138971513a3255603fb6d4e71baedb98c8b968e49e186b1d0bb334a67664f76d

Analysis

max time kernel
115s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

108da1d1ee0bd51e13dcd1cb02df5fda.exe
Size

80KB
MD5

108da1d1ee0bd51e13dcd1cb02df5fda
SHA1

218b66629ba5cc73deecc1be1853059b78abdd75
SHA256

138971513a3255603fb6d4e71baedb98c8b968e49e186b1d0bb334a67664f76d
SHA512

073819f04ae09106b3b8dc98c1670d9e854669c2368ab625d20e146e20c662e1d0613c5b2a249769372e600c9c6e3cc7bd6c48748b6dd98b93ebe0b4bf7d6e8d
SSDEEP

1536:UzJRI9150jAWSMmnHWcK5YMkhohBE8VGh:Ec1SjAxn2c2UAEQGh

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Npgabc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pdhkcb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Likcilhh.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lgpoihnl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmfeidbe.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ohlimd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bmbiamhi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Igedlh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lacdmh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hbhijepa.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Oejbfmpg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iefgbh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hbdjchgn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aaoaic32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Moipoh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jfgdkd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ocamjm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kkfcndce.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mbighjdd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Pojcjh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jehhaaci.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nhpiafnm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Gphgbafl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gknkpjfb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Qcclld32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hlcjhkdp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ilmmni32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Inlihl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jkkjmlan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Npiiffqe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Onocomdo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dojqjdbl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mjlhgaqp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Oalipoiq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Boeebnhp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aokkahlo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hienlpel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cgndoeag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Hdokdg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jlmfeg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Alelqb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Boeebnhp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mmkdcm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Qjiipk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Keonap32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bjodjb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dhjckcgi.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gaefgd32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pojcjh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dcigeooj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Phfjcf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Llipehgk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Lbngllob.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Inlihl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Naecop32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ojbacd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Jokkgl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ejflhm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dmbbhkjf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nccokk32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dpkmal32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mhgfkg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Kjffdalb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Mnmdme32.exe

Executes dropped EXE 64 IoCs

pid	Process
4320	Anfmjhmd.exe
1700	Agoabn32.exe
1144	Bfdodjhm.exe
3784	Baicac32.exe
712	Bgcknmop.exe
564	Bcjlcn32.exe
224	Bmbplc32.exe
3248	Bmemac32.exe
3368	Chjaol32.exe
1472	Cjinkg32.exe
1640	Cabfga32.exe
1576	Cjkjpgfi.exe
3584	Chokikeb.exe
1052	Cagobalc.exe
5064	Cfdhkhjj.exe
4788	Cajlhqjp.exe
448	Cjbpaf32.exe
4128	Dhhnpjmh.exe
3876	Dmefhako.exe
1724	Ddonekbl.exe
3240	Dkifae32.exe
3392	Deokon32.exe
1436	Dogogcpo.exe
3352	Dddhpjof.exe
3612	Edfdej32.exe
940	Ekpmbddq.exe
4464	Ehdmlhcj.exe
4988	Emaedo32.exe
2876	Eopbnbhd.exe
5024	Edmjfifl.exe
5044	Eobocb32.exe
2572	Ehkclgmb.exe
4808	Emhldnkj.exe
3300	Hkckeo32.exe
5060	Hfipbh32.exe
3228	Hoadkn32.exe
1964	Hfklhhcl.exe
3700	Hkhdqoac.exe
4948	Hnfamjqg.exe
2228	Hdpiid32.exe
4148	Hbdjchgn.exe
3172	Hhnbpb32.exe
3400	Inkjhi32.exe
3528	Idebdcdo.exe
4316	Ikokan32.exe
3264	Ibicnh32.exe
4008	Idgojc32.exe
1608	Ikaggmii.exe
3144	Ibkpcg32.exe
652	Ighhln32.exe
1864	Ifihif32.exe
4548	Ikfabm32.exe
4124	Ibpiogmp.exe
4324	Igmagnkg.exe
5132	Jngjch32.exe
5176	Jkkjmlan.exe
5216	Jbdbjf32.exe
5252	Jgakbm32.exe
5296	Jbgoof32.exe
5336	Jiaglp32.exe
5376	Jnnpdg32.exe
5416	Jehhaaci.exe
5456	Jgfdmlcm.exe
5496	Jnpmjf32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Enhodk32.dll	Ahpmjejp.exe
File opened for modification	C:\Windows\SysWOW64\Eokqkh32.exe	Emmdom32.exe
File created	C:\Windows\SysWOW64\Fnipgg32.dll	Maggnali.exe
File created	C:\Windows\SysWOW64\Ickglm32.exe	Iplkpa32.exe
File created	C:\Windows\SysWOW64\Oaplqh32.exe	Onapdl32.exe
File created	C:\Windows\SysWOW64\Pipeabep.dll	Caageq32.exe
File created	C:\Windows\SysWOW64\Jgakbm32.exe	Jbdbjf32.exe
File opened for modification	C:\Windows\SysWOW64\Aopmfk32.exe	Ajcdnd32.exe
File created	C:\Windows\SysWOW64\Gdoihpbk.exe	Gmeakf32.exe
File created	C:\Windows\SysWOW64\Cgaiiq32.dll	Hkfglb32.exe
File created	C:\Windows\SysWOW64\Qfghnikc.dll	Ljobpiql.exe
File created	C:\Windows\SysWOW64\Klahfp32.exe	Kjblje32.exe
File opened for modification	C:\Windows\SysWOW64\Pmlfqh32.exe	Pjmjdm32.exe
File created	C:\Windows\SysWOW64\Cagobalc.exe	Chokikeb.exe
File opened for modification	C:\Windows\SysWOW64\Moobbb32.exe	Mhdjehhj.exe
File opened for modification	C:\Windows\SysWOW64\Oafcqcea.exe	Olijhmgj.exe
File created	C:\Windows\SysWOW64\Icfekc32.exe	Ilmmni32.exe
File created	C:\Windows\SysWOW64\Jdbbeh32.dll	Bgnkhg32.exe
File opened for modification	C:\Windows\SysWOW64\Mhoipb32.exe	Meamcg32.exe
File created	C:\Windows\SysWOW64\Lgqfdnah.exe	Kqfngd32.exe
File created	C:\Windows\SysWOW64\Ncqlkemc.exe	Nqbpojnp.exe
File created	C:\Windows\SysWOW64\Mhgfkg32.exe	Mffjcopi.exe
File opened for modification	C:\Windows\SysWOW64\Fmnkkg32.exe	Fmlneg32.exe
File opened for modification	C:\Windows\SysWOW64\Hkeaqi32.exe	Hpomcp32.exe
File created	C:\Windows\SysWOW64\Jpcapp32.exe	Jmeede32.exe
File opened for modification	C:\Windows\SysWOW64\Aqkpeopg.exe	Afelhf32.exe
File opened for modification	C:\Windows\SysWOW64\Ajbmdn32.exe	Afgacokc.exe
File created	C:\Windows\SysWOW64\Kikdcj32.dll	Mnmdme32.exe
File created	C:\Windows\SysWOW64\Gpccpg32.dll	Pcicklnn.exe
File created	C:\Windows\SysWOW64\Dinmhkke.exe	Dhlpqc32.exe
File created	C:\Windows\SysWOW64\Gbfnjgdn.dll	Phonha32.exe
File created	C:\Windows\SysWOW64\Oocddono.exe	Oigllh32.exe
File opened for modification	C:\Windows\SysWOW64\Fhflnpoi.exe	Fpodlbng.exe
File created	C:\Windows\SysWOW64\Dqnmlj32.dll	Iklgah32.exe
File opened for modification	C:\Windows\SysWOW64\Aodogdmn.exe	Ajggomog.exe
File opened for modification	C:\Windows\SysWOW64\Meiioonj.exe	Mmbanbmg.exe
File opened for modification	C:\Windows\SysWOW64\Nlcalieg.exe	Meiioonj.exe
File created	C:\Windows\SysWOW64\Odoogi32.exe	Ojgjndno.exe
File created	C:\Windows\SysWOW64\Lcgpni32.exe	Llmhaold.exe
File created	C:\Windows\SysWOW64\Kgknhl32.exe	Kbnepe32.exe
File created	C:\Windows\SysWOW64\Fpcqcp32.dll	Gdafnpqh.exe
File created	C:\Windows\SysWOW64\Lijlof32.exe	Lacdmh32.exe
File created	C:\Windows\SysWOW64\Oifeab32.exe	Oblmdhdo.exe
File opened for modification	C:\Windows\SysWOW64\Knhakh32.exe	Kgninn32.exe
File opened for modification	C:\Windows\SysWOW64\Dfiildio.exe	Dmadco32.exe
File created	C:\Windows\SysWOW64\Fechomko.exe	Fnipbc32.exe
File opened for modification	C:\Windows\SysWOW64\Jekqmhia.exe	Jcmdaljn.exe
File opened for modification	C:\Windows\SysWOW64\Jbdbjf32.exe	Jkkjmlan.exe
File created	C:\Windows\SysWOW64\Amjjnh32.dll	Nimbkc32.exe
File opened for modification	C:\Windows\SysWOW64\Nmkmjjaa.exe	Ngndaccj.exe
File opened for modification	C:\Windows\SysWOW64\Akccap32.exe	Aajohjon.exe
File created	C:\Windows\SysWOW64\Ifolcq32.dll	Mqafhl32.exe
File created	C:\Windows\SysWOW64\Hgddbm32.dll	Ajbmdn32.exe
File opened for modification	C:\Windows\SysWOW64\Acmobchj.exe	Akffafgg.exe
File created	C:\Windows\SysWOW64\Bfendmoc.exe	Bmlilh32.exe
File created	C:\Windows\SysWOW64\Ecgamkhq.dll	Igdnabjh.exe
File created	C:\Windows\SysWOW64\Amhfkopc.exe	Aglnbhal.exe
File created	C:\Windows\SysWOW64\Kaedkn32.dll	Ljilqnlm.exe
File opened for modification	C:\Windows\SysWOW64\Igdnabjh.exe	Idfaefkd.exe
File created	C:\Windows\SysWOW64\Bkamodje.dll	Bogkmgba.exe
File created	C:\Windows\SysWOW64\Dcnqpo32.exe	Dihlbf32.exe
File created	C:\Windows\SysWOW64\Dmhand32.exe	Djjebh32.exe
File created	C:\Windows\SysWOW64\Iemlnm32.dll	Ggahedjn.exe
File opened for modification	C:\Windows\SysWOW64\Idfaefkd.exe	Inlihl32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5552	6892	WerFault.exe	856

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mqpdko32.dll"	Cofnik32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Obfohnkk.dll"	Ogpepl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ginnfgop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ngbjmd32.dll"	Pahilmoc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pfhkccfn.dll"	Jnpmjf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Lppbkgcj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aboncdme.dll"	Hpdfnolo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ijegcm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Icpkgc32.dll"	Hmechmip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jcbiffko.dll"	Kkeldnpi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nokpod32.dll"	Ickglm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jnchkf32.dll"	Iahlcaol.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gajaoo32.dll"	Fllkqn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mcdibc32.dll"	Cglbhhga.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jkkjmlan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jgfdmlcm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Egacbb32.dll"	Ijegcm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Klcekpdo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dpnbog32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Enabbk32.dll"	Ecefqnel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Oigllh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pjbkgfej.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mogqfgka.dll"	Bmbplc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cjinkg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mjhedo32.dll"	Hhnbpb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ikaggmii.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ijikdfig.dll"	Agdcpkll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hlohlk32.dll"	Aaoaic32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jhijep32.dll"	Cdbpgl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nbcqiope.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dmalne32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Caojpaij.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Knlleepl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hgkkkcbc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Akffafgg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ijcjmmil.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ebgpad32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jghdlf32.dll"	Dfhjkabi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jnpfop32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kjhloj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nccokk32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	108da1d1ee0bd51e13dcd1cb02df5fda.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gpbkpm32.dll"	Dcigeooj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Gmeakf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Pocfpf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Chokikeb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hlmjfa32.dll"	Dmpfbk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ebejfk32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Iplkpa32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nlqomd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Akoqpg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hjhgac32.dll"	Phincl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Jnelok32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Oibqpk32.dll"	Njpdnedf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hhnbpb32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Olgncmim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Kkhpdcab.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nliaao32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bnoknihb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Hkckeo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Gaefgd32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Akoqpg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Qfkqjmdg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nbklhm32.dll"	Jnpfop32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4320	2044	108da1d1ee0bd51e13dcd1cb02df5fda.exe	94
PID 2044 wrote to memory of 4320	2044	108da1d1ee0bd51e13dcd1cb02df5fda.exe	94
PID 2044 wrote to memory of 4320	2044	108da1d1ee0bd51e13dcd1cb02df5fda.exe	94
PID 4320 wrote to memory of 1700	4320	Anfmjhmd.exe	95
PID 4320 wrote to memory of 1700	4320	Anfmjhmd.exe	95
PID 4320 wrote to memory of 1700	4320	Anfmjhmd.exe	95
PID 1700 wrote to memory of 1144	1700	Agoabn32.exe	97
PID 1700 wrote to memory of 1144	1700	Agoabn32.exe	97
PID 1700 wrote to memory of 1144	1700	Agoabn32.exe	97
PID 1144 wrote to memory of 3784	1144	Bfdodjhm.exe	98
PID 1144 wrote to memory of 3784	1144	Bfdodjhm.exe	98
PID 1144 wrote to memory of 3784	1144	Bfdodjhm.exe	98
PID 3784 wrote to memory of 712	3784	Baicac32.exe	99
PID 3784 wrote to memory of 712	3784	Baicac32.exe	99
PID 3784 wrote to memory of 712	3784	Baicac32.exe	99
PID 712 wrote to memory of 564	712	Bgcknmop.exe	100
PID 712 wrote to memory of 564	712	Bgcknmop.exe	100
PID 712 wrote to memory of 564	712	Bgcknmop.exe	100
PID 564 wrote to memory of 224	564	Bcjlcn32.exe	101
PID 564 wrote to memory of 224	564	Bcjlcn32.exe	101
PID 564 wrote to memory of 224	564	Bcjlcn32.exe	101
PID 224 wrote to memory of 3248	224	Bmbplc32.exe	102
PID 224 wrote to memory of 3248	224	Bmbplc32.exe	102
PID 224 wrote to memory of 3248	224	Bmbplc32.exe	102
PID 3248 wrote to memory of 3368	3248	Bmemac32.exe	103
PID 3248 wrote to memory of 3368	3248	Bmemac32.exe	103
PID 3248 wrote to memory of 3368	3248	Bmemac32.exe	103
PID 3368 wrote to memory of 1472	3368	Chjaol32.exe	104
PID 3368 wrote to memory of 1472	3368	Chjaol32.exe	104
PID 3368 wrote to memory of 1472	3368	Chjaol32.exe	104
PID 1472 wrote to memory of 1640	1472	Cjinkg32.exe	105
PID 1472 wrote to memory of 1640	1472	Cjinkg32.exe	105
PID 1472 wrote to memory of 1640	1472	Cjinkg32.exe	105
PID 1640 wrote to memory of 1576	1640	Cabfga32.exe	106
PID 1640 wrote to memory of 1576	1640	Cabfga32.exe	106
PID 1640 wrote to memory of 1576	1640	Cabfga32.exe	106
PID 1576 wrote to memory of 3584	1576	Cjkjpgfi.exe	107
PID 1576 wrote to memory of 3584	1576	Cjkjpgfi.exe	107
PID 1576 wrote to memory of 3584	1576	Cjkjpgfi.exe	107
PID 3584 wrote to memory of 1052	3584	Chokikeb.exe	108
PID 3584 wrote to memory of 1052	3584	Chokikeb.exe	108
PID 3584 wrote to memory of 1052	3584	Chokikeb.exe	108
PID 1052 wrote to memory of 5064	1052	Cagobalc.exe	109
PID 1052 wrote to memory of 5064	1052	Cagobalc.exe	109
PID 1052 wrote to memory of 5064	1052	Cagobalc.exe	109
PID 5064 wrote to memory of 4788	5064	Cfdhkhjj.exe	110
PID 5064 wrote to memory of 4788	5064	Cfdhkhjj.exe	110
PID 5064 wrote to memory of 4788	5064	Cfdhkhjj.exe	110
PID 4788 wrote to memory of 448	4788	Cajlhqjp.exe	111
PID 4788 wrote to memory of 448	4788	Cajlhqjp.exe	111
PID 4788 wrote to memory of 448	4788	Cajlhqjp.exe	111
PID 448 wrote to memory of 4128	448	Cjbpaf32.exe	113
PID 448 wrote to memory of 4128	448	Cjbpaf32.exe	113
PID 448 wrote to memory of 4128	448	Cjbpaf32.exe	113
PID 4128 wrote to memory of 3876	4128	Dhhnpjmh.exe	114
PID 4128 wrote to memory of 3876	4128	Dhhnpjmh.exe	114
PID 4128 wrote to memory of 3876	4128	Dhhnpjmh.exe	114
PID 3876 wrote to memory of 1724	3876	Dmefhako.exe	115
PID 3876 wrote to memory of 1724	3876	Dmefhako.exe	115
PID 3876 wrote to memory of 1724	3876	Dmefhako.exe	115
PID 1724 wrote to memory of 3240	1724	Ddonekbl.exe	116
PID 1724 wrote to memory of 3240	1724	Ddonekbl.exe	116
PID 1724 wrote to memory of 3240	1724	Ddonekbl.exe	116
PID 3240 wrote to memory of 3392	3240	Dkifae32.exe	117

C:\Users\Admin\AppData\Local\Temp\108da1d1ee0bd51e13dcd1cb02df5fda.exe
"C:\Users\Admin\AppData\Local\Temp\108da1d1ee0bd51e13dcd1cb02df5fda.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\Anfmjhmd.exe
  C:\Windows\system32\Anfmjhmd.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Windows\SysWOW64\Agoabn32.exe
    C:\Windows\system32\Agoabn32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1700
  - - C:\Windows\SysWOW64\Bfdodjhm.exe
      C:\Windows\system32\Bfdodjhm.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1144
    - - C:\Windows\SysWOW64\Baicac32.exe
        
        C:\Windows\system32\Baicac32.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3784
      - C:\Windows\SysWOW64\Bgcknmop.exe
        
        C:\Windows\system32\Bgcknmop.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:712
        
        C:\Windows\SysWOW64\Bcjlcn32.exe
        
        C:\Windows\system32\Bcjlcn32.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:564
        
        C:\Windows\SysWOW64\Bmbplc32.exe
        
        C:\Windows\system32\Bmbplc32.exe
        8⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:224
        
        C:\Windows\SysWOW64\Bmemac32.exe
        
        C:\Windows\system32\Bmemac32.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3248
        
        C:\Windows\SysWOW64\Chjaol32.exe
        
        C:\Windows\system32\Chjaol32.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3368
        
        C:\Windows\SysWOW64\Cjinkg32.exe
        
        C:\Windows\system32\Cjinkg32.exe
        11⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1472
        
        C:\Windows\SysWOW64\Cabfga32.exe
        
        C:\Windows\system32\Cabfga32.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        C:\Windows\SysWOW64\Cjkjpgfi.exe
        
        C:\Windows\system32\Cjkjpgfi.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        C:\Windows\SysWOW64\Chokikeb.exe
        
        C:\Windows\system32\Chokikeb.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3584
        
        C:\Windows\SysWOW64\Cagobalc.exe
        
        C:\Windows\system32\Cagobalc.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1052
        
        C:\Windows\SysWOW64\Cfdhkhjj.exe
        
        C:\Windows\system32\Cfdhkhjj.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        C:\Windows\SysWOW64\Cajlhqjp.exe
        
        C:\Windows\system32\Cajlhqjp.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4788
        
        C:\Windows\SysWOW64\Cjbpaf32.exe
        
        C:\Windows\system32\Cjbpaf32.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:448
        
        C:\Windows\SysWOW64\Dhhnpjmh.exe
        
        C:\Windows\system32\Dhhnpjmh.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4128
        
        C:\Windows\SysWOW64\Dmefhako.exe
        
        C:\Windows\system32\Dmefhako.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3876
        
        C:\Windows\SysWOW64\Ddonekbl.exe
        
        C:\Windows\system32\Ddonekbl.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1724
        
        C:\Windows\SysWOW64\Dkifae32.exe
        
        C:\Windows\system32\Dkifae32.exe
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3240
        
        C:\Windows\SysWOW64\Deokon32.exe
        
        C:\Windows\system32\Deokon32.exe
        23⤵
        Executes dropped EXE
        
        PID:3392
        
        C:\Windows\SysWOW64\Dogogcpo.exe
        
        C:\Windows\system32\Dogogcpo.exe
        24⤵
        Executes dropped EXE
        
        PID:1436
        
        C:\Windows\SysWOW64\Dddhpjof.exe
        
        C:\Windows\system32\Dddhpjof.exe
        25⤵
        Executes dropped EXE
        
        PID:3352
        
        C:\Windows\SysWOW64\Edfdej32.exe
        
        C:\Windows\system32\Edfdej32.exe
        26⤵
        Executes dropped EXE
        
        PID:3612
        
        C:\Windows\SysWOW64\Ekpmbddq.exe
        
        C:\Windows\system32\Ekpmbddq.exe
        27⤵
        Executes dropped EXE
        
        PID:940
        
        C:\Windows\SysWOW64\Ehdmlhcj.exe
        
        C:\Windows\system32\Ehdmlhcj.exe
        28⤵
        Executes dropped EXE
        
        PID:4464
        
        C:\Windows\SysWOW64\Emaedo32.exe
        
        C:\Windows\system32\Emaedo32.exe
        29⤵
        Executes dropped EXE
        
        PID:4988
        
        C:\Windows\SysWOW64\Eopbnbhd.exe
        
        C:\Windows\system32\Eopbnbhd.exe
        30⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Windows\SysWOW64\Edmjfifl.exe
        
        C:\Windows\system32\Edmjfifl.exe
        31⤵
        Executes dropped EXE
        
        PID:5024
        
        C:\Windows\SysWOW64\Eobocb32.exe
        
        C:\Windows\system32\Eobocb32.exe
        32⤵
        Executes dropped EXE
        
        PID:5044
        
        C:\Windows\SysWOW64\Ehkclgmb.exe
        
        C:\Windows\system32\Ehkclgmb.exe
        33⤵
        Executes dropped EXE
        
        PID:2572
        
        C:\Windows\SysWOW64\Emhldnkj.exe
        
        C:\Windows\system32\Emhldnkj.exe
        34⤵
        Executes dropped EXE
        
        PID:4808
        
        C:\Windows\SysWOW64\Hkckeo32.exe
        
        C:\Windows\system32\Hkckeo32.exe
        35⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3300
        
        C:\Windows\SysWOW64\Hfipbh32.exe
        
        C:\Windows\system32\Hfipbh32.exe
        36⤵
        Executes dropped EXE
        
        PID:5060
        
        C:\Windows\SysWOW64\Hoadkn32.exe
        
        C:\Windows\system32\Hoadkn32.exe
        37⤵
        Executes dropped EXE
        
        PID:3228
        
        C:\Windows\SysWOW64\Hfklhhcl.exe
        
        C:\Windows\system32\Hfklhhcl.exe
        38⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\SysWOW64\Hkhdqoac.exe
        
        C:\Windows\system32\Hkhdqoac.exe
        39⤵
        Executes dropped EXE
        
        PID:3700
        
        C:\Windows\SysWOW64\Hnfamjqg.exe
        
        C:\Windows\system32\Hnfamjqg.exe
        40⤵
        Executes dropped EXE
        
        PID:4948
        
        C:\Windows\SysWOW64\Hdpiid32.exe
        
        C:\Windows\system32\Hdpiid32.exe
        41⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Windows\SysWOW64\Hbdjchgn.exe
        
        C:\Windows\system32\Hbdjchgn.exe
        42⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:4148
        
        C:\Windows\SysWOW64\Hhnbpb32.exe
        
        C:\Windows\system32\Hhnbpb32.exe
        43⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3172
        
        C:\Windows\SysWOW64\Inkjhi32.exe
        
        C:\Windows\system32\Inkjhi32.exe
        44⤵
        Executes dropped EXE
        
        PID:3400
        
        C:\Windows\SysWOW64\Idebdcdo.exe
        
        C:\Windows\system32\Idebdcdo.exe
        45⤵
        Executes dropped EXE
        
        PID:3528
        
        C:\Windows\SysWOW64\Ikokan32.exe
        
        C:\Windows\system32\Ikokan32.exe
        46⤵
        Executes dropped EXE
        
        PID:4316
        
        C:\Windows\SysWOW64\Ibicnh32.exe
        
        C:\Windows\system32\Ibicnh32.exe
        47⤵
        Executes dropped EXE
        
        PID:3264
        
        C:\Windows\SysWOW64\Idgojc32.exe
        
        C:\Windows\system32\Idgojc32.exe
        48⤵
        Executes dropped EXE
        
        PID:4008
        
        C:\Windows\SysWOW64\Ikaggmii.exe
        
        C:\Windows\system32\Ikaggmii.exe
        49⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1608
        
        C:\Windows\SysWOW64\Ibkpcg32.exe
        
        C:\Windows\system32\Ibkpcg32.exe
        50⤵
        Executes dropped EXE
        
        PID:3144
        
        C:\Windows\SysWOW64\Ighhln32.exe
        
        C:\Windows\system32\Ighhln32.exe
        51⤵
        Executes dropped EXE
        
        PID:652
        
        C:\Windows\SysWOW64\Ifihif32.exe
        
        C:\Windows\system32\Ifihif32.exe
        52⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Windows\SysWOW64\Ikfabm32.exe
        
        C:\Windows\system32\Ikfabm32.exe
        53⤵
        Executes dropped EXE
        
        PID:4548
        
        C:\Windows\SysWOW64\Ibpiogmp.exe
        
        C:\Windows\system32\Ibpiogmp.exe
        54⤵
        Executes dropped EXE
        
        PID:4124
        
        C:\Windows\SysWOW64\Igmagnkg.exe
        
        C:\Windows\system32\Igmagnkg.exe
        55⤵
        Executes dropped EXE
        
        PID:4324
        
        C:\Windows\SysWOW64\Jngjch32.exe
        
        C:\Windows\system32\Jngjch32.exe
        56⤵
        Executes dropped EXE
        
        PID:5132
        
        C:\Windows\SysWOW64\Jkkjmlan.exe
        
        C:\Windows\system32\Jkkjmlan.exe
        57⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5176
        
        C:\Windows\SysWOW64\Jbdbjf32.exe
        
        C:\Windows\system32\Jbdbjf32.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5216
        
        C:\Windows\SysWOW64\Jgakbm32.exe
        
        C:\Windows\system32\Jgakbm32.exe
        59⤵
        Executes dropped EXE
        
        PID:5252
        
        C:\Windows\SysWOW64\Jbgoof32.exe
        
        C:\Windows\system32\Jbgoof32.exe
        60⤵
        Executes dropped EXE
        
        PID:5296
        
        C:\Windows\SysWOW64\Jiaglp32.exe
        
        C:\Windows\system32\Jiaglp32.exe
        61⤵
        Executes dropped EXE
        
        PID:5336
        
        C:\Windows\SysWOW64\Jnnpdg32.exe
        
        C:\Windows\system32\Jnnpdg32.exe
        62⤵
        Executes dropped EXE
        
        PID:5376
        
        C:\Windows\SysWOW64\Jehhaaci.exe
        
        C:\Windows\system32\Jehhaaci.exe
        63⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        
        PID:5416
        
        C:\Windows\SysWOW64\Jgfdmlcm.exe
        
        C:\Windows\system32\Jgfdmlcm.exe
        64⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5456
        
        C:\Windows\SysWOW64\Jnpmjf32.exe
        
        C:\Windows\system32\Jnpmjf32.exe
        65⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5496
        
        C:\Windows\SysWOW64\Jfgdkd32.exe
        
        C:\Windows\system32\Jfgdkd32.exe
        66⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5540
        
        C:\Windows\SysWOW64\Kbnepe32.exe
        
        C:\Windows\system32\Kbnepe32.exe
        67⤵
        Drops file in System32 directory
        
        PID:5584
        
        C:\Windows\SysWOW64\Kgknhl32.exe
        
        C:\Windows\system32\Kgknhl32.exe
        68⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\Kbpbed32.exe
        
        C:\Windows\system32\Kbpbed32.exe
        69⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\Keonap32.exe
        
        C:\Windows\system32\Keonap32.exe
        70⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5728
        
        C:\Windows\SysWOW64\Klifnj32.exe
        
        C:\Windows\system32\Klifnj32.exe
        71⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Kfnkkb32.exe
        
        C:\Windows\system32\Kfnkkb32.exe
        72⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\Kimghn32.exe
        
        C:\Windows\system32\Kimghn32.exe
        73⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\Kpgodhkd.exe
        
        C:\Windows\system32\Kpgodhkd.exe
        74⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\Kechmoil.exe
        
        C:\Windows\system32\Kechmoil.exe
        75⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\Knlleepl.exe
        
        C:\Windows\system32\Knlleepl.exe
        76⤵
        Modifies registry class
        
        PID:5988
        
        C:\Windows\SysWOW64\Kefdbo32.exe
        
        C:\Windows\system32\Kefdbo32.exe
        77⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\Lpkiph32.exe
        
        C:\Windows\system32\Lpkiph32.exe
        78⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Lfealaol.exe
        
        C:\Windows\system32\Lfealaol.exe
        79⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\Lppbkgcj.exe
        
        C:\Windows\system32\Lppbkgcj.exe
        80⤵
        Modifies registry class
        
        PID:4928
        
        C:\Windows\SysWOW64\Llgcph32.exe
        
        C:\Windows\system32\Llgcph32.exe
        81⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\Lflgmqhd.exe
        
        C:\Windows\system32\Lflgmqhd.exe
        82⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\Likcilhh.exe
        
        C:\Windows\system32\Likcilhh.exe
        83⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5320
        
        C:\Windows\SysWOW64\Llipehgk.exe
        
        C:\Windows\system32\Llipehgk.exe
        84⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5412
        
        C:\Windows\SysWOW64\Lbchba32.exe
        
        C:\Windows\system32\Lbchba32.exe
        85⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\Mhppji32.exe
        
        C:\Windows\system32\Mhppji32.exe
        86⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\Mbedga32.exe
        
        C:\Windows\system32\Mbedga32.exe
        87⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\Mhbmphjm.exe
        
        C:\Windows\system32\Mhbmphjm.exe
        88⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\Molelb32.exe
        
        C:\Windows\system32\Molelb32.exe
        89⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\Mefmimif.exe
        
        C:\Windows\system32\Mefmimif.exe
        90⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\Mhdjehhj.exe
        
        C:\Windows\system32\Mhdjehhj.exe
        91⤵
        Drops file in System32 directory
        
        PID:6040
        
        C:\Windows\SysWOW64\Moobbb32.exe
        
        C:\Windows\system32\Moobbb32.exe
        92⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\Mffjcopi.exe
        
        C:\Windows\system32\Mffjcopi.exe
        93⤵
        Drops file in System32 directory
        
        PID:5168
        
        C:\Windows\SysWOW64\Mhgfkg32.exe
        
        C:\Windows\system32\Mhgfkg32.exe
        94⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5240
        
        C:\Windows\SysWOW64\Mpnnle32.exe
        
        C:\Windows\system32\Mpnnle32.exe
        95⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\Mifcejnj.exe
        
        C:\Windows\system32\Mifcejnj.exe
        96⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\Mpqkad32.exe
        
        C:\Windows\system32\Mpqkad32.exe
        97⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\Mfjcnold.exe
        
        C:\Windows\system32\Mfjcnold.exe
        98⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\Nhlpfgbb.exe
        
        C:\Windows\system32\Nhlpfgbb.exe
        99⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\Npchgdcd.exe
        
        C:\Windows\system32\Npchgdcd.exe
        100⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\Nbadcpbh.exe
        
        C:\Windows\system32\Nbadcpbh.exe
        101⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\Niklpj32.exe
        
        C:\Windows\system32\Niklpj32.exe
        102⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\Nlihle32.exe
        
        C:\Windows\system32\Nlihle32.exe
        103⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\Nbcqiope.exe
        
        C:\Windows\system32\Nbcqiope.exe
        104⤵
        Modifies registry class
        
        PID:5944
        
        C:\Windows\SysWOW64\Nhpiafnm.exe
        
        C:\Windows\system32\Nhpiafnm.exe
        105⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5204
        
        C:\Windows\SysWOW64\Npgabc32.exe
        
        C:\Windows\system32\Npgabc32.exe
        106⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5404
        
        C:\Windows\SysWOW64\Ncfmno32.exe
        
        C:\Windows\system32\Ncfmno32.exe
        107⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\Nedjjj32.exe
        
        C:\Windows\system32\Nedjjj32.exe
        108⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\Nlnbgddc.exe
        
        C:\Windows\system32\Nlnbgddc.exe
        109⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\Npjnhc32.exe
        
        C:\Windows\system32\Npjnhc32.exe
        110⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\Neffpj32.exe
        
        C:\Windows\system32\Neffpj32.exe
        111⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\Nlqomd32.exe
        
        C:\Windows\system32\Nlqomd32.exe
        112⤵
        Modifies registry class
        
        PID:6188
        
        C:\Windows\SysWOW64\Ogfcjm32.exe
        
        C:\Windows\system32\Ogfcjm32.exe
        113⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\Oidofh32.exe
        
        C:\Windows\system32\Oidofh32.exe
        114⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\Olckbd32.exe
        
        C:\Windows\system32\Olckbd32.exe
        115⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\Ooagno32.exe
        
        C:\Windows\system32\Ooagno32.exe
        116⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\Oghppm32.exe
        
        C:\Windows\system32\Oghppm32.exe
        117⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\Oigllh32.exe
        
        C:\Windows\system32\Oigllh32.exe
        118⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:6472
        
        C:\Windows\SysWOW64\Oocddono.exe
        
        C:\Windows\system32\Oocddono.exe
        119⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Ogklelna.exe
        
        C:\Windows\system32\Ogklelna.exe
        120⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\Ohlimd32.exe
        
        C:\Windows\system32\Ohlimd32.exe
        121⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6600
        
        C:\Windows\SysWOW64\Opcqnb32.exe
        
        C:\Windows\system32\Opcqnb32.exe
        122⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\Ocamjm32.exe
        
        C:\Windows\system32\Ocamjm32.exe
        123⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6696
        
        C:\Windows\SysWOW64\Oljaccjf.exe
        
        C:\Windows\system32\Oljaccjf.exe
        124⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\Ogpepl32.exe
        
        C:\Windows\system32\Ogpepl32.exe
        125⤵
        Modifies registry class
        
        PID:6772
        
        C:\Windows\SysWOW64\Ojnblg32.exe
        
        C:\Windows\system32\Ojnblg32.exe
        126⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\Ookjdn32.exe
        
        C:\Windows\system32\Ookjdn32.exe
        127⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\Pjpobg32.exe
        
        C:\Windows\system32\Pjpobg32.exe
        128⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\Pcicklnn.exe
        
        C:\Windows\system32\Pcicklnn.exe
        129⤵
        Drops file in System32 directory
        
        PID:6960
        
        C:\Windows\SysWOW64\Pjbkgfej.exe
        
        C:\Windows\system32\Pjbkgfej.exe
        130⤵
        Modifies registry class
        
        PID:7004
        
        C:\Windows\SysWOW64\Ppmcdq32.exe
        
        C:\Windows\system32\Ppmcdq32.exe
        131⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\Qjlnnemp.exe
        
        C:\Windows\system32\Qjlnnemp.exe
        132⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\Qqffjo32.exe
        
        C:\Windows\system32\Qqffjo32.exe
        133⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\Qfbobf32.exe
        
        C:\Windows\system32\Qfbobf32.exe
        134⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Qlmgopjq.exe
        
        C:\Windows\system32\Qlmgopjq.exe
        135⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\Afelhf32.exe
        
        C:\Windows\system32\Afelhf32.exe
        136⤵
        Drops file in System32 directory
        
        PID:6272
        
        C:\Windows\SysWOW64\Aqkpeopg.exe
        
        C:\Windows\system32\Aqkpeopg.exe
        137⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\Ajcdnd32.exe
        
        C:\Windows\system32\Ajcdnd32.exe
        138⤵
        Drops file in System32 directory
        
        PID:6408
        
        C:\Windows\SysWOW64\Aopmfk32.exe
        
        C:\Windows\system32\Aopmfk32.exe
        139⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\Aggegh32.exe
        
        C:\Windows\system32\Aggegh32.exe
        140⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\Amcmpodi.exe
        
        C:\Windows\system32\Amcmpodi.exe
        141⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\Aobilkcl.exe
        
        C:\Windows\system32\Aobilkcl.exe
        142⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\Aflaie32.exe
        
        C:\Windows\system32\Aflaie32.exe
        143⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Aijnep32.exe
        
        C:\Windows\system32\Aijnep32.exe
        144⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\Aglnbhal.exe
        
        C:\Windows\system32\Aglnbhal.exe
        145⤵
        Drops file in System32 directory
        
        PID:6916
        
        C:\Windows\SysWOW64\Amhfkopc.exe
        
        C:\Windows\system32\Amhfkopc.exe
        146⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Bogcgj32.exe
        
        C:\Windows\system32\Bogcgj32.exe
        147⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\Bgnkhg32.exe
        
        C:\Windows\system32\Bgnkhg32.exe
        148⤵
        Drops file in System32 directory
        
        PID:7160
        
        C:\Windows\SysWOW64\Bfqkddfd.exe
        
        C:\Windows\system32\Bfqkddfd.exe
        149⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\Bmkcqn32.exe
        
        C:\Windows\system32\Bmkcqn32.exe
        150⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\Boipmj32.exe
        
        C:\Windows\system32\Boipmj32.exe
        151⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\Bgpgng32.exe
        
        C:\Windows\system32\Bgpgng32.exe
        152⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\Bjodjb32.exe
        
        C:\Windows\system32\Bjodjb32.exe
        153⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6640
        
        C:\Windows\SysWOW64\Bqilgmdg.exe
        
        C:\Windows\system32\Bqilgmdg.exe
        154⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\Bgbdcgld.exe
        
        C:\Windows\system32\Bgbdcgld.exe
        155⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\Bjaqpbkh.exe
        
        C:\Windows\system32\Bjaqpbkh.exe
        156⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\Bciehh32.exe
        
        C:\Windows\system32\Bciehh32.exe
        157⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\Bmbiamhi.exe
        
        C:\Windows\system32\Bmbiamhi.exe
        158⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6176
        
        C:\Windows\SysWOW64\Bppfmigl.exe
        
        C:\Windows\system32\Bppfmigl.exe
        159⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\Bjfjka32.exe
        
        C:\Windows\system32\Bjfjka32.exe
        160⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Cqpbglno.exe
        
        C:\Windows\system32\Cqpbglno.exe
        161⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\Cgjjdf32.exe
        
        C:\Windows\system32\Cgjjdf32.exe
        162⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\Cjhfpa32.exe
        
        C:\Windows\system32\Cjhfpa32.exe
        163⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\Cmfclm32.exe
        
        C:\Windows\system32\Cmfclm32.exe
        164⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\Cpeohh32.exe
        
        C:\Windows\system32\Cpeohh32.exe
        165⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\Cglgjeci.exe
        
        C:\Windows\system32\Cglgjeci.exe
        166⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\Cimcan32.exe
        
        C:\Windows\system32\Cimcan32.exe
        167⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\Cpglnhad.exe
        
        C:\Windows\system32\Cpglnhad.exe
        168⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\Cgndoeag.exe
        
        C:\Windows\system32\Cgndoeag.exe
        169⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6608
        
        C:\Windows\SysWOW64\Cippgm32.exe
        
        C:\Windows\system32\Cippgm32.exe
        170⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\Cpihcgoa.exe
        
        C:\Windows\system32\Cpihcgoa.exe
        171⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\Cibmlmeb.exe
        
        C:\Windows\system32\Cibmlmeb.exe
        172⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\Ccgajfeh.exe
        
        C:\Windows\system32\Ccgajfeh.exe
        173⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\Cffmfadl.exe
        
        C:\Windows\system32\Cffmfadl.exe
        174⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\Dmpfbk32.exe
        
        C:\Windows\system32\Dmpfbk32.exe
        175⤵
        Modifies registry class
        
        PID:7240
        
        C:\Windows\SysWOW64\Dpnbog32.exe
        
        C:\Windows\system32\Dpnbog32.exe
        176⤵
        Modifies registry class
        
        PID:7284
        
        C:\Windows\SysWOW64\Dfhjkabi.exe
        
        C:\Windows\system32\Dfhjkabi.exe
        177⤵
        Modifies registry class
        
        PID:7324
        
        C:\Windows\SysWOW64\Dmbbhkjf.exe
        
        C:\Windows\system32\Dmbbhkjf.exe
        178⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7364
        
        C:\Windows\SysWOW64\Dclkee32.exe
        
        C:\Windows\system32\Dclkee32.exe
        179⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\Diicml32.exe
        
        C:\Windows\system32\Diicml32.exe
        180⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\Dhjckcgi.exe
        
        C:\Windows\system32\Dhjckcgi.exe
        181⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7488
        
        C:\Windows\SysWOW64\Dmglcj32.exe
        
        C:\Windows\system32\Dmglcj32.exe
        182⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\Dhlpqc32.exe
        
        C:\Windows\system32\Dhlpqc32.exe
        183⤵
        Drops file in System32 directory
        
        PID:7572
        
        C:\Windows\SysWOW64\Dinmhkke.exe
        
        C:\Windows\system32\Dinmhkke.exe
        184⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\Ddcqedkk.exe
        
        C:\Windows\system32\Ddcqedkk.exe
        185⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\Eipinkib.exe
        
        C:\Windows\system32\Eipinkib.exe
        186⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\Eagaoh32.exe
        
        C:\Windows\system32\Eagaoh32.exe
        187⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\Edemkd32.exe
        
        C:\Windows\system32\Edemkd32.exe
        188⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\Emnbdioi.exe
        
        C:\Windows\system32\Emnbdioi.exe
        189⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\Epagkd32.exe
        
        C:\Windows\system32\Epagkd32.exe
        190⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\Ejflhm32.exe
        
        C:\Windows\system32\Ejflhm32.exe
        191⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7904
        
        C:\Windows\SysWOW64\Epcdqd32.exe
        
        C:\Windows\system32\Epcdqd32.exe
        192⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\Edopabqn.exe
        
        C:\Windows\system32\Edopabqn.exe
        193⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\Fpeafcfa.exe
        
        C:\Windows\system32\Fpeafcfa.exe
        194⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\Fdcjlb32.exe
        
        C:\Windows\system32\Fdcjlb32.exe
        195⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\Fgbfhmll.exe
        
        C:\Windows\system32\Fgbfhmll.exe
        196⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\Fmlneg32.exe
        
        C:\Windows\system32\Fmlneg32.exe
        197⤵
        Drops file in System32 directory
        
        PID:8152
        
        C:\Windows\SysWOW64\Fmnkkg32.exe
        
        C:\Windows\system32\Fmnkkg32.exe
        198⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\Fkbkdkpp.exe
        
        C:\Windows\system32\Fkbkdkpp.exe
        199⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\Fmqgpgoc.exe
        
        C:\Windows\system32\Fmqgpgoc.exe
        200⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\Fpodlbng.exe
        
        C:\Windows\system32\Fpodlbng.exe
        201⤵
        Drops file in System32 directory
        
        PID:7360
        
        C:\Windows\SysWOW64\Fhflnpoi.exe
        
        C:\Windows\system32\Fhflnpoi.exe
        202⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\Gigheh32.exe
        
        C:\Windows\system32\Gigheh32.exe
        203⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\Gpaqbbld.exe
        
        C:\Windows\system32\Gpaqbbld.exe
        204⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\Ggkiol32.exe
        
        C:\Windows\system32\Ggkiol32.exe
        205⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\Gmeakf32.exe
        
        C:\Windows\system32\Gmeakf32.exe
        206⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:7820
        
        C:\Windows\SysWOW64\Gdoihpbk.exe
        
        C:\Windows\system32\Gdoihpbk.exe
        207⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\Ggnedlao.exe
        
        C:\Windows\system32\Ggnedlao.exe
        208⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\Gilapgqb.exe
        
        C:\Windows\system32\Gilapgqb.exe
        209⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\Gdafnpqh.exe
        
        C:\Windows\system32\Gdafnpqh.exe
        210⤵
        Drops file in System32 directory
        
        PID:8136
        
        C:\Windows\SysWOW64\Ginnfgop.exe
        
        C:\Windows\system32\Ginnfgop.exe
        211⤵
        Modifies registry class
        
        PID:7196
        
        C:\Windows\SysWOW64\Gaefgd32.exe
        
        C:\Windows\system32\Gaefgd32.exe
        212⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:7348
        
        C:\Windows\SysWOW64\Gphgbafl.exe
        
        C:\Windows\system32\Gphgbafl.exe
        213⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7464
        
        C:\Windows\SysWOW64\Ghpocngo.exe
        
        C:\Windows\system32\Ghpocngo.exe
        214⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\Gknkpjfb.exe
        
        C:\Windows\system32\Gknkpjfb.exe
        215⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7776
        
        C:\Windows\SysWOW64\Gahcmd32.exe
        
        C:\Windows\system32\Gahcmd32.exe
        216⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\Gdfoio32.exe
        
        C:\Windows\system32\Gdfoio32.exe
        217⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\Hkpheidp.exe
        
        C:\Windows\system32\Hkpheidp.exe
        218⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\Hajpbckl.exe
        
        C:\Windows\system32\Hajpbckl.exe
        219⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\Hhdhon32.exe
        
        C:\Windows\system32\Hhdhon32.exe
        220⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\Hjedffig.exe
        
        C:\Windows\system32\Hjedffig.exe
        221⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\Hpomcp32.exe
        
        C:\Windows\system32\Hpomcp32.exe
        222⤵
        Drops file in System32 directory
        
        PID:8020
        
        C:\Windows\SysWOW64\Hkeaqi32.exe
        
        C:\Windows\system32\Hkeaqi32.exe
        223⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\Hpbiip32.exe
        
        C:\Windows\system32\Hpbiip32.exe
        224⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\Hglaej32.exe
        
        C:\Windows\system32\Hglaej32.exe
        225⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\Hpdfnolo.exe
        
        C:\Windows\system32\Hpdfnolo.exe
        226⤵
        Modifies registry class
        
        PID:8164
        
        C:\Windows\SysWOW64\Hjlkge32.exe
        
        C:\Windows\system32\Hjlkge32.exe
        227⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\Hpfcdojl.exe
        
        C:\Windows\system32\Hpfcdojl.exe
        228⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\Iklgah32.exe
        
        C:\Windows\system32\Iklgah32.exe
        229⤵
        Drops file in System32 directory
        
        PID:7916
        
        C:\Windows\SysWOW64\Iafonaao.exe
        
        C:\Windows\system32\Iafonaao.exe
        230⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\Ijadbdoj.exe
        
        C:\Windows\system32\Ijadbdoj.exe
        231⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\Iahlcaol.exe
        
        C:\Windows\system32\Iahlcaol.exe
        232⤵
        Modifies registry class
        
        PID:8244
        
        C:\Windows\SysWOW64\Idghpmnp.exe
        
        C:\Windows\system32\Idghpmnp.exe
        233⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\Igedlh32.exe
        
        C:\Windows\system32\Igedlh32.exe
        234⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8332
        
        C:\Windows\SysWOW64\Ijcahd32.exe
        
        C:\Windows\system32\Ijcahd32.exe
        235⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\Iakiia32.exe
        
        C:\Windows\system32\Iakiia32.exe
        236⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\Idieem32.exe
        
        C:\Windows\system32\Idieem32.exe
        237⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\Iggaah32.exe
        
        C:\Windows\system32\Iggaah32.exe
        238⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\Inainbcn.exe
        
        C:\Windows\system32\Inainbcn.exe
        239⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\Idkbkl32.exe
        
        C:\Windows\system32\Idkbkl32.exe
        240⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\Ibobdqid.exe
        
        C:\Windows\system32\Ibobdqid.exe
        241⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\Jhijqj32.exe
        
        C:\Windows\system32\Jhijqj32.exe
        242⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\Jnfcia32.exe
        
        C:\Windows\system32\Jnfcia32.exe
        243⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\Jdpkflfe.exe
        
        C:\Windows\system32\Jdpkflfe.exe
        244⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\Jgogbgei.exe
        
        C:\Windows\system32\Jgogbgei.exe
        245⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\Jqglkmlj.exe
        
        C:\Windows\system32\Jqglkmlj.exe
        246⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\Jjopcb32.exe
        
        C:\Windows\system32\Jjopcb32.exe
        247⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\Jqiipljg.exe
        
        C:\Windows\system32\Jqiipljg.exe
        248⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\Jkomneim.exe
        
        C:\Windows\system32\Jkomneim.exe
        249⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\Jnmijq32.exe
        
        C:\Windows\system32\Jnmijq32.exe
        250⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\Jbiejoaj.exe
        
        C:\Windows\system32\Jbiejoaj.exe
        251⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\Jgenbfoa.exe
        
        C:\Windows\system32\Jgenbfoa.exe
        252⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\Jnpfop32.exe
        
        C:\Windows\system32\Jnpfop32.exe
        253⤵
        Modifies registry class
        
        PID:9136
        
        C:\Windows\SysWOW64\Kqnbkl32.exe
        
        C:\Windows\system32\Kqnbkl32.exe
        254⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\Kghjhemo.exe
        
        C:\Windows\system32\Kghjhemo.exe
        255⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\Kjffdalb.exe
        
        C:\Windows\system32\Kjffdalb.exe
        256⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8256
        
        C:\Windows\SysWOW64\Kqpoakco.exe
        
        C:\Windows\system32\Kqpoakco.exe
        257⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Kiggbhda.exe
        
        C:\Windows\system32\Kiggbhda.exe
        258⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\Kkfcndce.exe
        
        C:\Windows\system32\Kkfcndce.exe
        259⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8464
        
        C:\Windows\SysWOW64\Kqbkfkal.exe
        
        C:\Windows\system32\Kqbkfkal.exe
        260⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\Kijchhbo.exe
        
        C:\Windows\system32\Kijchhbo.exe
        261⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\Kkhpdcab.exe
        
        C:\Windows\system32\Kkhpdcab.exe
        262⤵
        Modifies registry class
        
        PID:8664
        
        C:\Windows\SysWOW64\Kaehljpj.exe
        
        C:\Windows\system32\Kaehljpj.exe
        263⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\Kilpmh32.exe
        
        C:\Windows\system32\Kilpmh32.exe
        264⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\Kkjlic32.exe
        
        C:\Windows\system32\Kkjlic32.exe
        265⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\Kbddfmgl.exe
        
        C:\Windows\system32\Kbddfmgl.exe
        266⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\Kgamnded.exe
        
        C:\Windows\system32\Kgamnded.exe
        267⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\Knkekn32.exe
        
        C:\Windows\system32\Knkekn32.exe
        268⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\Liqihglg.exe
        
        C:\Windows\system32\Liqihglg.exe
        269⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\Ljbfpo32.exe
        
        C:\Windows\system32\Ljbfpo32.exe
        270⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\Lbinam32.exe
        
        C:\Windows\system32\Lbinam32.exe
        271⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\Licfngjd.exe
        
        C:\Windows\system32\Licfngjd.exe
        272⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\Lnpofnhk.exe
        
        C:\Windows\system32\Lnpofnhk.exe
        273⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\Lejgch32.exe
        
        C:\Windows\system32\Lejgch32.exe
        274⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\Lldopb32.exe
        
        C:\Windows\system32\Lldopb32.exe
        275⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\Lbngllob.exe
        
        C:\Windows\system32\Lbngllob.exe
        276⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:8848
        
        C:\Windows\SysWOW64\Lihpif32.exe
        
        C:\Windows\system32\Lihpif32.exe
        277⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\Ljilqnlm.exe
        
        C:\Windows\system32\Ljilqnlm.exe
        278⤵
        Drops file in System32 directory
        
        PID:9112
        
        C:\Windows\SysWOW64\Lacdmh32.exe
        
        C:\Windows\system32\Lacdmh32.exe
        279⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:9200
        
        C:\Windows\SysWOW64\Lijlof32.exe
        
        C:\Windows\system32\Lijlof32.exe
        280⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\Ljkifn32.exe
        
        C:\Windows\system32\Ljkifn32.exe
        281⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\Meamcg32.exe
        
        C:\Windows\system32\Meamcg32.exe
        282⤵
        Drops file in System32 directory
        
        PID:8500
        
        C:\Windows\SysWOW64\Mhoipb32.exe
        
        C:\Windows\system32\Mhoipb32.exe
        283⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\Mbenmk32.exe
        
        C:\Windows\system32\Mbenmk32.exe
        284⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\Mecjif32.exe
        
        C:\Windows\system32\Mecjif32.exe
        285⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\Miaboe32.exe
        
        C:\Windows\system32\Miaboe32.exe
        286⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\Mjbogmdb.exe
        
        C:\Windows\system32\Mjbogmdb.exe
        287⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\Mbighjdd.exe
        
        C:\Windows\system32\Mbighjdd.exe
        288⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:7584
        
        C:\Windows\SysWOW64\Mehcdfch.exe
        
        C:\Windows\system32\Mehcdfch.exe
        289⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\Mlbkap32.exe
        
        C:\Windows\system32\Mlbkap32.exe
        290⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\Mblcnj32.exe
        
        C:\Windows\system32\Mblcnj32.exe
        291⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\Mifljdjo.exe
        
        C:\Windows\system32\Mifljdjo.exe
        292⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\Njghbl32.exe
        
        C:\Windows\system32\Njghbl32.exe
        293⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\Nbnpcj32.exe
        
        C:\Windows\system32\Nbnpcj32.exe
        294⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\Nbqmiinl.exe
        
        C:\Windows\system32\Nbqmiinl.exe
        295⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\Nliaao32.exe
        
        C:\Windows\system32\Nliaao32.exe
        296⤵
        Modifies registry class
        
        PID:8720
        
        C:\Windows\SysWOW64\Nbcjnilj.exe
        
        C:\Windows\system32\Nbcjnilj.exe
        297⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\Nimbkc32.exe
        
        C:\Windows\system32\Nimbkc32.exe
        298⤵
        Drops file in System32 directory
        
        PID:9264
        
        C:\Windows\SysWOW64\Nlkngo32.exe
        
        C:\Windows\system32\Nlkngo32.exe
        299⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\Niooqcad.exe
        
        C:\Windows\system32\Niooqcad.exe
        300⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\Nkqkhk32.exe
        
        C:\Windows\system32\Nkqkhk32.exe
        301⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\Najceeoo.exe
        
        C:\Windows\system32\Najceeoo.exe
        302⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\Nlphbnoe.exe
        
        C:\Windows\system32\Nlphbnoe.exe
        303⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\Oondnini.exe
        
        C:\Windows\system32\Oondnini.exe
        304⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\Oampjeml.exe
        
        C:\Windows\system32\Oampjeml.exe
        305⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\Ohghgodi.exe
        
        C:\Windows\system32\Ohghgodi.exe
        306⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\Oblmdhdo.exe
        
        C:\Windows\system32\Oblmdhdo.exe
        307⤵
        Drops file in System32 directory
        
        PID:9652
        
        C:\Windows\SysWOW64\Oifeab32.exe
        
        C:\Windows\system32\Oifeab32.exe
        308⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\Oocmii32.exe
        
        C:\Windows\system32\Oocmii32.exe
        309⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\Oemefcap.exe
        
        C:\Windows\system32\Oemefcap.exe
        310⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\Olgncmim.exe
        
        C:\Windows\system32\Olgncmim.exe
        311⤵
        Modifies registry class
        
        PID:9832
        
        C:\Windows\SysWOW64\Oeoblb32.exe
        
        C:\Windows\system32\Oeoblb32.exe
        312⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\Olijhmgj.exe
        
        C:\Windows\system32\Olijhmgj.exe
        313⤵
        Drops file in System32 directory
        
        PID:9916
        
        C:\Windows\SysWOW64\Oafcqcea.exe
        
        C:\Windows\system32\Oafcqcea.exe
        314⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\Ohpkmn32.exe
        
        C:\Windows\system32\Ohpkmn32.exe
        315⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\Pojcjh32.exe
        
        C:\Windows\system32\Pojcjh32.exe
        316⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10044
        
        C:\Windows\SysWOW64\Piphgq32.exe
        
        C:\Windows\system32\Piphgq32.exe
        317⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\Pkadoiip.exe
        
        C:\Windows\system32\Pkadoiip.exe
        318⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\Pakllc32.exe
        
        C:\Windows\system32\Pakllc32.exe
        319⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\Phedhmhi.exe
        
        C:\Windows\system32\Phedhmhi.exe
        320⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\Pamiaboj.exe
        
        C:\Windows\system32\Pamiaboj.exe
        321⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\Plbmokop.exe
        
        C:\Windows\system32\Plbmokop.exe
        322⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\Pcmeke32.exe
        
        C:\Windows\system32\Pcmeke32.exe
        323⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\Pekbga32.exe
        
        C:\Windows\system32\Pekbga32.exe
        324⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\Phincl32.exe
        
        C:\Windows\system32\Phincl32.exe
        325⤵
        Modifies registry class
        
        PID:9472
        
        C:\Windows\SysWOW64\Pocfpf32.exe
        
        C:\Windows\system32\Pocfpf32.exe
        326⤵
        Modifies registry class
        
        PID:9548
        
        C:\Windows\SysWOW64\Piijno32.exe
        
        C:\Windows\system32\Piijno32.exe
        327⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\Qofcff32.exe
        
        C:\Windows\system32\Qofcff32.exe
        328⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\Qadoba32.exe
        
        C:\Windows\system32\Qadoba32.exe
        329⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\Qikgco32.exe
        
        C:\Windows\system32\Qikgco32.exe
        330⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\Qkmdkgob.exe
        
        C:\Windows\system32\Qkmdkgob.exe
        331⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\Qcclld32.exe
        
        C:\Windows\system32\Qcclld32.exe
        332⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:9860
        
        C:\Windows\SysWOW64\Ajndioga.exe
        
        C:\Windows\system32\Ajndioga.exe
        333⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\Akoqpg32.exe
        
        C:\Windows\system32\Akoqpg32.exe
        334⤵
        Modifies registry class
        
        PID:9996
        
        C:\Windows\SysWOW64\Aaiimadl.exe
        
        C:\Windows\system32\Aaiimadl.exe
        335⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\Ahcajk32.exe
        
        C:\Windows\system32\Ahcajk32.exe
        336⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\Aomifecf.exe
        
        C:\Windows\system32\Aomifecf.exe
        337⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\Afgacokc.exe
        
        C:\Windows\system32\Afgacokc.exe
        338⤵
        Drops file in System32 directory
        
        PID:10228
        
        C:\Windows\SysWOW64\Ajbmdn32.exe
        
        C:\Windows\system32\Ajbmdn32.exe
        339⤵
        Drops file in System32 directory
        
        PID:9284
        
        C:\Windows\SysWOW64\Afinioip.exe
        
        C:\Windows\system32\Afinioip.exe
        340⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\Ahgjejhd.exe
        
        C:\Windows\system32\Ahgjejhd.exe
        341⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\Akffafgg.exe
        
        C:\Windows\system32\Akffafgg.exe
        342⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:9680
        
        C:\Windows\SysWOW64\Acmobchj.exe
        
        C:\Windows\system32\Acmobchj.exe
        343⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\Ajggomog.exe
        
        C:\Windows\system32\Ajggomog.exe
        344⤵
        Drops file in System32 directory
        
        PID:9800
        
        C:\Windows\SysWOW64\Aodogdmn.exe
        
        C:\Windows\system32\Aodogdmn.exe
        345⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\Bhoqeibl.exe
        
        C:\Windows\system32\Bhoqeibl.exe
        346⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\Bcddcbab.exe
        
        C:\Windows\system32\Bcddcbab.exe
        347⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\Bfbaonae.exe
        
        C:\Windows\system32\Bfbaonae.exe
        348⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\Bmlilh32.exe
        
        C:\Windows\system32\Bmlilh32.exe
        349⤵
        Drops file in System32 directory
        
        PID:9248
        
        C:\Windows\SysWOW64\Bfendmoc.exe
        
        C:\Windows\system32\Bfendmoc.exe
        350⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\Bhcjqinf.exe
        
        C:\Windows\system32\Bhcjqinf.exe
        351⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\Bcinna32.exe
        
        C:\Windows\system32\Bcinna32.exe
        352⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\Bkdcbd32.exe
        
        C:\Windows\system32\Bkdcbd32.exe
        353⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\Bckkca32.exe
        
        C:\Windows\system32\Bckkca32.exe
        354⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\Cfigpm32.exe
        
        C:\Windows\system32\Cfigpm32.exe
        355⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\Cihclh32.exe
        
        C:\Windows\system32\Cihclh32.exe
        356⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\Cobkhb32.exe
        
        C:\Windows\system32\Cobkhb32.exe
        357⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\Cbphdn32.exe
        
        C:\Windows\system32\Cbphdn32.exe
        358⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\Cijpahho.exe
        
        C:\Windows\system32\Cijpahho.exe
        359⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\Cbbdjm32.exe
        
        C:\Windows\system32\Cbbdjm32.exe
        360⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\Cofecami.exe
        
        C:\Windows\system32\Cofecami.exe
        361⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\Cjliajmo.exe
        
        C:\Windows\system32\Cjliajmo.exe
        362⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\Ckmehb32.exe
        
        C:\Windows\system32\Ckmehb32.exe
        363⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\Cbgnemjj.exe
        
        C:\Windows\system32\Cbgnemjj.exe
        364⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\Djqblj32.exe
        
        C:\Windows\system32\Djqblj32.exe
        365⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\Dkbocbog.exe
        
        C:\Windows\system32\Dkbocbog.exe
        366⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\Dcigeooj.exe
        
        C:\Windows\system32\Dcigeooj.exe
        367⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:10292
        
        C:\Windows\SysWOW64\Dfgcakon.exe
        
        C:\Windows\system32\Dfgcakon.exe
        368⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\Dmalne32.exe
        
        C:\Windows\system32\Dmalne32.exe
        369⤵
        Modifies registry class
        
        PID:10380
        
        C:\Windows\SysWOW64\Dpphjp32.exe
        
        C:\Windows\system32\Dpphjp32.exe
        370⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\Djelgied.exe
        
        C:\Windows\system32\Djelgied.exe
        371⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\Dihlbf32.exe
        
        C:\Windows\system32\Dihlbf32.exe
        372⤵
        Drops file in System32 directory
        
        PID:10508
        
        C:\Windows\SysWOW64\Dcnqpo32.exe
        
        C:\Windows\system32\Dcnqpo32.exe
        373⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\Djhimica.exe
        
        C:\Windows\system32\Djhimica.exe
        374⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\Dmfeidbe.exe
        
        C:\Windows\system32\Dmfeidbe.exe
        375⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10636
        
        C:\Windows\SysWOW64\Dcpmen32.exe
        
        C:\Windows\system32\Dcpmen32.exe
        376⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\Djjebh32.exe
        
        C:\Windows\system32\Djjebh32.exe
        377⤵
        Drops file in System32 directory
        
        PID:10724
        
        C:\Windows\SysWOW64\Dmhand32.exe
        
        C:\Windows\system32\Dmhand32.exe
        378⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\Dpgnjo32.exe
        
        C:\Windows\system32\Dpgnjo32.exe
        379⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\Ebejfk32.exe
        
        C:\Windows\system32\Ebejfk32.exe
        380⤵
        Modifies registry class
        
        PID:10848
        
        C:\Windows\SysWOW64\Ejlbhh32.exe
        
        C:\Windows\system32\Ejlbhh32.exe
        381⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\Eiobceef.exe
        
        C:\Windows\system32\Eiobceef.exe
        382⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\Ecefqnel.exe
        
        C:\Windows\system32\Ecefqnel.exe
        383⤵
        Modifies registry class
        
        PID:10976
        
        C:\Windows\SysWOW64\Eiaoid32.exe
        
        C:\Windows\system32\Eiaoid32.exe
        384⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\Elpkep32.exe
        
        C:\Windows\system32\Elpkep32.exe
        385⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\Eidlnd32.exe
        
        C:\Windows\system32\Eidlnd32.exe
        386⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\Efhlhh32.exe
        
        C:\Windows\system32\Efhlhh32.exe
        387⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\Embddb32.exe
        
        C:\Windows\system32\Embddb32.exe
        388⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\Eclmamod.exe
        
        C:\Windows\system32\Eclmamod.exe
        389⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\Elgaeolp.exe
        
        C:\Windows\system32\Elgaeolp.exe
        390⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\Fjhacf32.exe
        
        C:\Windows\system32\Fjhacf32.exe
        391⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\Fmfnpa32.exe
        
        C:\Windows\system32\Fmfnpa32.exe
        392⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\Ffobhg32.exe
        
        C:\Windows\system32\Ffobhg32.exe
        393⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\Fimodc32.exe
        
        C:\Windows\system32\Fimodc32.exe
        394⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\Fllkqn32.exe
        
        C:\Windows\system32\Fllkqn32.exe
        395⤵
        Modifies registry class
        
        PID:10584
        
        C:\Windows\SysWOW64\Fdccbl32.exe
        
        C:\Windows\system32\Fdccbl32.exe
        396⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\Fipkjb32.exe
        
        C:\Windows\system32\Fipkjb32.exe
        397⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\Fpjcgm32.exe
        
        C:\Windows\system32\Fpjcgm32.exe
        398⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\Fmndpq32.exe
        
        C:\Windows\system32\Fmndpq32.exe
        399⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\Gmbmkpie.exe
        
        C:\Windows\system32\Gmbmkpie.exe
        400⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\Gpqjglii.exe
        
        C:\Windows\system32\Gpqjglii.exe
        401⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\Gbofcghl.exe
        
        C:\Windows\system32\Gbofcghl.exe
        402⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\Gjfnedho.exe
        
        C:\Windows\system32\Gjfnedho.exe
        403⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\Gmdjapgb.exe
        
        C:\Windows\system32\Gmdjapgb.exe
        404⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\Gdobnj32.exe
        
        C:\Windows\system32\Gdobnj32.exe
        405⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\Gfmojenc.exe
        
        C:\Windows\system32\Gfmojenc.exe
        406⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\Gljgbllj.exe
        
        C:\Windows\system32\Gljgbllj.exe
        407⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\Gbdoof32.exe
        
        C:\Windows\system32\Gbdoof32.exe
        408⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\Gkkgpc32.exe
        
        C:\Windows\system32\Gkkgpc32.exe
        409⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\Gphphj32.exe
        
        C:\Windows\system32\Gphphj32.exe
        410⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\Ggahedjn.exe
        
        C:\Windows\system32\Ggahedjn.exe
        411⤵
        Drops file in System32 directory
        
        PID:10928
        
        C:\Windows\SysWOW64\Gipdap32.exe
        
        C:\Windows\system32\Gipdap32.exe
        412⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\Hloqml32.exe
        
        C:\Windows\system32\Hloqml32.exe
        413⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\Hbhijepa.exe
        
        C:\Windows\system32\Hbhijepa.exe
        414⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11120
        
        C:\Windows\SysWOW64\Hmnmgnoh.exe
        
        C:\Windows\system32\Hmnmgnoh.exe
        415⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\Hplicjok.exe
        
        C:\Windows\system32\Hplicjok.exe
        416⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\Hdhedh32.exe
        
        C:\Windows\system32\Hdhedh32.exe
        417⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\Hgfapd32.exe
        
        C:\Windows\system32\Hgfapd32.exe
        418⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\Hienlpel.exe
        
        C:\Windows\system32\Hienlpel.exe
        419⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11092
        
        C:\Windows\SysWOW64\Hlcjhkdp.exe
        
        C:\Windows\system32\Hlcjhkdp.exe
        420⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10368
        
        C:\Windows\SysWOW64\Hcmbee32.exe
        
        C:\Windows\system32\Hcmbee32.exe
        421⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\Hkdjfb32.exe
        
        C:\Windows\system32\Hkdjfb32.exe
        422⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\Higjaoci.exe
        
        C:\Windows\system32\Higjaoci.exe
        423⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\Hlegnjbm.exe
        
        C:\Windows\system32\Hlegnjbm.exe
        424⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\Hgkkkcbc.exe
        
        C:\Windows\system32\Hgkkkcbc.exe
        425⤵
        Modifies registry class
        
        PID:11036
        
        C:\Windows\SysWOW64\Hkfglb32.exe
        
        C:\Windows\system32\Hkfglb32.exe
        426⤵
        Drops file in System32 directory
        
        PID:10452
        
        C:\Windows\SysWOW64\Hmechmip.exe
        
        C:\Windows\system32\Hmechmip.exe
        427⤵
        Modifies registry class
        
        PID:10960
        
        C:\Windows\SysWOW64\Hdokdg32.exe
        
        C:\Windows\system32\Hdokdg32.exe
        428⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:10552
        
        C:\Windows\SysWOW64\Hkicaahi.exe
        
        C:\Windows\system32\Hkicaahi.exe
        429⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\Ingpmmgm.exe
        
        C:\Windows\system32\Ingpmmgm.exe
        430⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\Ipflihfq.exe
        
        C:\Windows\system32\Ipflihfq.exe
        431⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\Icdheded.exe
        
        C:\Windows\system32\Icdheded.exe
        432⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\Iinqbn32.exe
        
        C:\Windows\system32\Iinqbn32.exe
        433⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\Ilmmni32.exe
        
        C:\Windows\system32\Ilmmni32.exe
        434⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:11524
        
        C:\Windows\SysWOW64\Icfekc32.exe
        
        C:\Windows\system32\Icfekc32.exe
        435⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\Inlihl32.exe
        
        C:\Windows\system32\Inlihl32.exe
        436⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:11616
        
        C:\Windows\SysWOW64\Idfaefkd.exe
        
        C:\Windows\system32\Idfaefkd.exe
        437⤵
        Drops file in System32 directory
        
        PID:11656
        
        C:\Windows\SysWOW64\Igdnabjh.exe
        
        C:\Windows\system32\Igdnabjh.exe
        438⤵
        Drops file in System32 directory
        
        PID:11696
        
        C:\Windows\SysWOW64\Ijcjmmil.exe
        
        C:\Windows\system32\Ijcjmmil.exe
        439⤵
        Modifies registry class
        
        PID:11748
        
        C:\Windows\SysWOW64\Idhnkf32.exe
        
        C:\Windows\system32\Idhnkf32.exe
        440⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\Iggjga32.exe
        
        C:\Windows\system32\Iggjga32.exe
        441⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\Ijegcm32.exe
        
        C:\Windows\system32\Ijegcm32.exe
        442⤵
        Modifies registry class
        
        PID:11880
        
        C:\Windows\SysWOW64\Ilccoh32.exe
        
        C:\Windows\system32\Ilccoh32.exe
        443⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\Idkkpf32.exe
        
        C:\Windows\system32\Idkkpf32.exe
        444⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\Igigla32.exe
        
        C:\Windows\system32\Igigla32.exe
        445⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\Jjgchm32.exe
        
        C:\Windows\system32\Jjgchm32.exe
        446⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\Jlfpdh32.exe
        
        C:\Windows\system32\Jlfpdh32.exe
        447⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\Jdmgfedl.exe
        
        C:\Windows\system32\Jdmgfedl.exe
        448⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\Jkgpbp32.exe
        
        C:\Windows\system32\Jkgpbp32.exe
        449⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\Jnelok32.exe
        
        C:\Windows\system32\Jnelok32.exe
        450⤵
        Modifies registry class
        
        PID:12228
        
        C:\Windows\SysWOW64\Jkimho32.exe
        
        C:\Windows\system32\Jkimho32.exe
        451⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\Jnhidk32.exe
        
        C:\Windows\system32\Jnhidk32.exe
        452⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\Jdaaaeqg.exe
        
        C:\Windows\system32\Jdaaaeqg.exe
        453⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\Jgpmmp32.exe
        
        C:\Windows\system32\Jgpmmp32.exe
        454⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\Jlmfeg32.exe
        
        C:\Windows\system32\Jlmfeg32.exe
        455⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:11464
        
        C:\Windows\SysWOW64\Jcgnbaeo.exe
        
        C:\Windows\system32\Jcgnbaeo.exe
        456⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\Jgbjbp32.exe
        
        C:\Windows\system32\Jgbjbp32.exe
        457⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\Jqknkedi.exe
        
        C:\Windows\system32\Jqknkedi.exe
        458⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\Knooej32.exe
        
        C:\Windows\system32\Knooej32.exe
        459⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\Kqphfe32.exe
        
        C:\Windows\system32\Kqphfe32.exe
        460⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\Kcndbp32.exe
        
        C:\Windows\system32\Kcndbp32.exe
        461⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\Kkeldnpi.exe
        
        C:\Windows\system32\Kkeldnpi.exe
        462⤵
        Modifies registry class
        
        PID:11924
        
        C:\Windows\SysWOW64\Kjhloj32.exe
        
        C:\Windows\system32\Kjhloj32.exe
        463⤵
        Modifies registry class
        
        PID:11992
        
        C:\Windows\SysWOW64\Kmfhkf32.exe
        
        C:\Windows\system32\Kmfhkf32.exe
        464⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\Kcpahpmd.exe
        
        C:\Windows\system32\Kcpahpmd.exe
        465⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\Kjjiej32.exe
        
        C:\Windows\system32\Kjjiej32.exe
        466⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\Kmieae32.exe
        
        C:\Windows\system32\Kmieae32.exe
        467⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\Kdpmbc32.exe
        
        C:\Windows\system32\Kdpmbc32.exe
        468⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\Kgninn32.exe
        
        C:\Windows\system32\Kgninn32.exe
        469⤵
        Drops file in System32 directory
        
        PID:11440
        
        C:\Windows\SysWOW64\Knhakh32.exe
        
        C:\Windows\system32\Knhakh32.exe
        470⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\Kqfngd32.exe
        
        C:\Windows\system32\Kqfngd32.exe
        471⤵
        Drops file in System32 directory
        
        PID:11680
        
        C:\Windows\SysWOW64\Lgqfdnah.exe
        
        C:\Windows\system32\Lgqfdnah.exe
        472⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\Ljobpiql.exe
        
        C:\Windows\system32\Ljobpiql.exe
        473⤵
        Drops file in System32 directory
        
        PID:11912
        
        C:\Windows\SysWOW64\Lqikmc32.exe
        
        C:\Windows\system32\Lqikmc32.exe
        474⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\Lcggio32.exe
        
        C:\Windows\system32\Lcggio32.exe
        475⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\Lknojl32.exe
        
        C:\Windows\system32\Lknojl32.exe
        476⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\Lgepom32.exe
        
        C:\Windows\system32\Lgepom32.exe
        477⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\Ljclki32.exe
        
        C:\Windows\system32\Ljclki32.exe
        478⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\Lqndhcdc.exe
        
        C:\Windows\system32\Lqndhcdc.exe
        479⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\Lggldm32.exe
        
        C:\Windows\system32\Lggldm32.exe
        480⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\Ljfhqh32.exe
        
        C:\Windows\system32\Ljfhqh32.exe
        481⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\Lqpamb32.exe
        
        C:\Windows\system32\Lqpamb32.exe
        482⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\Lcnmin32.exe
        
        C:\Windows\system32\Lcnmin32.exe
        483⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\Lkeekk32.exe
        
        C:\Windows\system32\Lkeekk32.exe
        484⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\Mjkblhfo.exe
        
        C:\Windows\system32\Mjkblhfo.exe
        485⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\Mkjnfkma.exe
        
        C:\Windows\system32\Mkjnfkma.exe
        486⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\Mnhkbfme.exe
        
        C:\Windows\system32\Mnhkbfme.exe
        487⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\Maggnali.exe
        
        C:\Windows\system32\Maggnali.exe
        488⤵
        Drops file in System32 directory
        
        PID:12156
        
        C:\Windows\SysWOW64\Mgaokl32.exe
        
        C:\Windows\system32\Mgaokl32.exe
        489⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\Mjokgg32.exe
        
        C:\Windows\system32\Mjokgg32.exe
        490⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\Maiccajf.exe
        
        C:\Windows\system32\Maiccajf.exe
        491⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\Mchppmij.exe
        
        C:\Windows\system32\Mchppmij.exe
        492⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\Mkohaj32.exe
        
        C:\Windows\system32\Mkohaj32.exe
        493⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\Mnmdme32.exe
        
        C:\Windows\system32\Mnmdme32.exe
        494⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Drops file in System32 directory
        
        PID:12460
        
        C:\Windows\SysWOW64\Malpia32.exe
        
        C:\Windows\system32\Malpia32.exe
        495⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\Mcjmel32.exe
        
        C:\Windows\system32\Mcjmel32.exe
        496⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\Mkadfj32.exe
        
        C:\Windows\system32\Mkadfj32.exe
        497⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\Mmbanbmg.exe
        
        C:\Windows\system32\Mmbanbmg.exe
        498⤵
        Drops file in System32 directory
        
        PID:12640
        
        C:\Windows\SysWOW64\Meiioonj.exe
        
        C:\Windows\system32\Meiioonj.exe
        499⤵
        Drops file in System32 directory
        
        PID:12680
        
        C:\Windows\SysWOW64\Nlcalieg.exe
        
        C:\Windows\system32\Nlcalieg.exe
        500⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\Nmenca32.exe
        
        C:\Windows\system32\Nmenca32.exe
        501⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\Nelfeo32.exe
        
        C:\Windows\system32\Nelfeo32.exe
        502⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\Ncabfkqo.exe
        
        C:\Windows\system32\Ncabfkqo.exe
        503⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\Naecop32.exe
        
        C:\Windows\system32\Naecop32.exe
        504⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12900
        
        C:\Windows\SysWOW64\Nccokk32.exe
        
        C:\Windows\system32\Nccokk32.exe
        505⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:12944
        
        C:\Windows\SysWOW64\Nnicid32.exe
        
        C:\Windows\system32\Nnicid32.exe
        506⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\Neclenfo.exe
        
        C:\Windows\system32\Neclenfo.exe
        507⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\Njpdnedf.exe
        
        C:\Windows\system32\Njpdnedf.exe
        508⤵
        Modifies registry class
        
        PID:13064
        
        C:\Windows\SysWOW64\Nnkpnclp.exe
        
        C:\Windows\system32\Nnkpnclp.exe
        509⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\Najmjokc.exe
        
        C:\Windows\system32\Najmjokc.exe
        510⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\Odhifjkg.exe
        
        C:\Windows\system32\Odhifjkg.exe
        511⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\Ojbacd32.exe
        
        C:\Windows\system32\Ojbacd32.exe
        512⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13236
        
        C:\Windows\SysWOW64\Oalipoiq.exe
        
        C:\Windows\system32\Oalipoiq.exe
        513⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13276
        
        C:\Windows\SysWOW64\Oeheqm32.exe
        
        C:\Windows\system32\Oeheqm32.exe
        514⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\Ojdnid32.exe
        
        C:\Windows\system32\Ojdnid32.exe
        515⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\Oejbfmpg.exe
        
        C:\Windows\system32\Oejbfmpg.exe
        516⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12384
        
        C:\Windows\SysWOW64\Ojgjndno.exe
        
        C:\Windows\system32\Ojgjndno.exe
        517⤵
        Drops file in System32 directory
        
        PID:12456
        
        C:\Windows\SysWOW64\Odoogi32.exe
        
        C:\Windows\system32\Odoogi32.exe
        518⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\Oogpjbbb.exe
        
        C:\Windows\system32\Oogpjbbb.exe
        519⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\Pddhbipj.exe
        
        C:\Windows\system32\Pddhbipj.exe
        520⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\Pahilmoc.exe
        
        C:\Windows\system32\Pahilmoc.exe
        521⤵
        Modifies registry class
        
        PID:12676
        
        C:\Windows\SysWOW64\Phaahggp.exe
        
        C:\Windows\system32\Phaahggp.exe
        522⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\Pdhbmh32.exe
        
        C:\Windows\system32\Pdhbmh32.exe
        523⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\Pkbjjbda.exe
        
        C:\Windows\system32\Pkbjjbda.exe
        524⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\Ponfka32.exe
        
        C:\Windows\system32\Ponfka32.exe
        525⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\Phfjcf32.exe
        
        C:\Windows\system32\Phfjcf32.exe
        526⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13056
        
        C:\Windows\SysWOW64\Pocpfphe.exe
        
        C:\Windows\system32\Pocpfphe.exe
        527⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\Qeodhjmo.exe
        
        C:\Windows\system32\Qeodhjmo.exe
        528⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\Ahpmjejp.exe
        
        C:\Windows\system32\Ahpmjejp.exe
        529⤵
        Drops file in System32 directory
        
        PID:13244
        
        C:\Windows\SysWOW64\Alnfpcag.exe
        
        C:\Windows\system32\Alnfpcag.exe
        530⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\Aajohjon.exe
        
        C:\Windows\system32\Aajohjon.exe
        531⤵
        Drops file in System32 directory
        
        PID:12368
        
        C:\Windows\SysWOW64\Akccap32.exe
        
        C:\Windows\system32\Akccap32.exe
        532⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\Adkgje32.exe
        
        C:\Windows\system32\Adkgje32.exe
        533⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\Alelqb32.exe
        
        C:\Windows\system32\Alelqb32.exe
        534⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12664
        
        C:\Windows\SysWOW64\Bdpaeehj.exe
        
        C:\Windows\system32\Bdpaeehj.exe
        535⤵
        
        PID:892
        
        C:\Windows\SysWOW64\Boeebnhp.exe
        
        C:\Windows\system32\Boeebnhp.exe
        536⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:12812
        
        C:\Windows\SysWOW64\Bklfgo32.exe
        
        C:\Windows\system32\Bklfgo32.exe
        537⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\Bllbaa32.exe
        
        C:\Windows\system32\Bllbaa32.exe
        538⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\Bedgjgkg.exe
        
        C:\Windows\system32\Bedgjgkg.exe
        539⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\Bhbcfbjk.exe
        
        C:\Windows\system32\Bhbcfbjk.exe
        540⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\Bnoknihb.exe
        
        C:\Windows\system32\Bnoknihb.exe
        541⤵
        Modifies registry class
        
        PID:12472
        
        C:\Windows\SysWOW64\Bakgoh32.exe
        
        C:\Windows\system32\Bakgoh32.exe
        542⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\Bheplb32.exe
        
        C:\Windows\system32\Bheplb32.exe
        543⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\Coohhlpe.exe
        
        C:\Windows\system32\Coohhlpe.exe
        544⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\Camddhoi.exe
        
        C:\Windows\system32\Camddhoi.exe
        545⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\Chglab32.exe
        
        C:\Windows\system32\Chglab32.exe
        546⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\Ckeimm32.exe
        
        C:\Windows\system32\Ckeimm32.exe
        547⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\Ckhecmcf.exe
        
        C:\Windows\system32\Ckhecmcf.exe
        548⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Cnfaohbj.exe
        
        C:\Windows\system32\Cnfaohbj.exe
        549⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\Cofnik32.exe
        
        C:\Windows\system32\Cofnik32.exe
        550⤵
        Modifies registry class
        
        PID:4612
        
        C:\Windows\SysWOW64\Cdbfab32.exe
        
        C:\Windows\system32\Cdbfab32.exe
        551⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\Ckmonl32.exe
        
        C:\Windows\system32\Ckmonl32.exe
        552⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\Dokgdkeh.exe
        
        C:\Windows\system32\Dokgdkeh.exe
        553⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\Dkahilkl.exe
        
        C:\Windows\system32\Dkahilkl.exe
        554⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\Dbkqfe32.exe
        
        C:\Windows\system32\Dbkqfe32.exe
        555⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\Dmadco32.exe
        
        C:\Windows\system32\Dmadco32.exe
        556⤵
        Drops file in System32 directory
        
        PID:2204
        
        C:\Windows\SysWOW64\Dfiildio.exe
        
        C:\Windows\system32\Dfiildio.exe
        557⤵
        
        PID:440
        
        C:\Windows\SysWOW64\Dmcain32.exe
        
        C:\Windows\system32\Dmcain32.exe
        558⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\Dflfac32.exe
        
        C:\Windows\system32\Dflfac32.exe
        559⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\Dmennnni.exe
        
        C:\Windows\system32\Dmennnni.exe
        560⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\Dngjff32.exe
        
        C:\Windows\system32\Dngjff32.exe
        561⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\Deqcbpld.exe
        
        C:\Windows\system32\Deqcbpld.exe
        562⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\Emhkdmlg.exe
        
        C:\Windows\system32\Emhkdmlg.exe
        563⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\Ebdcld32.exe
        
        C:\Windows\system32\Ebdcld32.exe
        564⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\Efpomccg.exe
        
        C:\Windows\system32\Efpomccg.exe
        565⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\Ekmhejao.exe
        
        C:\Windows\system32\Ekmhejao.exe
        566⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\Ebgpad32.exe
        
        C:\Windows\system32\Ebgpad32.exe
        567⤵
        Modifies registry class
        
        PID:3576
        
        C:\Windows\SysWOW64\Efblbbqd.exe
        
        C:\Windows\system32\Efblbbqd.exe
        568⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Emmdom32.exe
        
        C:\Windows\system32\Emmdom32.exe
        569⤵
        Drops file in System32 directory
        
        PID:3104
        
        C:\Windows\SysWOW64\Eokqkh32.exe
        
        C:\Windows\system32\Eokqkh32.exe
        570⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\Ebimgcfi.exe
        
        C:\Windows\system32\Ebimgcfi.exe
        571⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\Emoadlfo.exe
        
        C:\Windows\system32\Emoadlfo.exe
        572⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\Epmmqheb.exe
        
        C:\Windows\system32\Epmmqheb.exe
        573⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\Efgemb32.exe
        
        C:\Windows\system32\Efgemb32.exe
        574⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\Ekdnei32.exe
        
        C:\Windows\system32\Ekdnei32.exe
        575⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\Felbnn32.exe
        
        C:\Windows\system32\Felbnn32.exe
        576⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\Flfkkhid.exe
        
        C:\Windows\system32\Flfkkhid.exe
        577⤵
        
        PID:712
        
        C:\Windows\SysWOW64\Fligqhga.exe
        
        C:\Windows\system32\Fligqhga.exe
        578⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\Ffnknafg.exe
        
        C:\Windows\system32\Ffnknafg.exe
        579⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\Fmhdkknd.exe
        
        C:\Windows\system32\Fmhdkknd.exe
        580⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Fnipbc32.exe
        
        C:\Windows\system32\Fnipbc32.exe
        581⤵
        Drops file in System32 directory
        
        PID:3780
        
        C:\Windows\SysWOW64\Fechomko.exe
        
        C:\Windows\system32\Fechomko.exe
        582⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\Fefedmil.exe
        
        C:\Windows\system32\Fefedmil.exe
        583⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\Fpkibf32.exe
        
        C:\Windows\system32\Fpkibf32.exe
        584⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\Gehbjm32.exe
        
        C:\Windows\system32\Gehbjm32.exe
        585⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Gmafajfi.exe
        
        C:\Windows\system32\Gmafajfi.exe
        586⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\Glgcbf32.exe
        
        C:\Windows\system32\Glgcbf32.exe
        587⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\Gpelhd32.exe
        
        C:\Windows\system32\Gpelhd32.exe
        588⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\Gimqajgh.exe
        
        C:\Windows\system32\Gimqajgh.exe
        589⤵
        
        PID:13332
        
        C:\Windows\SysWOW64\Hbhboolf.exe
        
        C:\Windows\system32\Hbhboolf.exe
        590⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\Hmmfmhll.exe
        
        C:\Windows\system32\Hmmfmhll.exe
        591⤵
        
        PID:13404
        
        C:\Windows\SysWOW64\Hmpcbhji.exe
        
        C:\Windows\system32\Hmpcbhji.exe
        592⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\Hekgfj32.exe
        
        C:\Windows\system32\Hekgfj32.exe
        593⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\Hmdlmg32.exe
        
        C:\Windows\system32\Hmdlmg32.exe
        594⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\Hoeieolb.exe
        
        C:\Windows\system32\Hoeieolb.exe
        595⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\Ifmqfm32.exe
        
        C:\Windows\system32\Ifmqfm32.exe
        596⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\Iikmbh32.exe
        
        C:\Windows\system32\Iikmbh32.exe
        597⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\Iohejo32.exe
        
        C:\Windows\system32\Iohejo32.exe
        598⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\Ifomll32.exe
        
        C:\Windows\system32\Ifomll32.exe
        599⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\Iinjhh32.exe
        
        C:\Windows\system32\Iinjhh32.exe
        600⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\Imiehfao.exe
        
        C:\Windows\system32\Imiehfao.exe
        601⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\Ipgbdbqb.exe
        
        C:\Windows\system32\Ipgbdbqb.exe
        602⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\Ibfnqmpf.exe
        
        C:\Windows\system32\Ibfnqmpf.exe
        603⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\Iedjmioj.exe
        
        C:\Windows\system32\Iedjmioj.exe
        604⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\Ilnbicff.exe
        
        C:\Windows\system32\Ilnbicff.exe
        605⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\Iefgbh32.exe
        
        C:\Windows\system32\Iefgbh32.exe
        606⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:14000
        
        C:\Windows\SysWOW64\Iplkpa32.exe
        
        C:\Windows\system32\Iplkpa32.exe
        607⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:14040
        
        C:\Windows\SysWOW64\Ickglm32.exe
        
        C:\Windows\system32\Ickglm32.exe
        608⤵
        Modifies registry class
        
        PID:14080
        
        C:\Windows\SysWOW64\Iidphgcn.exe
        
        C:\Windows\system32\Iidphgcn.exe
        609⤵
        
        PID:14120
        
        C:\Windows\SysWOW64\Ilcldb32.exe
        
        C:\Windows\system32\Ilcldb32.exe
        610⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\Jcmdaljn.exe
        
        C:\Windows\system32\Jcmdaljn.exe
        611⤵
        Drops file in System32 directory
        
        PID:14200
        
        C:\Windows\SysWOW64\Jekqmhia.exe
        
        C:\Windows\system32\Jekqmhia.exe
        612⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\Jocefm32.exe
        
        C:\Windows\system32\Jocefm32.exe
        613⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\Jenmcggo.exe
        
        C:\Windows\system32\Jenmcggo.exe
        614⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\Jmeede32.exe
        
        C:\Windows\system32\Jmeede32.exe
        615⤵
        Drops file in System32 directory
        
        PID:3044
        
        C:\Windows\SysWOW64\Jpcapp32.exe
        
        C:\Windows\system32\Jpcapp32.exe
        616⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\Jcanll32.exe
        
        C:\Windows\system32\Jcanll32.exe
        617⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\Jilfifme.exe
        
        C:\Windows\system32\Jilfifme.exe
        618⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\Jljbeali.exe
        
        C:\Windows\system32\Jljbeali.exe
        619⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\Johnamkm.exe
        
        C:\Windows\system32\Johnamkm.exe
        620⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\Jebfng32.exe
        
        C:\Windows\system32\Jebfng32.exe
        621⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\Jllokajf.exe
        
        C:\Windows\system32\Jllokajf.exe
        622⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\Jokkgl32.exe
        
        C:\Windows\system32\Jokkgl32.exe
        623⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:13660
        
        C:\Windows\SysWOW64\Jgbchj32.exe
        
        C:\Windows\system32\Jgbchj32.exe
        624⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\Jnlkedai.exe
        
        C:\Windows\system32\Jnlkedai.exe
        625⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\Komhll32.exe
        
        C:\Windows\system32\Komhll32.exe
        626⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\Kjblje32.exe
        
        C:\Windows\system32\Kjblje32.exe
        627⤵
        Drops file in System32 directory
        
        PID:13872
        
        C:\Windows\SysWOW64\Klahfp32.exe
        
        C:\Windows\system32\Klahfp32.exe
        628⤵
        
        PID:13904
        
        C:\Windows\SysWOW64\Koodbl32.exe
        
        C:\Windows\system32\Koodbl32.exe
        629⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\Kgflcifg.exe
        
        C:\Windows\system32\Kgflcifg.exe
        630⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\Kjeiodek.exe
        
        C:\Windows\system32\Kjeiodek.exe
        631⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\Klcekpdo.exe
        
        C:\Windows\system32\Klcekpdo.exe
        632⤵
        Modifies registry class
        
        PID:14092
        
        C:\Windows\SysWOW64\Kgiiiidd.exe
        
        C:\Windows\system32\Kgiiiidd.exe
        633⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\Kncaec32.exe
        
        C:\Windows\system32\Kncaec32.exe
        634⤵
        
        PID:14208
        
        C:\Windows\SysWOW64\Kodnmkap.exe
        
        C:\Windows\system32\Kodnmkap.exe
        635⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\Kgkfnh32.exe
        
        C:\Windows\system32\Kgkfnh32.exe
        636⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\Klhnfo32.exe
        
        C:\Windows\system32\Klhnfo32.exe
        637⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\Kcbfcigf.exe
        
        C:\Windows\system32\Kcbfcigf.exe
        638⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\Kgnbdh32.exe
        
        C:\Windows\system32\Kgnbdh32.exe
        639⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\Kjlopc32.exe
        
        C:\Windows\system32\Kjlopc32.exe
        640⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\Lljklo32.exe
        
        C:\Windows\system32\Lljklo32.exe
        641⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\Loighj32.exe
        
        C:\Windows\system32\Loighj32.exe
        642⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\Lgpoihnl.exe
        
        C:\Windows\system32\Lgpoihnl.exe
        643⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:1856
        
        C:\Windows\SysWOW64\Lnjgfb32.exe
        
        C:\Windows\system32\Lnjgfb32.exe
        644⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\Llmhaold.exe
        
        C:\Windows\system32\Llmhaold.exe
        645⤵
        Drops file in System32 directory
        
        PID:1528
        
        C:\Windows\SysWOW64\Lcgpni32.exe
        
        C:\Windows\system32\Lcgpni32.exe
        646⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\Lnldla32.exe
        
        C:\Windows\system32\Lnldla32.exe
        647⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\Lgibpf32.exe
        
        C:\Windows\system32\Lgibpf32.exe
        648⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\Mqafhl32.exe
        
        C:\Windows\system32\Mqafhl32.exe
        649⤵
        Drops file in System32 directory
        
        PID:5756
        
        C:\Windows\SysWOW64\Mnegbp32.exe
        
        C:\Windows\system32\Mnegbp32.exe
        650⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\Mogcihaj.exe
        
        C:\Windows\system32\Mogcihaj.exe
        651⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\Mgnlkfal.exe
        
        C:\Windows\system32\Mgnlkfal.exe
        652⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\Mjlhgaqp.exe
        
        C:\Windows\system32\Mjlhgaqp.exe
        653⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:14108
        
        C:\Windows\SysWOW64\Mmkdcm32.exe
        
        C:\Windows\system32\Mmkdcm32.exe
        654⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5152
        
        C:\Windows\SysWOW64\Moipoh32.exe
        
        C:\Windows\system32\Moipoh32.exe
        655⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5532
        
        C:\Windows\SysWOW64\Mgphpe32.exe
        
        C:\Windows\system32\Mgphpe32.exe
        656⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Mmmqhl32.exe
        
        C:\Windows\system32\Mmmqhl32.exe
        657⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\Mokmdh32.exe
        
        C:\Windows\system32\Mokmdh32.exe
        658⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\Mgbefe32.exe
        
        C:\Windows\system32\Mgbefe32.exe
        659⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\Mjaabq32.exe
        
        C:\Windows\system32\Mjaabq32.exe
        660⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\Mnmmboed.exe
        
        C:\Windows\system32\Mnmmboed.exe
        661⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\Mcifkf32.exe
        
        C:\Windows\system32\Mcifkf32.exe
        662⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\Nnojho32.exe
        
        C:\Windows\system32\Nnojho32.exe
        663⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\Nqmfdj32.exe
        
        C:\Windows\system32\Nqmfdj32.exe
        664⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\Nclbpf32.exe
        
        C:\Windows\system32\Nclbpf32.exe
        665⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\Nggnadib.exe
        
        C:\Windows\system32\Nggnadib.exe
        666⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\Nmdgikhi.exe
        
        C:\Windows\system32\Nmdgikhi.exe
        667⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Npbceggm.exe
        
        C:\Windows\system32\Npbceggm.exe
        668⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\Ngjkfd32.exe
        
        C:\Windows\system32\Ngjkfd32.exe
        669⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\Njhgbp32.exe
        
        C:\Windows\system32\Njhgbp32.exe
        670⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\Nqbpojnp.exe
        
        C:\Windows\system32\Nqbpojnp.exe
        671⤵
        Drops file in System32 directory
        
        PID:13992
        
        C:\Windows\SysWOW64\Ncqlkemc.exe
        
        C:\Windows\system32\Ncqlkemc.exe
        672⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\Ngndaccj.exe
        
        C:\Windows\system32\Ngndaccj.exe
        673⤵
        Drops file in System32 directory
        
        PID:4412
        
        C:\Windows\SysWOW64\Nmkmjjaa.exe
        
        C:\Windows\system32\Nmkmjjaa.exe
        674⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\Npiiffqe.exe
        
        C:\Windows\system32\Npiiffqe.exe
        675⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:14188
        
        C:\Windows\SysWOW64\Ngqagcag.exe
        
        C:\Windows\system32\Ngqagcag.exe
        676⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\Ojomcopk.exe
        
        C:\Windows\system32\Ojomcopk.exe
        677⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\Oplfkeob.exe
        
        C:\Windows\system32\Oplfkeob.exe
        678⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\Offnhpfo.exe
        
        C:\Windows\system32\Offnhpfo.exe
        679⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\Ompfej32.exe
        
        C:\Windows\system32\Ompfej32.exe
        680⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\Opnbae32.exe
        
        C:\Windows\system32\Opnbae32.exe
        681⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\Ogekbb32.exe
        
        C:\Windows\system32\Ogekbb32.exe
        682⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\Onocomdo.exe
        
        C:\Windows\system32\Onocomdo.exe
        683⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:3020
        
        C:\Windows\SysWOW64\Oanokhdb.exe
        
        C:\Windows\system32\Oanokhdb.exe
        684⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\Oclkgccf.exe
        
        C:\Windows\system32\Oclkgccf.exe
        685⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\Ofkgcobj.exe
        
        C:\Windows\system32\Ofkgcobj.exe
        686⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\Onapdl32.exe
        
        C:\Windows\system32\Onapdl32.exe
        687⤵
        Drops file in System32 directory
        
        PID:5168
        
        C:\Windows\SysWOW64\Oaplqh32.exe
        
        C:\Windows\system32\Oaplqh32.exe
        688⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\Ogjdmbil.exe
        
        C:\Windows\system32\Ogjdmbil.exe
        689⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\Ojhpimhp.exe
        
        C:\Windows\system32\Ojhpimhp.exe
        690⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Opeiadfg.exe
        
        C:\Windows\system32\Opeiadfg.exe
        691⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\Pfoann32.exe
        
        C:\Windows\system32\Pfoann32.exe
        692⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\Pmiikh32.exe
        
        C:\Windows\system32\Pmiikh32.exe
        693⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\Phonha32.exe
        
        C:\Windows\system32\Phonha32.exe
        694⤵
        Drops file in System32 directory
        
        PID:5248
        
        C:\Windows\SysWOW64\Pjmjdm32.exe
        
        C:\Windows\system32\Pjmjdm32.exe
        695⤵
        Drops file in System32 directory
        
        PID:5320
        
        C:\Windows\SysWOW64\Pmlfqh32.exe
        
        C:\Windows\system32\Pmlfqh32.exe
        696⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\Pdenmbkk.exe
        
        C:\Windows\system32\Pdenmbkk.exe
        697⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\Pmnbfhal.exe
        
        C:\Windows\system32\Pmnbfhal.exe
        698⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\Paiogf32.exe
        
        C:\Windows\system32\Paiogf32.exe
        699⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\Pdhkcb32.exe
        
        C:\Windows\system32\Pdhkcb32.exe
        700⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:4644
        
        C:\Windows\SysWOW64\Pjbcplpe.exe
        
        C:\Windows\system32\Pjbcplpe.exe
        701⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\Pdjgha32.exe
        
        C:\Windows\system32\Pdjgha32.exe
        702⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\Pjdpelnc.exe
        
        C:\Windows\system32\Pjdpelnc.exe
        703⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\Pnplfj32.exe
        
        C:\Windows\system32\Pnplfj32.exe
        704⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Panhbfep.exe
        
        C:\Windows\system32\Panhbfep.exe
        705⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\Qfkqjmdg.exe
        
        C:\Windows\system32\Qfkqjmdg.exe
        706⤵
        Modifies registry class
        
        PID:6784
        
        C:\Windows\SysWOW64\Qmeigg32.exe
        
        C:\Windows\system32\Qmeigg32.exe
        707⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Qpcecb32.exe
        
        C:\Windows\system32\Qpcecb32.exe
        708⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\Qjiipk32.exe
        
        C:\Windows\system32\Qjiipk32.exe
        709⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5140
        
        C:\Windows\SysWOW64\Akkffkhk.exe
        
        C:\Windows\system32\Akkffkhk.exe
        710⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\Aphnnafb.exe
        
        C:\Windows\system32\Aphnnafb.exe
        711⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\Afbgkl32.exe
        
        C:\Windows\system32\Afbgkl32.exe
        712⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\Adfgdpmi.exe
        
        C:\Windows\system32\Adfgdpmi.exe
        713⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\Agdcpkll.exe
        
        C:\Windows\system32\Agdcpkll.exe
        714⤵
        Modifies registry class
        
        PID:6556
        
        C:\Windows\SysWOW64\Aokkahlo.exe
        
        C:\Windows\system32\Aokkahlo.exe
        715⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:5260
        
        C:\Windows\SysWOW64\Aajhndkb.exe
        
        C:\Windows\system32\Aajhndkb.exe
        716⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\Adhdjpjf.exe
        
        C:\Windows\system32\Adhdjpjf.exe
        717⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\Aonhghjl.exe
        
        C:\Windows\system32\Aonhghjl.exe
        718⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\Aaldccip.exe
        
        C:\Windows\system32\Aaldccip.exe
        719⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\Agimkk32.exe
        
        C:\Windows\system32\Agimkk32.exe
        720⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\Aaoaic32.exe
        
        C:\Windows\system32\Aaoaic32.exe
        721⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Modifies registry class
        
        PID:6140
        
        C:\Windows\SysWOW64\Bhhiemoj.exe
        
        C:\Windows\system32\Bhhiemoj.exe
        722⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\Bdojjo32.exe
        
        C:\Windows\system32\Bdojjo32.exe
        723⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\Boenhgdd.exe
        
        C:\Windows\system32\Boenhgdd.exe
        724⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\Bacjdbch.exe
        
        C:\Windows\system32\Bacjdbch.exe
        725⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\Bhmbqm32.exe
        
        C:\Windows\system32\Bhmbqm32.exe
        726⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\Bgpcliao.exe
        
        C:\Windows\system32\Bgpcliao.exe
        727⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\Bogkmgba.exe
        
        C:\Windows\system32\Bogkmgba.exe
        728⤵
        Drops file in System32 directory
        
        PID:5976
        
        C:\Windows\SysWOW64\Baegibae.exe
        
        C:\Windows\system32\Baegibae.exe
        729⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Bddcenpi.exe
        
        C:\Windows\system32\Bddcenpi.exe
        730⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\Boihcf32.exe
        
        C:\Windows\system32\Boihcf32.exe
        731⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\Bahdob32.exe
        
        C:\Windows\system32\Bahdob32.exe
        732⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\Bkphhgfc.exe
        
        C:\Windows\system32\Bkphhgfc.exe
        733⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\Bnoddcef.exe
        
        C:\Windows\system32\Bnoddcef.exe
        734⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\Cpmapodj.exe
        
        C:\Windows\system32\Cpmapodj.exe
        735⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\Chdialdl.exe
        
        C:\Windows\system32\Chdialdl.exe
        736⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\Cdkifmjq.exe
        
        C:\Windows\system32\Cdkifmjq.exe
        737⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\Ckebcg32.exe
        
        C:\Windows\system32\Ckebcg32.exe
        738⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\Caojpaij.exe
        
        C:\Windows\system32\Caojpaij.exe
        739⤵
        Modifies registry class
        
        PID:6040
        
        C:\Windows\SysWOW64\Cdmfllhn.exe
        
        C:\Windows\system32\Cdmfllhn.exe
        740⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\Cglbhhga.exe
        
        C:\Windows\system32\Cglbhhga.exe
        741⤵
        Modifies registry class
        
        PID:6148
        
        C:\Windows\SysWOW64\Caageq32.exe
        
        C:\Windows\system32\Caageq32.exe
        742⤵
        Drops file in System32 directory
        
        PID:6764
        
        C:\Windows\SysWOW64\Cdpcal32.exe
        
        C:\Windows\system32\Cdpcal32.exe
        743⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\Cgnomg32.exe
        
        C:\Windows\system32\Cgnomg32.exe
        744⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Cacckp32.exe
        
        C:\Windows\system32\Cacckp32.exe
        745⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\Cdbpgl32.exe
        
        C:\Windows\system32\Cdbpgl32.exe
        746⤵
        Modifies registry class
        
        PID:5456
        
        C:\Windows\SysWOW64\Cgqlcg32.exe
        
        C:\Windows\system32\Cgqlcg32.exe
        747⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\Cogddd32.exe
        
        C:\Windows\system32\Cogddd32.exe
        748⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\Dhphmj32.exe
        
        C:\Windows\system32\Dhphmj32.exe
        749⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\Dojqjdbl.exe
        
        C:\Windows\system32\Dojqjdbl.exe
        750⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6128
        
        C:\Windows\SysWOW64\Dahmfpap.exe
        
        C:\Windows\system32\Dahmfpap.exe
        751⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\Dpkmal32.exe
        
        C:\Windows\system32\Dpkmal32.exe
        752⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        
        PID:6640
        
        C:\Windows\SysWOW64\Dhbebj32.exe
        
        C:\Windows\system32\Dhbebj32.exe
        753⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\Dkqaoe32.exe
        
        C:\Windows\system32\Dkqaoe32.exe
        754⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 400
        755⤵
        Program crash
        
        PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6892 -ip 6892
1⤵
PID:6564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
1⤵
PID:7004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aaldccip.exe

Filesize
80KB

MD5
27b1080ffc36573a480fdee5c55c31af

SHA1
b2a64f5a94d894795b284f0f473daf5392fed2f3

SHA256
db485431c0f039d79cf6f2e3596a9d05ccdf4b2050b408f6a51cd0c70352b461

SHA512
4258b501b75dec2c4c60426802c47bff5f320a745157ec8faf0a1faf97aa41453c8e50750422f726a698bc48549016418480b3635b22162ca0d6e80a4959f1fa

Download Submit
C:\Windows\SysWOW64\Agoabn32.exe

Filesize
80KB

MD5
8ba2db04f1d752dc7df5ac930a0e01e5

SHA1
f0e868b2dabf3e99b9bd31eeb90854dd15d695b1

SHA256
f1d15ea17cb025a9801308f953b97e3280e6c50c213283788ee500bfe5b4f46d

SHA512
677971139252cc6de530c25f0531ffff5ae7f642080e8aeb4a3ef7d6cc6ad243c7afda14dd25d9d5db313c4d8c3fda96647b27c98a1aa1d3f87fa15ca444b89e

Download Submit
C:\Windows\SysWOW64\Akccap32.exe

Filesize
80KB

MD5
36728376991fb231745c4b9faa9342dd

SHA1
58e16a9690a4bcf8757b5e17a430933fbe402322

SHA256
e0bc62ec6f9039371ddf539ea9b73bec8d60250378e4e412d91b19be713978cb

SHA512
ce830075dd56e7b8e94f505cae73fab8c28da778f3805e5fc87d7557b38380fc67777f7b8abd69edffe6ee797ad328b5762852508084978e14b4d66325e0e66e

Download Submit
C:\Windows\SysWOW64\Anfmjhmd.exe

Filesize
80KB

MD5
68a1d1e77bd9223ef67a8d04bc56447a

SHA1
2154b37e767a719685ddabafc151d70d512fc1be

SHA256
f74c8f41e2fb83d1db6150f022bb48da6bd0767ba5827f67504efe3d7bbf536b

SHA512
548f3df471e3f2e0e7707264a3e8138dcf90de5b239f1aef70d41e0e4215fc420ee56071fc611460beadd492549e988f977bec0b6d37951182c5080af042d9c8

Download Submit
C:\Windows\SysWOW64\Aodogdmn.exe

Filesize
80KB

MD5
15c586913e989084ab36a6d04ee6f368

SHA1
11208b2cbf84534337b4d08a66627fb0dec9dd4c

SHA256
d8207f94f4832d9242d45d0ee3f93b964189575dbec5ab172e3efadd4a18de10

SHA512
ae5535030ae42a0fcc04dfeb931f0471bca3cb60fa964e15f506c2230e61d69ea38bdfe5c4db5ec91a7a3bb51b727c6efb8675a7c60fae40693b1cafe100e436

Download Submit
C:\Windows\SysWOW64\Baicac32.exe

Filesize
80KB

MD5
2d8a6c8bc968128ac222c81adac41832

SHA1
45e5a957ee95529e386028f1ddd8cfe2617976d9

SHA256
6289c55e1c877a8b46548fcca5efa1c635f67d9e849004c1daefc9c480466f6a

SHA512
680523bcdaddf451dc59a6edc8df9a5ca8797e92ec0d2d76127fb237c5695086b60f8d7e7e3f864d68e743e798cf717b6c796353a2bfe94188e29763be1f88c1

Download Submit
C:\Windows\SysWOW64\Bcjlcn32.exe

Filesize
80KB

MD5
459897e1df86787600f51522acb93cf6

SHA1
fb3de776ce660c05de49a75aafe8b3a01fa05132

SHA256
f050c72b367da9241f15de31867944a84e038230bae40debd71f2ac264e2b1d5

SHA512
5dcf8653d907e0f098287e6b79a6d11d6c1ccd7a359dc58d84ba0a6ff39fd297fde3203161e763e871afce8bb42140d2368bae90a6c98f243641921a4e1909e4

Download Submit
C:\Windows\SysWOW64\Bdojjo32.exe

Filesize
80KB

MD5
eca35e9898f5dfd68a5d13422cfda86e

SHA1
85898a30e22f37b791ed5299789c3f3286d1c19b

SHA256
12031560126dc4ecaced82e75fa454ef8604cd45cf2a922ee01836c860c44d78

SHA512
c1fd24de1d45270a13ab857ee9de3963952c9fc47a946cc0713229185a7e438d1d3290e0899e0efee022ac992d8ef59d506ee554b0438da24ae53ceca7d78c37

Download Submit
C:\Windows\SysWOW64\Bfdodjhm.exe

Filesize
80KB

MD5
3baaa37c5bd6cb041e970f2c089b9c1a

SHA1
63c10efce4cef67c89eec0b9ace47eebcde4a1e1

SHA256
44385722f83d134d816359e7ef53d09790178b62e54feac95c07b3e9fc680d28

SHA512
0965c022b2a6be559fec93ffded747f7eb4504984d5cda66a5cbee5f327e8c23684b1858405159d9789378193e6ccef00675b027ddceafb2752c277219b33356

Download Submit
C:\Windows\SysWOW64\Bgcknmop.exe

Filesize
80KB

MD5
2c39950f2a1f6486550cd9f879833c05

SHA1
9061b226e106506225306c86df0b96ab5ca655e9

SHA256
2db9342d2278e37cf152a0977e572213daacc5331742472b33e7927660986a7b

SHA512
a05ef24ff3ce3cc37dd36c15274174a3abce1955c3b2da35b98f63ab5d3a67958000392575e9541c5059b29ce452f7048af759a04c68e141bb357e1594affb15

Download Submit
C:\Windows\SysWOW64\Bklfgo32.exe

Filesize
80KB

MD5
e202962ac64acee6ec2dab4907b8eec1

SHA1
52f02ba95bedec97c3d2b67248554bd7fd5e48ae

SHA256
0626416f7899e6386787e0823dba2f823ff0f375449dbd89f6d1728ec89221ff

SHA512
8869e0eebfbd7874a561961c8efe5a4461d4cd1eef34d8ff317963884d98fa1f453f2d2758c63006a72a0863ec980868d99e45ba435e5c4335c596a3499f409e

Download Submit
C:\Windows\SysWOW64\Bmbplc32.exe

Filesize
80KB

MD5
7050055ffdf2492ae69dbb9481fd7e5b

SHA1
5debb9fb05836fe441932206a29fc7c3b9c80036

SHA256
64e397e1f4b5c8cb1a7c727213827dd15d667f3a863a73d3d5c603f19d16ea9a

SHA512
d4adab3f03b9106b8e5348d3e70b45968ab80d1a26a0fde0e118fae2ff0b9e1096ee4e4f4e57c7d3a0273084ff3a09289b9d9b9257f35a737cae0fedbea95791

Download Submit
C:\Windows\SysWOW64\Bmemac32.exe

Filesize
80KB

MD5
52bfdfb1237d375bbd6dc54616b86347

SHA1
5346847324c2d50222faf6774808cea6b84032d2

SHA256
8ecb33118b1cfb0a43793343a15b9301c0a1fb036c4de90084dbb212f93dd9b9

SHA512
612f1ebfbcb410b6a9b0b66a6e57a3298ace63ccccbec95bf98b166997e0dd533936df802bf81d840c04dc242c245ecf60f1ed66d4e57924dbbb44a66a831c30

Download Submit
C:\Windows\SysWOW64\Cabfga32.exe

Filesize
80KB

MD5
d36b20066b6377b3cc229b208c63999c

SHA1
31ca4d3f0579717d0ee6403698b3783a80a19a4a

SHA256
82eeea03906823f6767084bcb7eb66c916ad02e26d3aed303b0fd08da2eb7542

SHA512
3fe0b18d567d9b96ecfabee1228275710d472410d3bd5f27a8e199dfce1efe570be5965a2a423c29cef286e7473f8d52ba5ddb5836722a3866c7b78088028d8e

Download Submit
C:\Windows\SysWOW64\Cagobalc.exe

Filesize
80KB

MD5
7dcc6ab435a6733019429ebd3a3269c5

SHA1
c69bfee75b64bd8fbb7bc098c77456a6304ee5de

SHA256
c5c9fb24d425c1885b7587af25f181e43e4aa5c8cb8b4f6426546c3415dd0404

SHA512
63ddd15aa0a863cfe5324fcdffa1f0ceb06a5a8baa946fbb333d5d41dd85b319182cccd79057559f75fbbad1b31d0bd65b0b970bd4f1e39e7d95d315fd591d0b

Download Submit
C:\Windows\SysWOW64\Cajlhqjp.exe

Filesize
80KB

MD5
5208fa8f28ee7c108393909f033435eb

SHA1
cca3ab5602701eb3f2363fb101538fa7b4f55383

SHA256
1b11ebb33a13201ddb30d090d0373b013a454486106c943cfb6826756d30ca93

SHA512
14170ce797ff2c098092b7f450345bd3810c2adb283c5594fff7420486726bbb85ee3fd90f7036aa64e52d542e560d3c14c5b38d65d266dd4d1d411f4679349e

Download Submit
C:\Windows\SysWOW64\Cfdhkhjj.exe

Filesize
80KB

MD5
92d2b66195e504ecc3b0253cf1007781

SHA1
6ca613d433fad5e2dd8456f66ab25dc4fd38d732

SHA256
9f19f7692fca21e726a693ca8e58883d1ac8e7275dcb9b9a049983a106d710c4

SHA512
3f0cca5e6caf82d4323ec36e40d3cc10ad4dd81960c56b0f2609d2403dd9b5ab6a009a68904a168f939153ea3d505e07ab2b6909379552e3231b1433afb3bd75

Download Submit
C:\Windows\SysWOW64\Chjaol32.exe

Filesize
80KB

MD5
4fba7b32e2599107757bfd16a9080f17

SHA1
d058dd1002db3e2b8e646dd4a6ba993e313c1eb3

SHA256
9fd9e9ccdea03c5750cc489efa989b710e85e5f5c4b1dba9178161886be87ce1

SHA512
454302e201cf5ad528b1d32e9f77bbc8042bdc34c72dbaaaf2ade3dcc1cdc5c3b9c58b374f10e9b425afeb461e89ca10d0c8a97e66bc505f03891da6b5833dd9

Download Submit
C:\Windows\SysWOW64\Chokikeb.exe

Filesize
80KB

MD5
8a5c4c6b2d7862bb63741c8bc2ced23b

SHA1
e7452ea4de86dffb8744f397ef5094e84803ad7f

SHA256
8133fbd2595bc40df4ee0fa236913d09bda22d3d8d55b68e7f5ab6c052066a37

SHA512
c5196eadc689c519ecc35b3ab1970ecbf2c38484754585a2881e8eedc3461945bc9b16a43f76d1c3f26b0d1a111cd5f3b4efbe4720e0aab5aa3d3ad429f883a7

Download Submit
C:\Windows\SysWOW64\Cjbpaf32.exe

Filesize
80KB

MD5
dfbd08f85442ea20a4b78c56a4798559

SHA1
3cd6c0767520a7f79731b83908a2660ddfa0ebc6

SHA256
cb0c7da5dab3378778c8d7e14fd032f9d5930d978944da9fb40db74abdbe5e92

SHA512
3d308b31f5ceb853ab17d25ac1a3773b828f54e6b4da8a6549ad87df2c5e9fff9b0939be4597493405d4b687f5015781ef2eac13a538d3b9f48c873efd80abc7

Download Submit
C:\Windows\SysWOW64\Cjinkg32.exe

Filesize
80KB

MD5
62c5c4d28af17a0ca8e1c51e4f3baeb4

SHA1
7d67fc7a73c4dc0e52151d4840241f127cc896b2

SHA256
4c4cda09aed40fdc385bfd77a998134a6fd794b2b105b98935f61f8ff1f8709a

SHA512
e903f1ffd625e57334346cf3e56f5b432650b60b0c032206867829a08650ac484e0f9c6751713d61a5ed9e8fba4489465343e90a57baa91463deda5d3a3959f2

Download Submit
C:\Windows\SysWOW64\Cjkjpgfi.exe

Filesize
80KB

MD5
30543766bba905f51dfffcad6693e43c

SHA1
42a32e20943e5da30d5afe60ae328aee04198359

SHA256
1db0772e22f75f652d105e52631e51a972314c911bdd473bc7da3a4521be45fc

SHA512
b90ec7f57410b7f7cc3f3f1e33991dc393b3d655941907ec217675c5d1f65b7cc5c8972233619e116d363b188fb73e441f2b0fd5da5ffff145eaa9ae901a9aa6

Download Submit
C:\Windows\SysWOW64\Ckmehb32.exe

Filesize
80KB

MD5
2b61a863139374c933f6d7df53b417ca

SHA1
da979dc76cbaa34b8f2c5738079c139067333455

SHA256
32eb375779a66c6d24d58e47589e6ab4035f4a57268a351c2c3d55745e199276

SHA512
22a94597f2afff51fdd8ad2f5e54680ccbdc630cf9d6e0666bc799695b893118044ccf64d58393d61ef4951bea90915a0b1dd7c4aee341398fef9831a9f944f7

Download Submit
C:\Windows\SysWOW64\Cofecami.exe

Filesize
80KB

MD5
7fdb04a5176c4d91132967fdb64ba859

SHA1
0edc420f1f2a516028d0deb3edbff493e17fb405

SHA256
a0aed3000d6083441e38f11bcbe791d4b4135044eec697f59b8e5f850be52786

SHA512
917540ad21945bfefa55bda7f3493c16147c050d29157ece64aa786ca08d43014c38fcc2ca0b1b137e909bd75bf74e43f032a235a509f08980f1881c496bc584

Download Submit
C:\Windows\SysWOW64\Dbkqfe32.exe

Filesize
80KB

MD5
077991a28f69d9fe5296827b8c9605f2

SHA1
a14e820d7fa6511c99b413d9dfc8bde90791ccf6

SHA256
fd493cd0b83786c9d9d0a07fe04c9da87e42436d9477c5c5199317926d7b8375

SHA512
27245b007170e081a8517518101757bd535b5a6cd837f722b25196d1c0ec38def70cd08b3323e099353afd5fb32661ed25c8d107a0f9a41ed3358575f38df86f

Download Submit
C:\Windows\SysWOW64\Dddhpjof.exe

Filesize
80KB

MD5
587ce1aa8fe912bf5bc8ac46e7fe2441

SHA1
4fae3ef55bc174830d7b720b83c0362c4ed7966e

SHA256
6b1cccfa98a54d2bbc1db90a2c585748e64749622edf0db49bce30e49bb5156a

SHA512
fa25648a94f1fd09116a49d130ac7a919f57f19d5ac48c845e2f364109ce0bcb3594af0ae6abff5aa6d5bac7c624893cb3d4dc4aa7183da3b9a3031e62279a75

Download Submit
C:\Windows\SysWOW64\Ddonekbl.exe

Filesize
80KB

MD5
0d97da3c86a58a7a28f4a4e772720628

SHA1
cee1201749702dd3d902c37309fd48cb4c9b8b26

SHA256
a19cd9ec4ccd31128c5efd45b5cd4f33faed83902cc6e612700044b49e77a0f2

SHA512
a323e539475377fadcd5bbb5a666a029b3c997456707fe2277828593453503a821f18b514c342167ffba7da696ee9db43c9449560766ab81642c661224c8a74d

Download Submit
C:\Windows\SysWOW64\Deokon32.exe

Filesize
80KB

MD5
a41d91bce74f3762e780653c8dda097c

SHA1
5c5faaa9a89ecd025f5d561cc9e5d5070cbe98d9

SHA256
8ea2b3b63bcd6238ef5ce3d5441ad8229ca982c31a412db25d5c958c2d583a6a

SHA512
7d019d264fb82d6fbd1be488d4434e449e6acfca456ff09941ba3b4ca9fac6ecf9eabcf9482546d71b2913f66388d541271ffc4fbc853f755c67174a68d602b1

Download Submit
C:\Windows\SysWOW64\Dhhnpjmh.exe

Filesize
80KB

MD5
e6ab98100a79d03222f6018236489b56

SHA1
94f4a54a9db588ed290a5fe8f19b123d9a13cf74

SHA256
7e865ce740202a1847576a3a9ee5d2d0d7a6b3f0c0a270a0f9505dbaeb8bcb8a

SHA512
5fb660b4996fb17821bbb914007d2a54d1f51d73b6f41377d96d21b7c14c1e2d0b099c53ce0a61da4c6d71e6768aa007ba3b1dd21a6a850a9275ca1f767bfbb9

Download Submit
C:\Windows\SysWOW64\Dkifae32.exe

Filesize
80KB

MD5
d2759b0bcb17055ae58fe58bf4897546

SHA1
145c73c13b519755a8b38c47302fe07c7c230649

SHA256
12da28e4bd7dedc935a9d140ece1102878fabb0c76c26b04debb20871d051f8e

SHA512
48a7b10c6e6b1f2f1886da9eb244508f8b9a435794baa9e2faf97de0c67ec5e5e57b8252d3e2b101072f8ba3f89ff4b80d443cdf777bff08e4501cf314f13281

Download Submit
C:\Windows\SysWOW64\Dmefhako.exe

Filesize
80KB

MD5
7216536bd2729e41d0565427f31072fe

SHA1
cde7fec6f1cc27fb61d9257f4a31a2e67112f252

SHA256
d4b03f6f9d4be9307230baa60ee0fbedaee60f92e126e06ad82431e2fca25fea

SHA512
86e896a3d2af2ba616e5e4276a0e3e041220a0a46421e0bf646e209c244bcfc68ae37614dda4df22bdab860e4e42de05dd827f420ac1ad031470e7c0858e19a0

Download Submit
C:\Windows\SysWOW64\Dogogcpo.exe

Filesize
80KB

MD5
4fa52bc148e6a1594418f213acc3aa1d

SHA1
0c03d4db4dc5fa1aa27cb0a30e48eb4499ba0e1e

SHA256
b889df0b250fbdaecf09d59f8e233cf5449437366724bfb20c755b5c2f41ba76

SHA512
61d0972d979563aeecd214ea20120ae0d7dc8a980db33fd8f1d39d69cb1dc6742923ced69895380d80635ec84f45f739c917e9a4dc964673e9f38c4e2aa39015

Download Submit
C:\Windows\SysWOW64\Ecefqnel.exe

Filesize
80KB

MD5
4cfbb1385b9593e4ab7be714f96e37f4

SHA1
4ed21bd4dde709811b729284a68e9c0095aa61d6

SHA256
b3568093158967f26560fa70814fba3030c9723d0f4862f8d09c96bc9fd16107

SHA512
15e0f685b385571cd7c0c4eef5c3c508e2cdecf32a2517b01a5a5d2069f78e9c99c563eb14e4c98e1f4e92fa9d7ef505d4ecbe58733d14ca39f97a803d6800da

Download Submit
C:\Windows\SysWOW64\Edfdej32.exe

Filesize
80KB

MD5
e3573480c97e974cd3b8692201c151cc

SHA1
1e8b9b4dfd3e901a191bba6120bcf644289c2300

SHA256
09f6bdfd7e9b37c4af4bd556a8d49e0925e6b2ea5f167708a701f060ad55c5c5

SHA512
a75151a1c9e55bced209fca242d85bc8b0097383910be59ed38a3c27945dcef6e8680e51587fef883642b73f6241481b73b3f15615080a8e826fa283dd0fda03

Download Submit
C:\Windows\SysWOW64\Edmjfifl.exe

Filesize
80KB

MD5
b6ddc77530ee2cf54309fc02a5645d1b

SHA1
4978bb3085a0d1b79066d9e6197df5e3252930be

SHA256
262cfdec0207d93edd1b8482f7d0735d228a61540b4736a97f125ca8dcde9761

SHA512
e42173c8d37d3fed9f64fdddba0465d3e2451df8dd4a3c7affc0e2222d9b250fffbd6e7ba917e4f27b46dcb5dac7efc04e0a1c6a9b77fa0eb935c85ae41adb71

Download Submit
C:\Windows\SysWOW64\Ehdmlhcj.exe

Filesize
80KB

MD5
d297cde5920c6cc83ccdbf68634f2c1f

SHA1
0247bbeb5f586fb27869daf44280161d67fa01b9

SHA256
fc5e14af51c27da5176ceab4e17083590d6940b88f31abf32f68abec11e48ff9

SHA512
6f97f99ada8070842fe5fe9e299e8cc6f331b07ab65472e8b0970e9d830efbb69e7798fa8e5661c80b2999cd2b2b80f7fe88fcc52bb5bce96959dceb2fd48d17

Download Submit
C:\Windows\SysWOW64\Ehkclgmb.exe

Filesize
80KB

MD5
af805782ad151732a086f02926ecf794

SHA1
8b6872f0e096a2d660733907eed7583619ee9de6

SHA256
f9f431b15106d4932bf88350a94c0b6ac42585c95aa17f505f0c9fccb8078de5

SHA512
4a75e170ec82e35c5db6eb0940f4ce8da145b44ce6377dcf88a7ee7a7573d9ec3a1319baf44ea8b7a942de5f2520e9b18297802f237fd97767fbf4c38d7ccc76

Download Submit
C:\Windows\SysWOW64\Eidlnd32.exe

Filesize
64KB

MD5
0e894d7800f7bea1a23218ca6f58cdec

SHA1
b5b6172bfc4e776bf26d0c9677a29d549627527b

SHA256
5b5bbe4c306e2254042927f389dbc65c4c72e7d968e79ba026aa97150570127a

SHA512
e0b816895ae9215f3cbaf6c53b81bc9bce7a4a6c9b0b43c09ce2ec75906d2bdeb5362bc0eaa0910cc3a00e2725955b4888d57011dbfb8f545b9aede73a0db0b5

Download Submit
C:\Windows\SysWOW64\Ekpmbddq.exe

Filesize
80KB

MD5
232f956746b706c24b48a37ab66a5de8

SHA1
8d39444b2884cfc993b2c5f5956baf7cbfdaaf9b

SHA256
e5f678a11d2605774d05f7d31c640383aacf78a1cdfcadc8021b549d35a7a5a9

SHA512
bed9740ac877438d8b5179c2a4ab2078289e39b87aeb079639d983561cf0175f5e5055e3c069018bc23741086c61e1b8e3ffe54f1dc353390cba0c041a72101f

Download Submit
C:\Windows\SysWOW64\Elgaeolp.exe

Filesize
80KB

MD5
6b0de0b306ea7937b78931191941d2ac

SHA1
a7fbca93dc5b82cb62754bffa09a609e7ab1f216

SHA256
75a2fcd58f0af2e8ee9c3d953df84854b90c3488a8241ac29feb174ea11164f0

SHA512
9e5557d28479ef0b5843e916649149fb1a9a74f4026332e1b52f98f566bb34c2c2ae91c2457f872a34c0caa999d33acad016a144dcd12d7da8c26f28d32903c4

Download Submit
C:\Windows\SysWOW64\Emaedo32.exe

Filesize
80KB

MD5
f347d2accb52ecbe78c125bb2ed4e689

SHA1
cc88afa1ff302eb77841849f3b9a44753382ee61

SHA256
6e6b8d3b82625ddbdb536e757a1aa8ed5bfc7d537f120d39244a402bf879ad43

SHA512
dc8ec8cb41efa7d3dff487366c14a92f18081e0566fa39ca87b7073bf4d59802e1cc494a91d14e8c507174237c0626b75111468ef024ca66a6019f41fa92cf39

Download Submit
C:\Windows\SysWOW64\Eobocb32.exe

Filesize
80KB

MD5
e9cc0fed62c635dec12efff9af3841d6

SHA1
6bdaea08cb939e1732540e98222aa99bed2dfeb4

SHA256
7beeecb0f610ac04831e50c33b234ffa40e0363d7d7c944640949d166cce4d17

SHA512
56ad4f5ccb176e85586e67204686163716604924a3338d0d1b087cf00ef0bd61a9e663c5179ead5aba6e6218d4c4bf9f87b377780d79c7ad51076c2cb30e45b9

Download Submit
C:\Windows\SysWOW64\Eopbnbhd.exe

Filesize
80KB

MD5
7d308174bca0dbfe600ae4440380dcff

SHA1
5275ab5081007298fd2d40f85ed59b38de212bc1

SHA256
88af5b2e297fdbfad355533c8a2b86795f5fc21e80cc044696923e6adfcaeb01

SHA512
27f02f1658ae936e029afe3422bdaeb87c1f810f7d2f644a7f72d9ae35b2c323c2d0225929da1c1463bb27b56bf8d940a2efb1c22f70c8f7d5ce5f2b7696aca3

Download Submit
C:\Windows\SysWOW64\Fefedmil.exe

Filesize
80KB

MD5
43a9d17f95c7cf9709989f8db8c85258

SHA1
a3915cb0da39b6646c75bf0e5b2055fca18d09e5

SHA256
0f126b36f1c43f16463c8faadaf60966f71aea307ce7bb0965bc627763bf2162

SHA512
05f31318e56a3fe8b94098ab676cb9f3aaf9377693531f093fb01a79bbc255dc13e098106f896815d4277176edb410839e5409630c9d13c075c9b48fb992abeb

Download Submit
C:\Windows\SysWOW64\Fmlneg32.exe

Filesize
80KB

MD5
57c4ff66a5a3b17751c8cdddc177ad19

SHA1
d75469a4d8f5ffc12f87eadf53bf1c01bef38011

SHA256
96d16b25686acd3305237398520a15c07c75a6eb158c389e0d5db03d3b485c8a

SHA512
494b61ab91b4a65c3eb6d24ce2fdde79c412bb3ad768375eeba47a84340f67eb42d6d32a74bd1250beadc4d3f5c17396bf8e86be8d63bf1efefa8467809d20ed

Download Submit
C:\Windows\SysWOW64\Fmndpq32.exe

Filesize
80KB

MD5
8f604b584c7351723bd70fef6452e4b3

SHA1
022843d63dd735b3a3d2e355cd782ccdb3d98cca

SHA256
5129d1a0660df33048d8abce8a1c642a384d4a2c62f7193be2c6f6272a915966

SHA512
280479026ff0ca715d90fdab50a9ecc52654313a89e4f195cdcdfdea335342b4276f143b2fdd1a83481c766325ea2b8ec1eef2de464819151abaa9569180821f

Download Submit
C:\Windows\SysWOW64\Fnipbc32.exe

Filesize
80KB

MD5
57fe4c9d736c22aa7332cfa2c2139823

SHA1
d35c57ad3b7e9d3ecb67de71fa9571cba0aca0df

SHA256
90a56b23d8ba59f2991248ba1f73bed8f72a77a4857fcc1061a7a67531505dae

SHA512
db6f5390be446aa9c0c1ce1be9e6debf1eae6eeb1e642fa9107ecca75e4fb720ffdee3b820f95e4072df6799ed1bfc6ad13677df20e71ddcc1ec98481fac864b

Download Submit
C:\Windows\SysWOW64\Fpeafcfa.exe

Filesize
80KB

MD5
a36802ed945de1bf3ab3d1ce24971ca6

SHA1
3c38432a0269ae6709feeba6ededa90dde5a68fc

SHA256
2c0b2c39b0b1a415bcb48346814638a175b58a12f26ea1b349564deb6679147f

SHA512
02fada3ae6f78927502cac91bbd9e514d1c019370605a22e6b90d89aa78c56e487a749f4ed7d70b570f6c57f6535eb8f2b506b04d32f0e6cd3a9bd141ee6d5fe

Download Submit
C:\Windows\SysWOW64\Gbdoof32.exe

Filesize
80KB

MD5
165d3833cdd51171c88ffe4d48f9358c

SHA1
febe6a94ce7f8243c23e7516f52be9c7da2be336

SHA256
451945543cf7a9bc66fc524a1a88535230ed8eca9c105357dbed08801a218a2a

SHA512
cfc75e2929f30e1522ac29e4394ba33dd27462b5fdbc95f42d84ae78b9c0a20dcc21f80083f7a098ca70c8c96c3d6210b0e41f03a8c9adab705fea8c2b506add

Download Submit
C:\Windows\SysWOW64\Gdobnj32.exe

Filesize
80KB

MD5
1429fe886c03990929e628e926a18cac

SHA1
b0a05e688d3e40396237699b388883e58f06b318

SHA256
25f83301d2831902dc00edcc3546ba9eea3f7c62a520646ec531123c72762d89

SHA512
85211771c98d773e53fc33c65fc37b0c0f8b6bc8a0700433926a4d439971b31852e84d5c3ccb4c6c6698cb1faf9eee925ecacb9227a106879b00afa5b8c8460b

Download Submit
C:\Windows\SysWOW64\Gjfnedho.exe

Filesize
80KB

MD5
4dbc518cd6d176cbfa65310b05160398

SHA1
35723fdcb6f2236c9226179b30d679523341d245

SHA256
fa6acf908050ffddc0b29ca9560d4984e7f596627a2311bcaca232c6be67eeea

SHA512
e02b224b1c4781e2292371da9babc63cccef785aa20d4aecafc62041c76bb035e0eb341ee49b82eb7048666bd6bcca4c0093484f4c302e70bff5cb1e50548714

Download Submit
C:\Windows\SysWOW64\Glgcbf32.exe

Filesize
80KB

MD5
b0c928077a33d418b90f1017b846cab3

SHA1
91f2f79c84a1b1afc250a59aa557709b540bb2cc

SHA256
634e5fae92e38dd92ba0b07562755dcba763b11c1d09fb0a2911fbc38ed8e738

SHA512
929da453c5f7088bf6e4f9dfc2643149a691e5e6af42fb9d7caeb22acf7b2f67f2505592861bca06c7443dca098340ad5c3fb8852c5a02d6e1236102fdb4bef4

Download Submit
C:\Windows\SysWOW64\Hbhboolf.exe

Filesize
80KB

MD5
57d414aa08d5a4348ed36c275a88bd05

SHA1
f37e4b93dcc19caceb37000ce3aa3934bad05d92

SHA256
23abc23e44af3d1343b3d4199179b75f0bd250a502e1f43c1f566f417710b33e

SHA512
872132e983e09dd5eaf8487a2ddf3e9fe39b93126a196ca2c0d2bad579bc23645c1ec502136f0f858ef3f3301e0d0a2436b9e7d8b0528ff0aff8735e32be98d6

Download Submit
C:\Windows\SysWOW64\Hekgfj32.exe

Filesize
80KB

MD5
a3da8917e86f7da7d8413b119bd6be85

SHA1
3ff4512fb5c4256dbebde8322765d5eaf087818f

SHA256
62f7b42a1ff0c44c1c4df257eedf684468112b58a5af1f954ace9d11efdb148f

SHA512
97c34bb10adc8b77fddc3d3ea95b6ebdb361b51c42073a1398c33010d918b095c39b39b123c52dfa18afee2e74db57115048aa09db30160ac5473f082d80a05c

Download Submit
C:\Windows\SysWOW64\Hmnmgnoh.exe

Filesize
80KB

MD5
faf62639f6555f50b05b4be2eb6ee3bf

SHA1
4bf6018c6c22385b13040bd92a23c5a3e0e60257

SHA256
7c8bd0e60d87ee0b91c324b6e2f6002b3c150d0de7e5538aa185d47074a25b40

SHA512
d07f00b55dac6fdcb51608ca96fd9d07d91af12781d2d6298e04b4e08cddc975b79e00b7b62562b48316da72d0aefb3463abe2ab3e48531f6ed9786788c4c84c

Download Submit
C:\Windows\SysWOW64\Jebfng32.exe

Filesize
80KB

MD5
3d89f9f1e001e83bc86b6e2f757476b9

SHA1
c929418ce30828b6df36dcd0c6040bb797260df5

SHA256
011019ee47efac67ca6b597f683192ed93ab5f01cbbf6845db4c6814f24d37ff

SHA512
70eea6bf82a11573bb1bdab504f5a0a17e5fa7d76b78aa20028553264810a93e57e0d1e486f13015f679ea8441bb7403f1b4c1b11812bffd424f6197fd7b8157

Download Submit
C:\Windows\SysWOW64\Jqknkedi.exe

Filesize
80KB

MD5
64f451287250a4eb7d64ad39228dc31d

SHA1
31c07e196aa1a723a3f7cb4207a74160406d0585

SHA256
9d51265e620524ad2d4c4e398df34bba0429a218672307d3a904c1260aa8f8a1

SHA512
e2b9c89151d1e51de314cf992500b5c06568e83cdd6488b1fcbf990eb69f49e559b1c13f816dd6e260cbb7add22e3ed2c31baaf6521d8376e70f5da705c94c88

Download Submit
C:\Windows\SysWOW64\Kbnepe32.exe

Filesize
80KB

MD5
97785fb2840f374c84b20b0bee6d4562

SHA1
fa32aebec29e9f5877e9d6d4158132a498f46a38

SHA256
ad5d91a0085509e8dd90e343b2bedeaa10354185e68831a3ec9216b888180ac1

SHA512
f8d6eb80edf0a0254dc5786936648f369c8c0ebeb784190fc855a4e0b950d3a157bda4f18f51897fe708e526877f88c2278c1c87dcf01cf5b13ebefda88908ac

Download Submit
C:\Windows\SysWOW64\Kechmoil.exe

Filesize
80KB

MD5
552b8804cb9a1c2f60a2492d23e480e1

SHA1
6a2d122349477273269898287a0ceb9df433f6c7

SHA256
dc6f6debbeaffbfc571b2b3f90bb12a0f9aa4c943eabd5117c94b9ff3bbd3d4f

SHA512
f584eb4155520bce745938ba7e640fb07c25a5cd3d5237547bd1a9d233d028955f28cde252632003c12742545e590f01af363343d0cefaacf3145770d1b7fa3b

Download Submit
C:\Windows\SysWOW64\Kefdbo32.exe

Filesize
80KB

MD5
863857a8bd54ce7bac8ce4cd194288b6

SHA1
c4062a29424b827647ef9cd5bdc486fa37a70581

SHA256
a984bf43f059170a4a67919451dd406e1bb975b03ac4c418be8ad5810ca6e9b6

SHA512
baea55ce60cb1984ce86a0af2c8249d411decebd4258c58041a382e6d42b821572fcbc96f5d96eacc10f2fd12e592d5a09021acaf84fbd8fd2d71ff272f6b477

Download Submit
C:\Windows\SysWOW64\Licfngjd.exe

Filesize
80KB

MD5
7979ac25093d6867fb8e788ede20ac71

SHA1
f34985cc7542a03e14ede5040a2b775591c84d21

SHA256
af02167911763bfa1a8b4df723f435846f01f3ee4675cbfd075355d5615d7448

SHA512
39535317031abade663e80497c0460836e34738a070134ccb00481428def278fb2642bf5885672466e318f27d07c7fe76dfa832da03584aab214242f1713c185

Download Submit
C:\Windows\SysWOW64\Mecjif32.exe

Filesize
80KB

MD5
8fb57bce15581983e2377cb894677d85

SHA1
4ab5890aa1f7926368ebc5a4a5680f801611396a

SHA256
7cfaef6b808d5d1d4683156099e37069885edbc2ae3d47bfc0520f7c4148df6d

SHA512
c172815e0207765fb18dda9cc481a67a82404ac2d84408a33d34d1a7c6bf20eaefac5510fa8b14a16aace5a8fbb0a36dd95d440e486c686481f31b40bf9f168d

Download Submit
C:\Windows\SysWOW64\Mjkblhfo.exe

Filesize
80KB

MD5
ca20547f777ec7a84a233d22bf58903e

SHA1
0459ef57e89ff93960e7f21dc4d001899a5328de

SHA256
0f35831992b5dd346d8a7d78948df6d6961b43b5002354e6142ecc026c695acf

SHA512
6e3e8ae7271a6f39cb8f1df04ef9cf650f4fccd27747b9fbb377dfbe14bcb01e0e664243d140a12c1958d47366479ecf5d4f9db3ccac6b216c303a8c0726b969

Download Submit
C:\Windows\SysWOW64\Pdenmbkk.exe

Filesize
80KB

MD5
86cb517f2b84e367999398b74c4de1db

SHA1
fa0f018c179edda82837e25c11d34c6d48b80e44

SHA256
3d4f8fcc73c8b50115b97cd57390d7004a37fed886722c9be01a115d43eac368

SHA512
f5b923954f7f87bc9566c24b7e6c07c846ae246aa95f0469330a7c53d40a7d7e84d47a25cd8c460fab793245828866d796600deefa37b03c72e09eb67b647b1b

Download Submit
C:\Windows\SysWOW64\Pdhbmh32.exe

Filesize
80KB

MD5
0ca30955ca8f6ee80ea93489c3be6691

SHA1
13c7237ff319b5f5f1037ee7608375e0f724c88e

SHA256
e4b74276afec589123a01e92546fb3f88ed475f308aa8ffb4c2a8561c3a5f1cd

SHA512
1dfa33267b6bbb5a36ee2b02565e0eda137cc00ef5b1948a1b28d0bc093350f51fa502f8e5350606513e3386412bdfa230b3583b2b251114ae8897bf0f072869

Download Submit
C:\Windows\SysWOW64\Phfjcf32.exe

Filesize
80KB

MD5
2825619387896a6cd44e92f64d62f454

SHA1
61443e95417497456b1e9c6e571ef4f5eb06601b

SHA256
d7715eff150cc43dad4cc2f74bc1452b2574474ded1b00b048ba81080d7d334c

SHA512
4d6c12ef5735fe8c7fd967e03586006daa4fd1bf7526e22d2dbf9fc8a0a2d0c1a85aa131988bcca3744c8e95d733e7ae4395d6f4d1068cda300b55e59ad692cf

Download Submit
C:\Windows\SysWOW64\Qjiipk32.exe

Filesize
80KB

MD5
06541557eb77a902bb09ee08bb00a6b3

SHA1
d835dbcf86b48c767c2dc4b686b56909a5532f35

SHA256
2eb73cc6efb6d2b2a43d5c012d9976a17c42e82d73f89f4ea2c79fcbf52d767e

SHA512
3967d46985c473ca53dd30ac995f09d2c1e3485e8b3277c07057fb6ce9bd60454dc67efe3fe0b6b666a03160a34f403eddb4f1e86c7dd2edb70b666f404a7942

Download Submit
memory/224-56-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/448-135-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/564-47-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/652-364-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/712-39-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/940-208-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1052-111-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1144-24-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1436-184-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1472-84-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1576-95-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1608-353-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1640-88-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1700-15-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1724-159-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1864-370-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1964-286-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2044-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2228-304-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2572-256-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2876-232-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3144-362-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3172-316-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3228-280-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3240-168-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3248-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3264-340-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3300-268-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3352-192-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3368-72-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3392-181-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3400-322-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3528-328-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3584-104-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3612-204-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3700-292-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3784-32-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3876-152-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4008-346-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4124-382-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4128-144-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4148-310-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4316-334-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4320-8-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4324-388-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4464-216-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4548-376-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4788-128-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4808-262-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4948-298-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4988-224-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5024-240-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5044-247-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5060-274-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5064-120-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5132-394-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5176-400-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5216-410-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5252-412-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5296-420-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5336-424-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5376-430-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5416-436-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5456-442-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads