291595

SHA512
0ae3ae0af624d3547ca82f6b2b1aad23b85148979294349211bde88d09f91de3ecf305467b7ae70f6c149aab9c9572b37191451fece2e0f2f68bc55672e01585

Download Submit
C:\Windows\SysWOW64\Cjpckf32.exe

Filesize
138KB

MD5
a0a5711edb5fb85a2731884cea9ab61c

SHA1
1f88786d40dc53127d8d3d9cef592aeaa3d99770

SHA256
8b73c9519d33e759b80a7147cb0eb1febc11e572c7173e93bc7455ae90291595

SHA512
0ae3ae0af624d3547ca82f6b2b1aad23b85148979294349211bde88d09f91de3ecf305467b7ae70f6c149aab9c9572b37191451fece2e0f2f68bc55672e01585

Download Submit
C:\Windows\SysWOW64\Danecp32.exe

Filesize
138KB

MD5
9faa7d8e24760d4deba50ab1b5d139d7

SHA1
1d465061142b84134c3ee4cd7cbee9c28f60975a

SHA256
221387df2970d1a90fae2b4d1d8b8ac942956050482852955b37ea7850c6b50d

SHA512
72b50a32633870729aa3e193f2340d0e23da76054d3eb8a5707c308efeac20be3db8be803cecf2da51c4f73b8f84c1ca4c8b61fbff3507b15db728db6ae92b01

Download Submit
C:\Windows\SysWOW64\Danecp32.exe

Filesize
138KB

MD5
9faa7d8e24760d4deba50ab1b5d139d7

SHA1
1d465061142b84134c3ee4cd7cbee9c28f60975a

SHA256
221387df2970d1a90fae2b4d1d8b8ac942956050482852955b37ea7850c6b50d

SHA512
72b50a32633870729aa3e193f2340d0e23da76054d3eb8a5707c308efeac20be3db8be803cecf2da51c4f73b8f84c1ca4c8b61fbff3507b15db728db6ae92b01

Download Submit
C:\Windows\SysWOW64\Dmbbhkjf.exe

Filesize
138KB

MD5
3d052f9f73cca6187277d9401fc48f89

SHA1
757ab8955085170d472d8bb7e0ad3d1c1f2d1e2b

SHA256
0fa5737956614cc7442cdfe7f13ea47e86bd6e07092fd11c828f133b4083891c

SHA512
27c923f7d1b42e95bc55ab0b49fd7783d3bc23a9e7e68bf2e1a32fa3dfa9cdd67aacfb8c51ca9fe5235057a74699ef51b05e2968115285220580f9403ea80dbc

Download Submit
C:\Windows\SysWOW64\Dmdhcddh.exe

Filesize
138KB

MD5
b566374904d483d6214b2578888a69c5

SHA1
216e81830a6f6f34d98ca7370d68284cd694303e

SHA256
b45b3ad03421deb99a993eed52a427366dd8e30e135b2c31be09d56056c9148f

SHA512
2948f2114af99155cea5f77a2c59cefd555aef6862b6a151ba2a186cfefe5b8abb3e23b6b9af140d4468141fc5e6a3815679aec5a28851ec9312973d9ba1315a

Download Submit
C:\Windows\SysWOW64\Eciplm32.exe

Filesize
138KB

MD5
9d4b1b239612b4645cae167538558395

SHA1
6de456ad87cd28af349ea76ec03afcdd7d3ab7eb

SHA256
fd759b3cb6c665587e783bbd22e042ac1c80225d76dafd61fc4f405290728a71

SHA512
d8df9d45f2d515e394e501737985176cf025766a423f0541e6f7285e29e01221bce1ec0660d265f6189d634ac7b54c856405f9345586021f63567ac48168eeb7

Download Submit
C:\Windows\SysWOW64\Emoinpcd.exe

Filesize
138KB

MD5
688fa91d9a3c6cb02620f40da43a32f0

SHA1
58666239c2fde98ba5672fdf8d031362f00ff63d

SHA256
16548a48bede9d7c5e3c8dfea230f78920f7106ecf453dfe66487d8db428c3b1

SHA512
487d76d114a7a9694c432fef8c12830c1f88c80b7e4897eb0437e2a5ea4c7a1afea9b5be6768d8d3c44d0c3e9991b377e9f9eeeb45c377bdd91b77ba21465550

Download Submit
C:\Windows\SysWOW64\Eqgmmk32.exe

Filesize
138KB

MD5
7be52d4b122326a7c1289d1de46cf42f

SHA1
751de187a49abc12ebd5ddceab2f1e0b414c6dd4

SHA256
ebe3da3f091d73134b7bcaf03bd91c4d8442d0313790e422e31302e071502c29

SHA512
ce6f61b3e41921ede4ec7b8385abbf000536c102b8452d1e4c764c3b49fe234077aa91cbe8901fa0d6f7e306bd5c5580540794cebd8fb1a9eb44617aca5e461f

Download Submit
C:\Windows\SysWOW64\Fbfcmhpg.exe

Filesize
138KB

MD5
8fc2eea5d046148ada85804054338862

SHA1
97fa76fc2986c0190331ddcbfa59ab002d02e59e

SHA256
7dc5c0a1ba30b229f918f358fdb3a29c8f0251e745538419a76c1561e972e075

SHA512
86a1aac21c8117a61bfae37bfb7ae2f00c5d2031b4404be5168e3123c619125eef1fc7d0096beeaa3bc024b4440f89f3262e3b325de66a0fa921567f524e0f7b

Download Submit
C:\Windows\SysWOW64\Fhdohp32.exe

Filesize
138KB

MD5
9b4edf921ab44b7638315122942702fd

SHA1
531ea3ebcdb5945c93fae6c0ab1edd0af70d9a68

SHA256
811a33ebf8ed33c939222b615e90f1d5cf3a1cb359bdfff2db1bd80d94520ea8

SHA512
cd3baf6b1b11cc462ee9eb166d4f071cd4c21dbaae82b4aab4d2045cfda494a950745a21189d22e582312a7deaf241cfc778a8132b95cdc8e2bda9684becb056

Download Submit
C:\Windows\SysWOW64\Fqfojblo.exe

Filesize
138KB

MD5
d27d3e895d3b0eb9c5a0392a1647316e

SHA1
0b210c5f9899f5cd11dc73325c13e22ec3f30079

SHA256
979a65a06dcdc12443d9b27966bb37b66143563481f7ae5c45ca3d305c977ff8

SHA512
7876becc6ac5adc3c27b535f383be811a83c92e25d2bcbed62362833f0a00c8a90f458bf8da128025754e33e3ca33fa53658214dd64bb9231e7c242c0b69da7d

Download Submit
C:\Windows\SysWOW64\Gddbcp32.exe

Filesize
138KB

MD5
9953e3cedb73de8b3befd5421a6f1cba

SHA1
b82b5a5fd285f0ccfa68f11c9e697bf71985a842

SHA256
07e81e82ad8779f73ca79af70584f942ff88b0985fde7adc1133da2c381b38ee

SHA512
769f36359ba3d138f98c81d8941a783c1767d170118f46cc8c9c7f73e7d4473c5ac87a58f797cbeef58170087750a0eeaa5341ef52384a4dfa3199fc5696434c

Download Submit
C:\Windows\SysWOW64\Glgcbf32.exe

Filesize
138KB

MD5
9e5f101f1213ded083f7c4b94790dff6

SHA1
dff11342b34bcd016e08997acc751634cd1545d9

SHA256
fdb8edaf5d72c83cedd69888649b7620e242a917754378334bd17a6f8cc9636b

SHA512
08c983dfd23adecf1b9a3c1b2cc5ccbb5fdb1647cff2658388a2659834675a900b832e2d2203565a236142bc78d716415766905597b94f7bcdfd1e900ae6ead8

Download Submit
C:\Windows\SysWOW64\Gpfjma32.exe

Filesize
138KB

MD5
eced89655cfcb840a8ea06c7839fea27

SHA1
30c6703f05de1e119042a918944d79ccd6fb4e92

SHA256
38191bac4b6f6bd2afd51f1f39278b02500eaf54f5ed8fc3830322cee0470a92

SHA512
355ee1334b7f556a7378faeeb1de49b5fcaa93e1a90b086c1896b4b29d1a1f316b689030cbfd7c31b832b67f635f5918ffe0cb04a9b7db8f182001b76b71f8d1

Download Submit
C:\Windows\SysWOW64\Gpnmbl32.exe

Filesize
138KB

MD5
260b124ca15d88fca3ef5d668c0ecf64

SHA1
2847018102c5616a09055dc59bb71b211131855c

SHA256
97aee7bb1d59abdb1ddd5252c1b847b37a58f902ae548d22475d97a1c4ce6dc4

SHA512
e29a192c9d3c32adccc6fca37215282ec6a2e731dde18b49d5ac9a1fa8bd52d36710729e57611fce027b720b6d258aa2a7980f60e9b8d1d760cc59d38bb6088a

Download Submit
C:\Windows\SysWOW64\Hemdlj32.exe

Filesize
138KB

MD5
0c3e18cc31733896175232b8d4edc6f2

SHA1
88f431449c06b2e56465b509c1fd951cd492fc43

SHA256
766e2bae79844c318fcf357cb5f3c8755c674fc11b89fcd1a2c93da81b849750

SHA512
94707a9cf0ab9a6cf1b437c34711ed04b34623bf2e7c493776da7e9cb611da48ef640ade724d9ac801cb6514a8133f95371d7141fff8bf2ef005a9992fd1740c

Download Submit
C:\Windows\SysWOW64\Hfklhhcl.exe

Filesize
138KB

MD5
7ee858c702667fc25af79260637aa70f

SHA1
9de852020fbc82c227d5104d2a7e0fb461ee201d

SHA256
4a00e8083cba55afc217f15f0a61867a9d0d25b8b3ff74c98fe47c2f4c7d6145

SHA512
b59e53ca04f025762b4edaff80f15cd7b82fe8e9c8f68c6400485248f667a9daf801afcc8922854bbf140da667d3a15132e1cec17de0e17dcffca914acc59d8a

Download Submit
C:\Windows\SysWOW64\Hkfglb32.exe

Filesize
138KB

MD5
a607aeb544e855f1e72e6f3aac47d8a3

SHA1
f7137873cbe35aba8f87a985a60889023adb57ca

SHA256
376d3bc7b85b05646f58eaeab1d04fb29e792790b43e54dd426c9d94282508a9

SHA512
ab3f1d8f370261d17b139f19001ae682779b9ceb74a433683196174882aad443a49e852538b510f97632df190dbdbdc6b8ba392c079350b67a0523d3779ddcd8

Download Submit
C:\Windows\SysWOW64\Hninbj32.exe

Filesize
64KB

MD5
d48459e470baf3fa2a4317d90c9ff2e5

SHA1
44afa41cac469615cb28a7d077526b3a7aab93ac

SHA256
a5ec9eae2ab02e1aa51e77350c12d7004f88e23d26232fe997df5db21d41f1b5

SHA512
b10fa62d129d8f5b39144f41d5f136ba797a94163297acdb07825e8385ec56a04468b1c5d22bd3c9a212d574ae1b22636ef784e3322ccfc6186d52773da97eaf

Download Submit
C:\Windows\SysWOW64\Ibobdqid.exe

Filesize
138KB

MD5
3f1f99451cfe9dca73fe1dcd335874e3

SHA1
8dd6f51d69eafb99469395d4a3d14dfd06d57239

SHA256
00e0e70e6e414ff2413dd0911c81aaad2c32bdaf09b48b90aeb62d04dcbc0f14

SHA512
edbde5ec18a07ae4fd7fbc7462e715c9f368f6dcd0308f309cf64504f298b32c074875f11fa833ec28e931bcc0ceb18eb9f34e1042dfe6eee8aa6113a3adaf8e

Download Submit
C:\Windows\SysWOW64\Jbiejoaj.exe

Filesize
138KB

MD5
8289718225155b9acde3c9d3786eece8

SHA1
c8fb8dadf151e153baf3b6fa338c69b287a10e2b

SHA256
0c12909a09b5c1010b22a1d7eaedc07337d2af65206d8f06fd5d561c71614a1b

SHA512
dde939c29c604fdd32f6c6d24c68640b0c501e067ee14c8f01689f92300faef60459cd303b71ad555da85da7ed9de320a5ff35e5482057c422ced567dc792851

Download Submit
C:\Windows\SysWOW64\Jdbhkk32.exe

Filesize
138KB

MD5
5aa254990b87c3431725caebc79a1fd7

SHA1
7cfe1c79bd072892b5b3d442785bfbe972114b9b

SHA256
3315eb5585f98617f15afdc0605d0169d5c109d062e306b091757c583cdceb1a

SHA512
fe7f3e7e8590152ab7fe7f95c5ce9f1c86487661d1da1d613f7f529a4d3cc8bb1562049fb8f1acaffee2f548fa54c8b5a7e97f5d03194393a1467dc9162a23c8

Download Submit
C:\Windows\SysWOW64\Jlfpdh32.exe

Filesize
138KB

MD5
f77afe103067f0e0c01b323dfa1d0dd3

SHA1
d66fb4c255ea7e0b37c80caa7c880b413ec12938

SHA256
537d41d1cc124e65bbd2e27ba1535b1db7cfb3b1a8ddb0e59f0426d18b3e083d

SHA512
4d523439ed363a0fefeb30ee729519ac20623b443e7ffd9e2c3bde769dcd45ff90a22a18b6ce1f2801b67a6502b6381e7bc323e4fe1004db2715f6181a278768

Download Submit
C:\Windows\SysWOW64\Jlhljhbg.exe

Filesize
128KB

MD5
758d108a5e234c5e2cf8f4bc08053002

SHA1
99ada51974041693b5afe96af775bb0598cf57c0

SHA256
bb731066054d6745c1737e0c081535e97ecf7a655a1f0e590628bc18711e23a2

SHA512
6229d4fb980a274de696a2fd4abde08631fbcf91c64e662054e97674fae51e80234a1305bc0ce4948a9ed4378c6c31aa1359e10554120ae9ef6c71ad34518781

Download Submit
C:\Windows\SysWOW64\Jnlbojee.exe

Filesize
138KB

MD5
7ecc78fa1b0be3b3059c8ff6f7c0f39a

SHA1
69c1cad4fdd26b3faca9f0451b0a788896b90bbd

SHA256
4ecd23352c0da298585c63931c50b46b4f925b2212bbb90e57199e2b19be6b6e

SHA512
82e52508eb6c9d8b3baf72b6f2ee9a0fb44ec0250cff5a12967c4a8e3a798c4fdb6c9b53264b791fd64b7b50bf954ec88fc14deeb163b9cf2906fab9e3950e03

Download Submit
C:\Windows\SysWOW64\Kamjda32.exe

Filesize
138KB

MD5
84be110a0a249c97d7391721899f244c

SHA1
f1c121c1b132c9f90671186c1ca04a60fb728e3a

SHA256
7337ddc44c664bb29c6f17a63d72a7bb016008d8589a510895f0493938853625

SHA512
1abad9d5f082e0bd674f67fe7b8125c043c71c4ee21078122742aae87bfe11647c3632e2115a485e89d59a375b78a8336ecd3ffca811d51fab8e8bdb3b07ddbd

Download Submit
C:\Windows\SysWOW64\Keonap32.exe

Filesize
138KB

MD5
2f1eff28620f7c060431f5a64abb0cef

SHA1
5caa2a3806e0afa1433d0c04601492d34742e94c

SHA256
85e9eced99aadec10db0518eacf904d5d64a5c34c89167aeeb991aae76185cc5

SHA512
5ff02df2787c6ad2e2a8cf982db9e2ca519b0f11a8253d5be177da161f962ce452cf5f8f7344cd1a82db7fa69ed2f839e935a9336cb5727323d1aa983709fb76

Download Submit
C:\Windows\SysWOW64\Kndojobi.exe

Filesize
138KB

MD5
12435c2618f461bed22b96e5d75a8320

SHA1
db1d33d145d9685c7aa00096bd660556eba98b88

SHA256
8f324b2a30fbac5d6614884a588c41ec3357b28cedf9d4a93bb86620723e87be

SHA512
332f8027633cca81dece930cf02f54343aa20946ec09cefa3495d28487e111f6d41e1b6585615705f18f93ac5ac2bbe10c9bb05dc31de4e85373be056fdcd2d3

Download Submit
C:\Windows\SysWOW64\Lbjelc32.exe

Filesize
138KB

MD5
587abeea7582d70178c0e537c6c44651

SHA1
1c2a50b1359b79119773dbc27afc07fa6e2bab20

SHA256
0dd482be70eeb2a2fe71aeaa1a02b03694575c9a6f4ac8240d2463d89b7df19e

SHA512
63b742590f277d5510615b1624c864aea0f1a2a16466852c57c3e7d1b45c2e92d8736f6af2c780a7fe961198ef10df3657829f519b5cb43d12f830854fe2e331

Download Submit
C:\Windows\SysWOW64\Lcdciiec.exe

Filesize
138KB

MD5
1c2ba49316dec183594a8894d245a56d

SHA1
f0973ec3ccca881ab37fc49250d689af509ea96b

SHA256
8f5d89569fb38d9a53ed04bdb3e035bc47e2145f66a2ce1c387c6be5f41daa20

SHA512
c861076d3b7c4b7e7b6d253feeadfe2c49ff8054bf11e1fe04185b573761c352ca5119b8ffa24f93341a5961746b8421808225caeceb9f34b4e8f64d11636886

Download Submit
C:\Windows\SysWOW64\Lijlof32.exe

Filesize
138KB

MD5
21ce8dac853e48c76e99c9b0b0c910ff

SHA1
ec5ec1a0689fecec6726104812cb05c4d2cf170f

SHA256
c199aa110f67587e8f45c281464989333cc916439da8dd1518c9585392a44899

SHA512
cd00553a86a918e3ee4d7504628d7e52cbc81d6bfd14b59972f29c42854258aaa9d4fba23602a5777afabf8268d96648aab327c54747c69b09ed5659817e8388

Download Submit
C:\Windows\SysWOW64\Lndagg32.exe

Filesize
138KB

MD5
c0df9ed74cd409ad0851d7df7cf75cb0

SHA1
c0a0ab233d23e056bd3d63e29c056a0264d8755f

SHA256
c1ac311fe70ca119c2893a9061de62dad05b3646383f84e2b4b4da39a2e3be8a

SHA512
cbc5d2cb282f63cee5a44463f1b857c506088181ca3bf92869c0ad39f730f752acc7f27a0e425d9028ebfc38aab24af06b7fd1c7d6ba71163d1574cc6ee0e2e1

Download Submit
C:\Windows\SysWOW64\Loglacfo.exe

Filesize
138KB

MD5
584d47040a2778ad4311110d91bbab53

SHA1
3448eae2b5dc1adce7d8a383b7dcf9b16eb23393

SHA256
f83a3a3208d40a5284c2c4e53b3704d294176e4153381db9c92c982ce227bdd2

SHA512
91c273d9f7594ba1f1402c988aa524d85ae14c62069804e9a3f81e94b514803c8a72b2a7c74583e7233458c2709492240997e4b182d47bcaa61efe3feebee6c9

Download Submit
C:\Windows\SysWOW64\Mgnlkfal.exe

Filesize
138KB

MD5
01719e968708e066634fda4c0380aa30

SHA1
07c4964746bd83f4b800e95940fdb5a12d4cc9fd

SHA256
b73c13e436d903a0a4e8f7603f59e5ec1df8363c712c892bcfc8f579d1809e56

SHA512
05219b8634966d84733915c29989d0df6374ddaf1a034b0bb44a19c995d7b325e8dc51eeb85c803cc32303c180c201f87c3c59fbf01ead04f60c53ed7e2c0e9a

Download Submit
C:\Windows\SysWOW64\Mjbogmdb.exe

Filesize
138KB

MD5
0d94b5f613f31d03820238ae2ac20975

SHA1
42d5ccdc8e101d7178a21a7fd19bb6ab8b330c80

SHA256
88bcccab1c87ae016fe67d322fa593ef10a667bfca9fc36e07f65c8c728eb0c7

SHA512
36f5f8862da4cf6e82d6b5cc9c11f01bce583bfc196c4c055dbf3a3a4e4be83ea5f3967004f493dfeeac60878fcf833614ecbef5737e05b091103444e6526cea

Download Submit
C:\Windows\SysWOW64\Mleoafmn.exe

Filesize
138KB

MD5
a3f92ed5acb295d8dcd56c0844719338

SHA1
e6b68402d78e21282f6eb1d4dcf195ecd8243cdf

SHA256
e0b44c5c3b77b75fe51b4176991f9673909ffba79d7a569c332572b99a5865e5

SHA512
39b4b54818e38e4fae1282974467abd23a7ccfd1c27d34eafdfb3fe278b3f3fc2d83c6b4dec6fc85ea32838fb81a0f04909046299bc962a30f83179e121f32be

Download Submit
C:\Windows\SysWOW64\Mmbanbmg.exe

Filesize
138KB

MD5
db9e3e081ea8af25c665e72698d8ff5c

SHA1
52dc099e83b2fb98e9aa75633cc313a457514707

SHA256
886ac3c464418d632a768f466d3cb263f6a427f6c18c3a971b4845b73ff153f3

SHA512
6cd592ef8888db6ec3dffb4d72bb32cd16cdf326748e31974cac371a3da7b4beed5b051007d1ec9030447ed95dbf940b97549fc37939f95353c859b0df601f96

Download Submit
C:\Windows\SysWOW64\Nbnlaldg.exe

Filesize
138KB

MD5
f43608ed089b6606fd8482c6341673d7

SHA1
fa8a24b0c11ed152577723e8500e6f34a3d95886

SHA256
470f67be7d8556504c1a366e83df91d21b0b22d848fde61256d34f7fe237b8eb

SHA512
39586eb832fbde62349ffadd8f9dbf3ba705568afc44e4abfca1a95722dc780542f83234b3ac925eae260c979b17ca52cf8c2a881b43bcc01a66dfa6c0bf241e

Download Submit
C:\Windows\SysWOW64\Nhmeapmd.exe

Filesize
138KB

MD5
9f63f2a3564a0f552ff24510fb449214

SHA1
a656e12d185fbbfeda63fb8721d3bb1e5a21c602

SHA256
261479ea58d985e6bed2a485610f9b4da5fcb8e08e9d913884438bab01b967db

SHA512
3342b2bf5e629dfd154081f91352eb0caef979c6f3f21a6fdd35a4c1b86fc1391a2c0400a77643f0ebb83cb5cd6da9bc46d1bc142388523693cb4c481d063b40

Download Submit
C:\Windows\SysWOW64\Ocgmpccl.exe

Filesize
138KB

MD5
109a8951288f5b59987c9966e692b126

SHA1
f17fcf0903301eaa0412e90dbc20a626ea50678a

SHA256
e8f6d0077fc4468bdc20129e7fe375806f8efdfc36a6a9cd25c7c3d879c9ea1c

SHA512
c1913bb52213035688ce96e2c1a10e4fa47e7695dd311deaade219016467091fb77fb4adb3493b613febb5893c03b385f1cd8691e48a4236e4027f218ee3d95a

Download Submit
C:\Windows\SysWOW64\Ocgmpccl.exe

Filesize
138KB

MD5
109a8951288f5b59987c9966e692b126

SHA1
f17fcf0903301eaa0412e90dbc20a626ea50678a

SHA256
e8f6d0077fc4468bdc20129e7fe375806f8efdfc36a6a9cd25c7c3d879c9ea1c

SHA512
c1913bb52213035688ce96e2c1a10e4fa47e7695dd311deaade219016467091fb77fb4adb3493b613febb5893c03b385f1cd8691e48a4236e4027f218ee3d95a

Download Submit
C:\Windows\SysWOW64\Ogpmjb32.exe

Filesize
138KB

MD5
a59f9c8b9b99d53ddbc73e745b1874d3

SHA1
527c1103f59871cd185a5061e293e17fa1d42a9a

SHA256
ac48d89ac59e56d592bf0458a984cc036100aec84b24bbd10198e52210504c59

SHA512
f0810f40f72aa302204bee9234b24076583c98ccb889dcfc477083fa3186fe3d899836a21c2c60b13a7c092ac786e744048e87505d09dbff8c5f0edaf444590d

Download Submit
C:\Windows\SysWOW64\Ogpmjb32.exe

Filesize
138KB

MD5
a59f9c8b9b99d53ddbc73e745b1874d3

SHA1
527c1103f59871cd185a5061e293e17fa1d42a9a

SHA256
ac48d89ac59e56d592bf0458a984cc036100aec84b24bbd10198e52210504c59

SHA512
f0810f40f72aa302204bee9234b24076583c98ccb889dcfc477083fa3186fe3d899836a21c2c60b13a7c092ac786e744048e87505d09dbff8c5f0edaf444590d

Download Submit
C:\Windows\SysWOW64\Ojaelm32.exe

Filesize
138KB

MD5
47a6ca1b3acc30f95f8694411b2c7735

SHA1
d25452d96f8ce7d5298b76b2a074f4d6fa3dc673

SHA256
3c47b819822b0424228924e1b2749b9052feeb0e888e63ef6b793f733f37434f

SHA512
be87e30889bdf9201b5ab9b394dc4c5b4db8307a07bcac0dd56620b32a3e1a4607ae597ac08946a40b0aea268e5d3fe8fb2bd325f7ea9bb43b7047ce11a70f71

Download Submit
C:\Windows\SysWOW64\Ojaelm32.exe

Filesize
138KB

MD5
47a6ca1b3acc30f95f8694411b2c7735

SHA1
d25452d96f8ce7d5298b76b2a074f4d6fa3dc673

SHA256
3c47b819822b0424228924e1b2749b9052feeb0e888e63ef6b793f733f37434f

SHA512
be87e30889bdf9201b5ab9b394dc4c5b4db8307a07bcac0dd56620b32a3e1a4607ae597ac08946a40b0aea268e5d3fe8fb2bd325f7ea9bb43b7047ce11a70f71

Download Submit
C:\Windows\SysWOW64\Okjnnj32.exe

Filesize
138KB

MD5
1d765d7a00b08fb92525096cc46e80bc

SHA1
39c7d08c61f03490a78b2f92d6a94f9532d3ff86

SHA256
d52cbfb5fe100883f9b4c686f32e10fc0a316bf9eff03d6294aa413816f0be0c

SHA512
375f4712d35c0da0c0443f0fffc13ebe7cd11a048a16b25ea54f2eac5b792f74582511c1f18a6efd939760c6789e67d0f4770f9d94cc70ad5b305e9575b9021d

Download Submit
C:\Windows\SysWOW64\Onjegled.exe

Filesize
138KB

MD5
eb4b334a169cf5375cd792ce2cbdb57a

SHA1
f199a56311f5daaebb7a8bbf5aac3fdaf7110a31

SHA256
0d762959d9fe833a11164652f35a03cec1942377dcde49c190c9ebccd8eca680

SHA512
81559edf5b0c3d51f0f3ed4ac1e320dd1ba823facb16819dfc93e622ae24047e7c67cacdf1d3bdbb248815b2218b86827bdde4d8b82038deb3e6bc7e967bfc9a

Download Submit
C:\Windows\SysWOW64\Onjegled.exe

Filesize
138KB

MD5
eb4b334a169cf5375cd792ce2cbdb57a

SHA1
f199a56311f5daaebb7a8bbf5aac3fdaf7110a31

SHA256
0d762959d9fe833a11164652f35a03cec1942377dcde49c190c9ebccd8eca680

SHA512
81559edf5b0c3d51f0f3ed4ac1e320dd1ba823facb16819dfc93e622ae24047e7c67cacdf1d3bdbb248815b2218b86827bdde4d8b82038deb3e6bc7e967bfc9a

Download Submit
C:\Windows\SysWOW64\Pakdbp32.exe

Filesize
138KB

MD5
1777d8382e0c5abf05d4f232ce2508c6

SHA1
7522c019462fcc4c0779cb5fb3b2a8e44abe80d1

SHA256
5689afd92bed1ab37bda55e2b99da93718c8fee9bcc0a550fafb459abdfeda57

SHA512
cda5308b733de9ed1619b97c1c2ade337005a304cd0a85661ef4617882a78b3ebe1d57ab87482dc3e8318973d4f1d48f7046f5ce6581ddfacfd391a4f301e0ac

Download Submit
C:\Windows\SysWOW64\Pcppfaka.exe

Filesize
138KB

MD5
59d6eb7ae42645a6045dc810d9caa6c5

SHA1
299d980948451cfa7a6e6b9e290b2543c7b3b5d3

SHA256
e42cf95a16fc05f50da508ee3e32a024d7739d9e1963dfa3733ca4df343b3ca9

SHA512
39348c327ff485d6f2771de995f06075010bd393fff864dad234a7d3d963c9002680d7e9f3360cb027914bd5cde89b1c226cbb21c2663ef7cb19a81e8c704343

Download Submit
C:\Windows\SysWOW64\Pcppfaka.exe

Filesize
138KB

MD5
59d6eb7ae42645a6045dc810d9caa6c5

SHA1
299d980948451cfa7a6e6b9e290b2543c7b3b5d3

SHA256
e42cf95a16fc05f50da508ee3e32a024d7739d9e1963dfa3733ca4df343b3ca9

SHA512
39348c327ff485d6f2771de995f06075010bd393fff864dad234a7d3d963c9002680d7e9f3360cb027914bd5cde89b1c226cbb21c2663ef7cb19a81e8c704343

Download Submit
C:\Windows\SysWOW64\Pdfjifjo.exe

Filesize
138KB

MD5
e442da582ebe768a55a4fab07b9e99d6

SHA1
2521787a8f26d0aca29276ca7ea117ad3b7c4109

SHA256
96b1830564aab9200bc4f1d36800bda59cdbb55806ac6f4be0904ca97c71e2d2

SHA512
dd430dea375d20a4475e5fad5d0611887907178a4d42df48fe3bfb5b29d42c66238c31cd2d023fd45f23575dfc294eaf44bed666d12fba615d3646a57a7e0067

Download Submit
C:\Windows\SysWOW64\Pdfjifjo.exe

Filesize
138KB

MD5
e442da582ebe768a55a4fab07b9e99d6

SHA1
2521787a8f26d0aca29276ca7ea117ad3b7c4109

SHA256
96b1830564aab9200bc4f1d36800bda59cdbb55806ac6f4be0904ca97c71e2d2

SHA512
dd430dea375d20a4475e5fad5d0611887907178a4d42df48fe3bfb5b29d42c66238c31cd2d023fd45f23575dfc294eaf44bed666d12fba615d3646a57a7e0067

Download Submit
C:\Windows\SysWOW64\Pedlgbkh.exe

Filesize
138KB

MD5
5383ecaed9cc446514c666a0bd1cf358

SHA1
6a89292a48b4cc3d5081e569966d3d9c76f115b0

SHA256
875fa889e8cb4d117d214d61a52b9d36e1c4c7087004a76d82cf71293f0c9b77

SHA512
7614ac1eb998693b1542cbdc9bd8a2a04d677b0684cd3048ab2e63814d2e818ab71914d168915546d69ba60afdeadbe551f635d0dd703e480463b69fcb4175b5

Download Submit
C:\Windows\SysWOW64\Pfaigm32.exe

Filesize
138KB

MD5
8ad9e3685fd0ee39a9e26801745c5864

SHA1
b42c4cb872c367b8627456568fc5b21cc12d5013

SHA256
c2bd080cf9b91453b374829d9136dbc57248eeba4615878c69e5b65c226f7e9c

SHA512
76e17faae6718c029b18ca789aae8a330f319a3d7a6f86e49a8ad757d95d167338b1f2c4e097f5b92395f58412873d900a080e550c47febb3dc2d98ce7e60402

Download Submit
C:\Windows\SysWOW64\Pfaigm32.exe

Filesize
138KB

MD5
8ad9e3685fd0ee39a9e26801745c5864

SHA1
b42c4cb872c367b8627456568fc5b21cc12d5013

SHA256
c2bd080cf9b91453b374829d9136dbc57248eeba4615878c69e5b65c226f7e9c

SHA512
76e17faae6718c029b18ca789aae8a330f319a3d7a6f86e49a8ad757d95d167338b1f2c4e097f5b92395f58412873d900a080e550c47febb3dc2d98ce7e60402

Download Submit
C:\Windows\SysWOW64\Pfhfan32.exe

Filesize
138KB

MD5
23b89f86872e8c56e96fc19bfcfea019

SHA1
a6838c009cb7b49d3a2d9b1d590a42114ae1ce1a

SHA256
df6a4331065964a05d8acccb8f0c34f0fc9d54409910cae772c039dfb873bf05

SHA512
4282c85f7e6e10bacfe6fa53fda360ccc22433c4c2ae7071a1cb3a4581390444f479c8265ce533890eb41923ceaf8a6960cf42de65b96635bdb148e3ae612b7d

Download Submit
C:\Windows\SysWOW64\Pfhfan32.exe

Filesize
138KB

MD5
23b89f86872e8c56e96fc19bfcfea019

SHA1
a6838c009cb7b49d3a2d9b1d590a42114ae1ce1a

SHA256
df6a4331065964a05d8acccb8f0c34f0fc9d54409910cae772c039dfb873bf05

SHA512
4282c85f7e6e10bacfe6fa53fda360ccc22433c4c2ae7071a1cb3a4581390444f479c8265ce533890eb41923ceaf8a6960cf42de65b96635bdb148e3ae612b7d

Download Submit
C:\Windows\SysWOW64\Pfjcgn32.exe

Filesize
138KB

MD5
5ee7ea7c9abcdc561f5326b283880977

SHA1
b50aafffc8be84125f2c984a6735e07c4c8ba7a3

SHA256
8ba33ce374c3bfea11a6998cb6a41d2ee7c6bc3eeef128e70d40828d30fd26de

SHA512
3c7278d9cabff7cf86af2469886ae6ba23b717a27e854519407faafc2746a10ea8ae722f8ed7d75fcc4fd79b68ebc8f24c3e35778ad42edcaf9527ff83a9fa0f

Download Submit
C:\Windows\SysWOW64\Pfjcgn32.exe

Filesize
138KB

MD5
5ee7ea7c9abcdc561f5326b283880977

SHA1
b50aafffc8be84125f2c984a6735e07c4c8ba7a3

SHA256
8ba33ce374c3bfea11a6998cb6a41d2ee7c6bc3eeef128e70d40828d30fd26de

SHA512
3c7278d9cabff7cf86af2469886ae6ba23b717a27e854519407faafc2746a10ea8ae722f8ed7d75fcc4fd79b68ebc8f24c3e35778ad42edcaf9527ff83a9fa0f

Download Submit
C:\Windows\SysWOW64\Pflplnlg.exe

Filesize
138KB

MD5
ad277976bad4ad668a1ff6ed0b76a1c0

SHA1
4f56f348b5f9ff3eb22a73eabe54b031f36fec68

SHA256
6bcfc8a843bf6376e7d3155b3b5c015b8687529a8331c4aef81c777643b9a264

SHA512
1b7e485a73f4eba315d61f7b7f6b530c33958547359329fc1b3e2a13d9a2f50a62308dc3feec8ea8e30656f74b2c363d5ba99c92ce143ccbc1d5a5e78afd7a0a

Download Submit
C:\Windows\SysWOW64\Pflplnlg.exe

Filesize
138KB

MD5
ad277976bad4ad668a1ff6ed0b76a1c0

SHA1
4f56f348b5f9ff3eb22a73eabe54b031f36fec68

SHA256
6bcfc8a843bf6376e7d3155b3b5c015b8687529a8331c4aef81c777643b9a264

SHA512
1b7e485a73f4eba315d61f7b7f6b530c33958547359329fc1b3e2a13d9a2f50a62308dc3feec8ea8e30656f74b2c363d5ba99c92ce143ccbc1d5a5e78afd7a0a

Download Submit
C:\Windows\SysWOW64\Pjjhbl32.exe

Filesize
138KB

MD5
d7809b2222c993664215ad48a54e1659

SHA1
e6ba68c6ec7a62876e0fb0e7a0a3a599989090d7

SHA256
dc3ddd078060aaacd25b45dc3c6c2e0204456e56a6b1d45faec25bba7f6b43d2

SHA512
7a63cc1901cae1bca6e70ce34ff82ef1bc0c4eb20f34d7a970f3a0a0a72aecc772d932acb45a67bf6b280589978232b55de23b831dd8a8889db67dd4f167febf

Download Submit
C:\Windows\SysWOW64\Pjjhbl32.exe

Filesize
138KB

MD5
d7809b2222c993664215ad48a54e1659

SHA1
e6ba68c6ec7a62876e0fb0e7a0a3a599989090d7

SHA256
dc3ddd078060aaacd25b45dc3c6c2e0204456e56a6b1d45faec25bba7f6b43d2

SHA512
7a63cc1901cae1bca6e70ce34ff82ef1bc0c4eb20f34d7a970f3a0a0a72aecc772d932acb45a67bf6b280589978232b55de23b831dd8a8889db67dd4f167febf

Download Submit
C:\Windows\SysWOW64\Pkhjph32.exe

Filesize
138KB

MD5
1d7ce01f979e1522a1bd64ebced6081d

SHA1
2f7ea7c517fcd42192b23d361673b69e8b8e4f50

SHA256
5728b1490ba4c10779c8dba1d39b420b70e2d4e6653292743aedf743cafa2f5a

SHA512
1bad22887ebb12c92c555e55e25865f7923bd83aec8ce30558dc9d12ed28de9359fa9708ca62f77147a812df39af0cb9c6638c0cd9976e96bf73fb185c1c4934

Download Submit
C:\Windows\SysWOW64\Pmannhhj.exe

Filesize
138KB

MD5
ca916ef838eed59973efc5bce11e2cbe

SHA1
2bf5147444f1740dda304be8678990ee919c74ae

SHA256
8637a358099489c5e04e2bf6555ae45b1ffd30ab10fea29f76ae9a80884c4598

SHA512
00a2cf476ff5ef81457e4b15cf02ac6478c8e3b925c6f754e4345b00f4a48948ef90d8f2b9cbd723593733dbb0e11e61a8abfc66a013e6131896608515cd2b88

Download Submit
C:\Windows\SysWOW64\Pmannhhj.exe

Filesize
138KB

MD5
ca916ef838eed59973efc5bce11e2cbe

SHA1
2bf5147444f1740dda304be8678990ee919c74ae

SHA256
8637a358099489c5e04e2bf6555ae45b1ffd30ab10fea29f76ae9a80884c4598

SHA512
00a2cf476ff5ef81457e4b15cf02ac6478c8e3b925c6f754e4345b00f4a48948ef90d8f2b9cbd723593733dbb0e11e61a8abfc66a013e6131896608515cd2b88

Download Submit
C:\Windows\SysWOW64\Pqbala32.exe

Filesize
138KB

MD5
85e8424ad22bb7b77fb87c632db12cbb

SHA1
0abfee7a9aa6af5e0e73d1609764cafdacc19ef6

SHA256
dfa086c66a930a0a9411a647da400113a2382b06e3eb0da46fe9e22ff3121311

SHA512
28183c3eb6c45763a53fa167572d21a9075bce7f727bcae79de6d4a7661a0c3985a11ae58c5fd68b59d11045132889e17c29ee98306734d4777513257c646a56

Download Submit
C:\Windows\SysWOW64\Qgqeappe.exe

Filesize
138KB

MD5
1af73859cd964375fc18182524178e07

SHA1
3fd7d6355a79f89f31d4ee6067da5ddcf94566df

SHA256
13ccc93fd85f23b657df1141e50e5bbbfe4618e85522eb1c7589376d089eba22

SHA512
a22eaad4ac55e6c44fdc7a6c15741e7549f7bfeef732552704938815b9cca9081fb2d88e47ba96a97fe4cb430c2ccf5a28a50ef471b47a2942ab48010b315ce2

Download Submit
C:\Windows\SysWOW64\Qgqeappe.exe

Filesize
138KB

MD5
1af73859cd964375fc18182524178e07

SHA1
3fd7d6355a79f89f31d4ee6067da5ddcf94566df

SHA256
13ccc93fd85f23b657df1141e50e5bbbfe4618e85522eb1c7589376d089eba22

SHA512
a22eaad4ac55e6c44fdc7a6c15741e7549f7bfeef732552704938815b9cca9081fb2d88e47ba96a97fe4cb430c2ccf5a28a50ef471b47a2942ab48010b315ce2

Download Submit
C:\Windows\SysWOW64\Qlggjk32.exe

Filesize
138KB

MD5
22807442ff9f6f45adeb770d76cc0f15

SHA1
f67937e45244567ad9143be96eaef64ffd2c60f8

SHA256
7f09facaa062c2da8ed7f60293e63767aa337546e102a6f9a6859094148f9909

SHA512
c6023195dcde7cacf6a0529f80f4197a3fdd6493dd3efe8216906b0913313028def5984d1096ce8b127d31a682b130aff10f235f185791f6483ce1a79320ba22

Download Submit
C:\Windows\SysWOW64\Qmkadgpo.exe

Filesize
138KB

MD5
63ab7bc9bd69106874973e8ae2350565

SHA1
8e2ec1167a070d8ac7dba0c16a807891237872ca

SHA256
94e1417c83df38002829fd775b7947fabfa95fa70f51d3e8070866acb964c14f

SHA512
bc73b0b722d8febba50a8a8ec737722d83c39d906631874b7a0add5052c8ade1fff1d1d8c7ba6578e3f9207b48459f19d5862d0ab066998331baa3f55a76a18f

Download Submit
C:\Windows\SysWOW64\Qmkadgpo.exe

Filesize
138KB

MD5
63ab7bc9bd69106874973e8ae2350565

SHA1
8e2ec1167a070d8ac7dba0c16a807891237872ca

SHA256
94e1417c83df38002829fd775b7947fabfa95fa70f51d3e8070866acb964c14f

SHA512
bc73b0b722d8febba50a8a8ec737722d83c39d906631874b7a0add5052c8ade1fff1d1d8c7ba6578e3f9207b48459f19d5862d0ab066998331baa3f55a76a18f

Download Submit
C:\Windows\SysWOW64\Qmmnjfnl.exe

Filesize
138KB

MD5
6180cc2354e182a8ba2d6419c6a6d617

SHA1
242cef89dc05b7a9e30a3db7ab3d9646aff61ad3

SHA256
ea6af6c5732d6e7f7b2f227c02cd6238b98c9dd65f5087bb2396fe53840d541c

SHA512
b5beb77ade29f6e2ccb56645a592ab88c067533883b0193823c039d4de474152137e8e2f6996cf022148c904945c77395c8024f1b9dd6c70f4282f66b519d0c9

Download Submit
C:\Windows\SysWOW64\Qmmnjfnl.exe

Filesize
138KB

MD5
6180cc2354e182a8ba2d6419c6a6d617

SHA1
242cef89dc05b7a9e30a3db7ab3d9646aff61ad3

SHA256
ea6af6c5732d6e7f7b2f227c02cd6238b98c9dd65f5087bb2396fe53840d541c

SHA512
b5beb77ade29f6e2ccb56645a592ab88c067533883b0193823c039d4de474152137e8e2f6996cf022148c904945c77395c8024f1b9dd6c70f4282f66b519d0c9

Download Submit
memory/208-262-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/220-388-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/396-103-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/400-369-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/780-334-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/840-63-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/868-436-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/924-199-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/928-280-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/952-24-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1112-80-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1240-286-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1248-56-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1276-418-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1316-268-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1324-71-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1336-255-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1340-406-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1436-322-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1660-151-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1832-96-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1992-412-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1996-231-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2072-430-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2144-376-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2176-239-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2224-207-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2324-112-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2352-168-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2384-352-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2432-40-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2524-48-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2544-32-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2576-316-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2600-159-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2604-304-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2864-175-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3004-143-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3064-375-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3104-424-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3260-344-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3292-215-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3352-119-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3392-16-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3408-442-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3496-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3612-224-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3628-328-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3704-127-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3712-292-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3772-87-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3916-298-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3952-191-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4140-387-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4220-183-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4296-274-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4304-310-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4316-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4456-135-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4564-400-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4716-346-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4804-363-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4808-247-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5000-394-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads