5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f

Analysis

max time kernel
163s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Size

352KB
MD5

2c1cf1e3d499231263f49cbf32590ea2
SHA1

42bcbef060a64daf736ab1a61fa82565a27bcdd5
SHA256

5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f
SHA512

b37ba0f1bdb7ff85bc0d37f898e2ebe47bbd7a6d7b20020de89469762777ca02c39013d24696bf1c1f09803968f1539c07718958c5cd8b365ff599f6d1a337a7
SSDEEP

6144:Yxdov+wNkpr1ItvLUErOU7amYBAYpd0ucyEWJrj1mKZHPSv/rpwMBhpNFdFf52S7:Yxd4+hrCZYE6YYBHpd0uD319ZvSntnhV

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 60 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Gjghdj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lfcmhc32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ebpqjmpd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ebpqjmpd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hkgnalep.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jfikaqme.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kbgafqla.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Iiokacgp.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jginej32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Nieoal32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bjkcqdje.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Pjgemi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ppffec32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Akjgdjoj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ifnkeb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jcmkjeko.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Hlhaee32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nieoal32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ppffec32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Bjkcqdje.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Cbnknpqj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Fbggkl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hlhaee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Icpecm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Opfnne32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cbnknpqj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Fbggkl32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ifnkeb32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Lgjglg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Mjiloqjb.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Hkgnalep.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Iameid32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lfcmhc32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Gjghdj32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Opfnne32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ikejbjip.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Dbdano32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kmjinjnj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Canocm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jcmkjeko.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Eiobbgcl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Jfikaqme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Jginej32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Mjiloqjb.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Icpecm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Pjgemi32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dbdano32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ikejbjip.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Kmjinjnj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iiokacgp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Akjgdjoj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Canocm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ioffhn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Ioffhn32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Lgjglg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Eiobbgcl.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Iameid32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FAA099-1BAE-816E-D711-115290CEE717}"	Kbgafqla.exe

Executes dropped EXE 30 IoCs

pid	Process
1516	Gjghdj32.exe
1560	Hlhaee32.exe
4572	Icpecm32.exe
2868	Ioffhn32.exe
4132	Iiokacgp.exe
3076	Jginej32.exe
3940	Lgjglg32.exe
1432	Lfcmhc32.exe
3620	Mjiloqjb.exe
3524	Nieoal32.exe
2416	Opfnne32.exe
4396	Pjgemi32.exe
960	Ppffec32.exe
380	Akjgdjoj.exe
4540	Bjkcqdje.exe
5016	Canocm32.exe
4588	Cbnknpqj.exe
4956	Dbdano32.exe
3888	Ebpqjmpd.exe
2240	Eiobbgcl.exe
4684	Fbggkl32.exe
3988	Hkgnalep.exe
1696	Iameid32.exe
3164	Ikejbjip.exe
3328	Ifnkeb32.exe
3116	Jfikaqme.exe
4312	Jcmkjeko.exe
32	Kmjinjnj.exe
1300	Kbgafqla.exe
4448	Lihpdj32.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Lgjglg32.exe	Jginej32.exe
File created	C:\Windows\SysWOW64\Lhgdahgp.dll	Pjgemi32.exe
File created	C:\Windows\SysWOW64\Gajfpi32.dll	Akjgdjoj.exe
File created	C:\Windows\SysWOW64\Eiobbgcl.exe	Ebpqjmpd.exe
File created	C:\Windows\SysWOW64\Ikejbjip.exe	Iameid32.exe
File created	C:\Windows\SysWOW64\Lihpdj32.exe	Kbgafqla.exe
File created	C:\Windows\SysWOW64\Fjmaii32.dll	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
File opened for modification	C:\Windows\SysWOW64\Iiokacgp.exe	Ioffhn32.exe
File created	C:\Windows\SysWOW64\Lfcmhc32.exe	Lgjglg32.exe
File created	C:\Windows\SysWOW64\Cbnknpqj.exe	Canocm32.exe
File created	C:\Windows\SysWOW64\Dbdano32.exe	Cbnknpqj.exe
File opened for modification	C:\Windows\SysWOW64\Kmjinjnj.exe	Jcmkjeko.exe
File created	C:\Windows\SysWOW64\Bkefcnhm.dll	Jginej32.exe
File created	C:\Windows\SysWOW64\Eaoimpil.dll	Bjkcqdje.exe
File created	C:\Windows\SysWOW64\Dnojon32.dll	Cbnknpqj.exe
File created	C:\Windows\SysWOW64\Eoadhp32.dll	Eiobbgcl.exe
File opened for modification	C:\Windows\SysWOW64\Jcmkjeko.exe	Jfikaqme.exe
File created	C:\Windows\SysWOW64\Qimdklek.dll	Icpecm32.exe
File opened for modification	C:\Windows\SysWOW64\Lfcmhc32.exe	Lgjglg32.exe
File created	C:\Windows\SysWOW64\Gfjofpjj.dll	Nieoal32.exe
File opened for modification	C:\Windows\SysWOW64\Cbnknpqj.exe	Canocm32.exe
File opened for modification	C:\Windows\SysWOW64\Ebpqjmpd.exe	Dbdano32.exe
File opened for modification	C:\Windows\SysWOW64\Hkgnalep.exe	Fbggkl32.exe
File created	C:\Windows\SysWOW64\Jfikaqme.exe	Ifnkeb32.exe
File opened for modification	C:\Windows\SysWOW64\Nieoal32.exe	Mjiloqjb.exe
File opened for modification	C:\Windows\SysWOW64\Opfnne32.exe	Nieoal32.exe
File created	C:\Windows\SysWOW64\Affgmbdd.dll	Opfnne32.exe
File created	C:\Windows\SysWOW64\Canocm32.exe	Bjkcqdje.exe
File created	C:\Windows\SysWOW64\Ddndonph.dll	Ifnkeb32.exe
File created	C:\Windows\SysWOW64\Kmjinjnj.exe	Jcmkjeko.exe
File created	C:\Windows\SysWOW64\Kiiigchq.dll	Iiokacgp.exe
File opened for modification	C:\Windows\SysWOW64\Fbggkl32.exe	Eiobbgcl.exe
File created	C:\Windows\SysWOW64\Iameid32.exe	Hkgnalep.exe
File created	C:\Windows\SysWOW64\Ganbkp32.dll	Ikejbjip.exe
File opened for modification	C:\Windows\SysWOW64\Jfikaqme.exe	Ifnkeb32.exe
File created	C:\Windows\SysWOW64\Jhkane32.dll	Jfikaqme.exe
File opened for modification	C:\Windows\SysWOW64\Ioffhn32.exe	Icpecm32.exe
File created	C:\Windows\SysWOW64\Jginej32.exe	Iiokacgp.exe
File opened for modification	C:\Windows\SysWOW64\Dbdano32.exe	Cbnknpqj.exe
File opened for modification	C:\Windows\SysWOW64\Eiobbgcl.exe	Ebpqjmpd.exe
File created	C:\Windows\SysWOW64\Ejjakmcg.dll	Kmjinjnj.exe
File created	C:\Windows\SysWOW64\Piolpj32.dll	Iameid32.exe
File opened for modification	C:\Windows\SysWOW64\Hlhaee32.exe	Gjghdj32.exe
File created	C:\Windows\SysWOW64\Hfhlbmpm.dll	Gjghdj32.exe
File opened for modification	C:\Windows\SysWOW64\Icpecm32.exe	Hlhaee32.exe
File opened for modification	C:\Windows\SysWOW64\Mjiloqjb.exe	Lfcmhc32.exe
File created	C:\Windows\SysWOW64\Bhpjjc32.dll	Mjiloqjb.exe
File created	C:\Windows\SysWOW64\Ppffec32.exe	Pjgemi32.exe
File created	C:\Windows\SysWOW64\Bjkcqdje.exe	Akjgdjoj.exe
File opened for modification	C:\Windows\SysWOW64\Canocm32.exe	Bjkcqdje.exe
File created	C:\Windows\SysWOW64\Lcmmho32.dll	Jcmkjeko.exe
File created	C:\Windows\SysWOW64\Hlhaee32.exe	Gjghdj32.exe
File created	C:\Windows\SysWOW64\Aphigedp.dll	Dbdano32.exe
File created	C:\Windows\SysWOW64\Hkgnalep.exe	Fbggkl32.exe
File opened for modification	C:\Windows\SysWOW64\Kbgafqla.exe	Kmjinjnj.exe
File created	C:\Windows\SysWOW64\Gjghdj32.exe	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
File created	C:\Windows\SysWOW64\Fcdfimja.dll	Hlhaee32.exe
File created	C:\Windows\SysWOW64\Ioffhn32.exe	Icpecm32.exe
File created	C:\Windows\SysWOW64\Ioaegj32.dll	Lfcmhc32.exe
File opened for modification	C:\Windows\SysWOW64\Pjgemi32.exe	Opfnne32.exe
File created	C:\Windows\SysWOW64\Ebpqjmpd.exe	Dbdano32.exe
File opened for modification	C:\Windows\SysWOW64\Iameid32.exe	Hkgnalep.exe
File created	C:\Windows\SysWOW64\Kbgafqla.exe	Kmjinjnj.exe
File created	C:\Windows\SysWOW64\Iiokacgp.exe	Ioffhn32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Fbggkl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Kmjinjnj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hfhlbmpm.dll"	Gjghdj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Jginej32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ppffec32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Jginej32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dnojon32.dll"	Cbnknpqj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Cbnknpqj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ikejbjip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Kmjinjnj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Icpecm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Bjkcqdje.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Cbnknpqj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Bjkcqdje.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mihjhq32.dll"	Ebpqjmpd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ebpqjmpd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Npgmdnlj.dll"	Ioffhn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Iiokacgp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Lfcmhc32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Pjgemi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gajfpi32.dll"	Akjgdjoj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ddndonph.dll"	Ifnkeb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ifnkeb32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Eaoimpil.dll"	Bjkcqdje.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Fbggkl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Iameid32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ioffhn32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Opfnne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Pjgemi32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nepgghpg.dll"	Ppffec32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Akjgdjoj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jhkane32.dll"	Jfikaqme.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Miikdm32.dll"	Kbgafqla.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Opfnne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lhgdahgp.dll"	Pjgemi32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Ebpqjmpd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Eiobbgcl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ejjakmcg.dll"	Kmjinjnj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Hlhaee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Imneeb32.dll"	Lgjglg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bhpjjc32.dll"	Mjiloqjb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Canocm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Piolpj32.dll"	Iameid32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ppfhnh32.dll"	Fbggkl32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ganbkp32.dll"	Ikejbjip.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Gjghdj32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Icpecm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Kiiigchq.dll"	Iiokacgp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32	Lgjglg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Eiobbgcl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Affgmbdd.dll"	Opfnne32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Dbdano32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lcmmho32.dll"	Jcmkjeko.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Aphigedp.dll"	Dbdano32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Gjghdj32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Hlhaee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bkefcnhm.dll"	Jginej32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Mjiloqjb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gfjofpjj.dll"	Nieoal32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ThreadingModel = "Apartment"	Ppffec32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FAA099-1BAE-816E-D711-115290CEE717}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pmceobnb.dll"	Hkgnalep.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1516	116	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe	98
PID 116 wrote to memory of 1516	116	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe	98
PID 116 wrote to memory of 1516	116	5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe	98
PID 1516 wrote to memory of 1560	1516	Gjghdj32.exe	99
PID 1516 wrote to memory of 1560	1516	Gjghdj32.exe	99
PID 1516 wrote to memory of 1560	1516	Gjghdj32.exe	99
PID 1560 wrote to memory of 4572	1560	Hlhaee32.exe	100
PID 1560 wrote to memory of 4572	1560	Hlhaee32.exe	100
PID 1560 wrote to memory of 4572	1560	Hlhaee32.exe	100
PID 4572 wrote to memory of 2868	4572	Icpecm32.exe	101
PID 4572 wrote to memory of 2868	4572	Icpecm32.exe	101
PID 4572 wrote to memory of 2868	4572	Icpecm32.exe	101
PID 2868 wrote to memory of 4132	2868	Ioffhn32.exe	102
PID 2868 wrote to memory of 4132	2868	Ioffhn32.exe	102
PID 2868 wrote to memory of 4132	2868	Ioffhn32.exe	102
PID 4132 wrote to memory of 3076	4132	Iiokacgp.exe	104
PID 4132 wrote to memory of 3076	4132	Iiokacgp.exe	104
PID 4132 wrote to memory of 3076	4132	Iiokacgp.exe	104
PID 3076 wrote to memory of 3940	3076	Jginej32.exe	105
PID 3076 wrote to memory of 3940	3076	Jginej32.exe	105
PID 3076 wrote to memory of 3940	3076	Jginej32.exe	105
PID 3940 wrote to memory of 1432	3940	Lgjglg32.exe	106
PID 3940 wrote to memory of 1432	3940	Lgjglg32.exe	106
PID 3940 wrote to memory of 1432	3940	Lgjglg32.exe	106
PID 1432 wrote to memory of 3620	1432	Lfcmhc32.exe	107
PID 1432 wrote to memory of 3620	1432	Lfcmhc32.exe	107
PID 1432 wrote to memory of 3620	1432	Lfcmhc32.exe	107
PID 3620 wrote to memory of 3524	3620	Mjiloqjb.exe	108
PID 3620 wrote to memory of 3524	3620	Mjiloqjb.exe	108
PID 3620 wrote to memory of 3524	3620	Mjiloqjb.exe	108
PID 3524 wrote to memory of 2416	3524	Nieoal32.exe	109
PID 3524 wrote to memory of 2416	3524	Nieoal32.exe	109
PID 3524 wrote to memory of 2416	3524	Nieoal32.exe	109
PID 2416 wrote to memory of 4396	2416	Opfnne32.exe	110
PID 2416 wrote to memory of 4396	2416	Opfnne32.exe	110
PID 2416 wrote to memory of 4396	2416	Opfnne32.exe	110
PID 4396 wrote to memory of 960	4396	Pjgemi32.exe	111
PID 4396 wrote to memory of 960	4396	Pjgemi32.exe	111
PID 4396 wrote to memory of 960	4396	Pjgemi32.exe	111
PID 960 wrote to memory of 380	960	Ppffec32.exe	112
PID 960 wrote to memory of 380	960	Ppffec32.exe	112
PID 960 wrote to memory of 380	960	Ppffec32.exe	112
PID 380 wrote to memory of 4540	380	Akjgdjoj.exe	113
PID 380 wrote to memory of 4540	380	Akjgdjoj.exe	113
PID 380 wrote to memory of 4540	380	Akjgdjoj.exe	113
PID 4540 wrote to memory of 5016	4540	Bjkcqdje.exe	114
PID 4540 wrote to memory of 5016	4540	Bjkcqdje.exe	114
PID 4540 wrote to memory of 5016	4540	Bjkcqdje.exe	114
PID 5016 wrote to memory of 4588	5016	Canocm32.exe	115
PID 5016 wrote to memory of 4588	5016	Canocm32.exe	115
PID 5016 wrote to memory of 4588	5016	Canocm32.exe	115
PID 4588 wrote to memory of 4956	4588	Cbnknpqj.exe	116
PID 4588 wrote to memory of 4956	4588	Cbnknpqj.exe	116
PID 4588 wrote to memory of 4956	4588	Cbnknpqj.exe	116
PID 4956 wrote to memory of 3888	4956	Dbdano32.exe	117
PID 4956 wrote to memory of 3888	4956	Dbdano32.exe	117
PID 4956 wrote to memory of 3888	4956	Dbdano32.exe	117
PID 3888 wrote to memory of 2240	3888	Ebpqjmpd.exe	118
PID 3888 wrote to memory of 2240	3888	Ebpqjmpd.exe	118
PID 3888 wrote to memory of 2240	3888	Ebpqjmpd.exe	118
PID 2240 wrote to memory of 4684	2240	Eiobbgcl.exe	119
PID 2240 wrote to memory of 4684	2240	Eiobbgcl.exe	119
PID 2240 wrote to memory of 4684	2240	Eiobbgcl.exe	119
PID 4684 wrote to memory of 3988	4684	Fbggkl32.exe	120

C:\Users\Admin\AppData\Local\Temp\5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe
"C:\Users\Admin\AppData\Local\Temp\5088de4c7d7a0efbee195e01b55cbe43a6e6089f072110d347515dd5c16fe31f.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\Gjghdj32.exe
  C:\Windows\system32\Gjghdj32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Windows\SysWOW64\Hlhaee32.exe
    C:\Windows\system32\Hlhaee32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1560
  - - C:\Windows\SysWOW64\Icpecm32.exe
      C:\Windows\system32\Icpecm32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4572
    - - C:\Windows\SysWOW64\Ioffhn32.exe
        
        C:\Windows\system32\Ioffhn32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2868
      - C:\Windows\SysWOW64\Iiokacgp.exe
        
        C:\Windows\system32\Iiokacgp.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4132
        
        C:\Windows\SysWOW64\Jginej32.exe
        
        C:\Windows\system32\Jginej32.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3076
        
        C:\Windows\SysWOW64\Lgjglg32.exe
        
        C:\Windows\system32\Lgjglg32.exe
        8⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3940
        
        C:\Windows\SysWOW64\Lfcmhc32.exe
        
        C:\Windows\system32\Lfcmhc32.exe
        9⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1432
        
        C:\Windows\SysWOW64\Mjiloqjb.exe
        
        C:\Windows\system32\Mjiloqjb.exe
        10⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3620
        
        C:\Windows\SysWOW64\Nieoal32.exe
        
        C:\Windows\system32\Nieoal32.exe
        11⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3524
        
        C:\Windows\SysWOW64\Opfnne32.exe
        
        C:\Windows\system32\Opfnne32.exe
        12⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        C:\Windows\SysWOW64\Pjgemi32.exe
        
        C:\Windows\system32\Pjgemi32.exe
        13⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4396
        
        C:\Windows\SysWOW64\Ppffec32.exe
        
        C:\Windows\system32\Ppffec32.exe
        14⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:960
        
        C:\Windows\SysWOW64\Akjgdjoj.exe
        
        C:\Windows\system32\Akjgdjoj.exe
        15⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:380
        
        C:\Windows\SysWOW64\Bjkcqdje.exe
        
        C:\Windows\system32\Bjkcqdje.exe
        16⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4540
        
        C:\Windows\SysWOW64\Canocm32.exe
        
        C:\Windows\system32\Canocm32.exe
        17⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5016
        
        C:\Windows\SysWOW64\Cbnknpqj.exe
        
        C:\Windows\system32\Cbnknpqj.exe
        18⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4588
        
        C:\Windows\SysWOW64\Dbdano32.exe
        
        C:\Windows\system32\Dbdano32.exe
        19⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4956
        
        C:\Windows\SysWOW64\Ebpqjmpd.exe
        
        C:\Windows\system32\Ebpqjmpd.exe
        20⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3888
        
        C:\Windows\SysWOW64\Eiobbgcl.exe
        
        C:\Windows\system32\Eiobbgcl.exe
        21⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2240
        
        C:\Windows\SysWOW64\Fbggkl32.exe
        
        C:\Windows\system32\Fbggkl32.exe
        22⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4684
        
        C:\Windows\SysWOW64\Hkgnalep.exe
        
        C:\Windows\system32\Hkgnalep.exe
        23⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3988
        
        C:\Windows\SysWOW64\Iameid32.exe
        
        C:\Windows\system32\Iameid32.exe
        24⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1696
        
        C:\Windows\SysWOW64\Ikejbjip.exe
        
        C:\Windows\system32\Ikejbjip.exe
        25⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3164
        
        C:\Windows\SysWOW64\Ifnkeb32.exe
        
        C:\Windows\system32\Ifnkeb32.exe
        26⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3328
        
        C:\Windows\SysWOW64\Jfikaqme.exe
        
        C:\Windows\system32\Jfikaqme.exe
        27⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3116
        
        C:\Windows\SysWOW64\Jcmkjeko.exe
        
        C:\Windows\system32\Jcmkjeko.exe
        28⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:4312
        
        C:\Windows\SysWOW64\Kmjinjnj.exe
        
        C:\Windows\system32\Kmjinjnj.exe
        29⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:32
        
        C:\Windows\SysWOW64\Kbgafqla.exe
        
        C:\Windows\system32\Kbgafqla.exe
        30⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1300
        
        C:\Windows\SysWOW64\Lihpdj32.exe
        
        C:\Windows\system32\Lihpdj32.exe
        31⤵
        Executes dropped EXE
        
        PID:4448
        
        C:\Windows\SysWOW64\Ljglnmdi.exe
        
        C:\Windows\system32\Ljglnmdi.exe
        32⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Liofdigo.exe
        
        C:\Windows\system32\Liofdigo.exe
        33⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\Liabjh32.exe
        
        C:\Windows\system32\Liabjh32.exe
        34⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\Mjheejff.exe
        
        C:\Windows\system32\Mjheejff.exe
        35⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Pmbjcb32.exe
        
        C:\Windows\system32\Pmbjcb32.exe
        36⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\Pboblika.exe
        
        C:\Windows\system32\Pboblika.exe
        37⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\Agkgceeh.exe
        
        C:\Windows\system32\Agkgceeh.exe
        38⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\Bpkbmi32.exe
        
        C:\Windows\system32\Bpkbmi32.exe
        39⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\Bnobfn32.exe
        
        C:\Windows\system32\Bnobfn32.exe
        40⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Bckknd32.exe
        
        C:\Windows\system32\Bckknd32.exe
        41⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\Cddjofbj.exe
        
        C:\Windows\system32\Cddjofbj.exe
        42⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\Cjabgm32.exe
        
        C:\Windows\system32\Cjabgm32.exe
        43⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Cqkkcghn.exe
        
        C:\Windows\system32\Cqkkcghn.exe
        44⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\Ckqoapgd.exe
        
        C:\Windows\system32\Ckqoapgd.exe
        45⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\Dkgeao32.exe
        
        C:\Windows\system32\Dkgeao32.exe
        46⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Dmiaig32.exe
        
        C:\Windows\system32\Dmiaig32.exe
        47⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\Dgqblp32.exe
        
        C:\Windows\system32\Dgqblp32.exe
        48⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\Dmnkdfce.exe
        
        C:\Windows\system32\Dmnkdfce.exe
        49⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\Dcgcaq32.exe
        
        C:\Windows\system32\Dcgcaq32.exe
        50⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\Dmphjfab.exe
        
        C:\Windows\system32\Dmphjfab.exe
        51⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\Ekahhn32.exe
        
        C:\Windows\system32\Ekahhn32.exe
        52⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\Eeimqc32.exe
        
        C:\Windows\system32\Eeimqc32.exe
        53⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\Eglbhnkp.exe
        
        C:\Windows\system32\Eglbhnkp.exe
        54⤵
        
        PID:492
        
        C:\Windows\SysWOW64\Eepbabjj.exe
        
        C:\Windows\system32\Eepbabjj.exe
        55⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\Emlgedge.exe
        
        C:\Windows\system32\Emlgedge.exe
        56⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\Fchlhnlo.exe
        
        C:\Windows\system32\Fchlhnlo.exe
        57⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\Fnmqegle.exe
        
        C:\Windows\system32\Fnmqegle.exe
        58⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\Fhfenmbe.exe
        
        C:\Windows\system32\Fhfenmbe.exe
        59⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Fdobhm32.exe
        
        C:\Windows\system32\Fdobhm32.exe
        60⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\Gjpaffhl.exe
        
        C:\Windows\system32\Gjpaffhl.exe
        61⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\Geeecogb.exe
        
        C:\Windows\system32\Geeecogb.exe
        62⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Gkbnkfei.exe
        
        C:\Windows\system32\Gkbnkfei.exe
        63⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\Galfhpmf.exe
        
        C:\Windows\system32\Galfhpmf.exe
        64⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\Haobnpkc.exe
        
        C:\Windows\system32\Haobnpkc.exe
        65⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\Heohinog.exe
        
        C:\Windows\system32\Heohinog.exe
        66⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\Hlipfh32.exe
        
        C:\Windows\system32\Hlipfh32.exe
        67⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\Hdfapjbl.exe
        
        C:\Windows\system32\Hdfapjbl.exe
        68⤵
        
        PID:880
        
        C:\Windows\SysWOW64\Iolfmcbb.exe
        
        C:\Windows\system32\Iolfmcbb.exe
        69⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\Idinej32.exe
        
        C:\Windows\system32\Idinej32.exe
        70⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\Ikbfbdgf.exe
        
        C:\Windows\system32\Ikbfbdgf.exe
        71⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\Iamoon32.exe
        
        C:\Windows\system32\Iamoon32.exe
        72⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\Ilbclg32.exe
        
        C:\Windows\system32\Ilbclg32.exe
        73⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\Incpdodg.exe
        
        C:\Windows\system32\Incpdodg.exe
        74⤵
        
        PID:552
        
        C:\Windows\SysWOW64\Ildpbfmf.exe
        
        C:\Windows\system32\Ildpbfmf.exe
        75⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\Jogeia32.exe
        
        C:\Windows\system32\Jogeia32.exe
        76⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\Jddnah32.exe
        
        C:\Windows\system32\Jddnah32.exe
        77⤵
        
        PID:948
        
        C:\Windows\SysWOW64\Jojboa32.exe
        
        C:\Windows\system32\Jojboa32.exe
        78⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\Jedjkkmo.exe
        
        C:\Windows\system32\Jedjkkmo.exe
        79⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\Jkqccbkf.exe
        
        C:\Windows\system32\Jkqccbkf.exe
        80⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\Jlblcdpf.exe
        
        C:\Windows\system32\Jlblcdpf.exe
        81⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Jndhkmfe.exe
        
        C:\Windows\system32\Jndhkmfe.exe
        82⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Jdnqgg32.exe
        
        C:\Windows\system32\Jdnqgg32.exe
        83⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\Kkhidaeo.exe
        
        C:\Windows\system32\Kkhidaeo.exe
        84⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\Kfmmajed.exe
        
        C:\Windows\system32\Kfmmajed.exe
        85⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\Knmkak32.exe
        
        C:\Windows\system32\Knmkak32.exe
        86⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\Kdgcne32.exe
        
        C:\Windows\system32\Kdgcne32.exe
        87⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\Kkaljpmd.exe
        
        C:\Windows\system32\Kkaljpmd.exe
        88⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\Kffphhmj.exe
        
        C:\Windows\system32\Kffphhmj.exe
        89⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\Mkadam32.exe
        
        C:\Windows\system32\Mkadam32.exe
        90⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\Nnidcg32.exe
        
        C:\Windows\system32\Nnidcg32.exe
        91⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\Olnmdi32.exe
        
        C:\Windows\system32\Olnmdi32.exe
        92⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\Plgpjhnf.exe
        
        C:\Windows\system32\Plgpjhnf.exe
        93⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Ainfpi32.exe
        
        C:\Windows\system32\Ainfpi32.exe
        94⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\Bjielh32.exe
        
        C:\Windows\system32\Bjielh32.exe
        95⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\Dgieajgj.exe
        
        C:\Windows\system32\Dgieajgj.exe
        96⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\Dncnnd32.exe
        
        C:\Windows\system32\Dncnnd32.exe
        97⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\Dcbckk32.exe
        
        C:\Windows\system32\Dcbckk32.exe
        98⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\Dnhgidka.exe
        
        C:\Windows\system32\Dnhgidka.exe
        99⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\Dcdpakii.exe
        
        C:\Windows\system32\Dcdpakii.exe
        100⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\Djnhne32.exe
        
        C:\Windows\system32\Djnhne32.exe
        101⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\Dokqfl32.exe
        
        C:\Windows\system32\Dokqfl32.exe
        102⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\Dgbhgi32.exe
        
        C:\Windows\system32\Dgbhgi32.exe
        103⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\Emoaopnf.exe
        
        C:\Windows\system32\Emoaopnf.exe
        104⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\Ffahnd32.exe
        
        C:\Windows\system32\Ffahnd32.exe
        105⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Fqfmlm32.exe
        
        C:\Windows\system32\Fqfmlm32.exe
        106⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\Ggjgofkd.exe
        
        C:\Windows\system32\Ggjgofkd.exe
        107⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\Gndpkp32.exe
        
        C:\Windows\system32\Gndpkp32.exe
        108⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\Gcqhcgqi.exe
        
        C:\Windows\system32\Gcqhcgqi.exe
        109⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\Gjkqpa32.exe
        
        C:\Windows\system32\Gjkqpa32.exe
        110⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\Gadimkpb.exe
        
        C:\Windows\system32\Gadimkpb.exe
        111⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\Hhegjdag.exe
        
        C:\Windows\system32\Hhegjdag.exe
        112⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\Hnpognhd.exe
        
        C:\Windows\system32\Hnpognhd.exe
        113⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\Habeni32.exe
        
        C:\Windows\system32\Habeni32.exe
        114⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\Jgiiclkl.exe
        
        C:\Windows\system32\Jgiiclkl.exe
        115⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\Kddpnpdn.exe
        
        C:\Windows\system32\Kddpnpdn.exe
        116⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\Lglopjkg.exe
        
        C:\Windows\system32\Lglopjkg.exe
        117⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\Ldpoinjq.exe
        
        C:\Windows\system32\Ldpoinjq.exe
        118⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\Lkjhfh32.exe
        
        C:\Windows\system32\Lkjhfh32.exe
        119⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\Ladpcb32.exe
        
        C:\Windows\system32\Ladpcb32.exe
        120⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\Lhnhplpg.exe
        
        C:\Windows\system32\Lhnhplpg.exe
        121⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\Mnjqhcno.exe
        
        C:\Windows\system32\Mnjqhcno.exe
        122⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\Mddidm32.exe
        
        C:\Windows\system32\Mddidm32.exe
        123⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\Mojmbf32.exe
        
        C:\Windows\system32\Mojmbf32.exe
        124⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\Mqkijnkp.exe
        
        C:\Windows\system32\Mqkijnkp.exe
        125⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\Mgebfhcl.exe
        
        C:\Windows\system32\Mgebfhcl.exe
        126⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\Mnojcb32.exe
        
        C:\Windows\system32\Mnojcb32.exe
        127⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\Mhenpk32.exe
        
        C:\Windows\system32\Mhenpk32.exe
        128⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\Nnimia32.exe
        
        C:\Windows\system32\Nnimia32.exe
        129⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\Oabiak32.exe
        
        C:\Windows\system32\Oabiak32.exe
        130⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\Qimfoe32.exe
        
        C:\Windows\system32\Qimfoe32.exe
        131⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\Qpfokpoo.exe
        
        C:\Windows\system32\Qpfokpoo.exe
        132⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\Qahkch32.exe
        
        C:\Windows\system32\Qahkch32.exe
        133⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\Qhbcpb32.exe
        
        C:\Windows\system32\Qhbcpb32.exe
        134⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\Qajhigcj.exe
        
        C:\Windows\system32\Qajhigcj.exe
        135⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\Ahdpea32.exe
        
        C:\Windows\system32\Ahdpea32.exe
        136⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\Aonhblad.exe
        
        C:\Windows\system32\Aonhblad.exe
        137⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\Aehpof32.exe
        
        C:\Windows\system32\Aehpof32.exe
        138⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\Apndloif.exe
        
        C:\Windows\system32\Apndloif.exe
        139⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\Aaoadg32.exe
        
        C:\Windows\system32\Aaoadg32.exe
        140⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\Aified32.exe
        
        C:\Windows\system32\Aified32.exe
        141⤵
        
        PID:752
        
        C:\Windows\SysWOW64\Ahnclp32.exe
        
        C:\Windows\system32\Ahnclp32.exe
        142⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\Bbecnipp.exe
        
        C:\Windows\system32\Bbecnipp.exe
        143⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\Biolkc32.exe
        
        C:\Windows\system32\Biolkc32.exe
        144⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Bifblbad.exe
        
        C:\Windows\system32\Bifblbad.exe
        145⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\Bppjhl32.exe
        
        C:\Windows\system32\Bppjhl32.exe
        146⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\Cohdoh32.exe
        
        C:\Windows\system32\Cohdoh32.exe
        147⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Doageg32.exe
        
        C:\Windows\system32\Doageg32.exe
        148⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\Eomfae32.exe
        
        C:\Windows\system32\Eomfae32.exe
        149⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\Fjqgpl32.exe
        
        C:\Windows\system32\Fjqgpl32.exe
        150⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Fqjolfda.exe
        
        C:\Windows\system32\Fqjolfda.exe
        151⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\Fblldn32.exe
        
        C:\Windows\system32\Fblldn32.exe
        152⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\Fmapag32.exe
        
        C:\Windows\system32\Fmapag32.exe
        153⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\Gmfilfep.exe
        
        C:\Windows\system32\Gmfilfep.exe
        154⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\Gbcaemdg.exe
        
        C:\Windows\system32\Gbcaemdg.exe
        155⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\Gmhfbf32.exe
        
        C:\Windows\system32\Gmhfbf32.exe
        156⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\Gpioca32.exe
        
        C:\Windows\system32\Gpioca32.exe
        157⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\Hifmhf32.exe
        
        C:\Windows\system32\Hifmhf32.exe
        158⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\Hppedpkf.exe
        
        C:\Windows\system32\Hppedpkf.exe
        159⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\Hjeiai32.exe
        
        C:\Windows\system32\Hjeiai32.exe
        160⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\Hmdend32.exe
        
        C:\Windows\system32\Hmdend32.exe
        161⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\Hcnnjoam.exe
        
        C:\Windows\system32\Hcnnjoam.exe
        162⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Hjhfgi32.exe
        
        C:\Windows\system32\Hjhfgi32.exe
        163⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\Habndbpf.exe
        
        C:\Windows\system32\Habndbpf.exe
        164⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Hfoflj32.exe
        
        C:\Windows\system32\Hfoflj32.exe
        165⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\Ipnaen32.exe
        
        C:\Windows\system32\Ipnaen32.exe
        166⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\Idljll32.exe
        
        C:\Windows\system32\Idljll32.exe
        167⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\Jmgkja32.exe
        
        C:\Windows\system32\Jmgkja32.exe
        168⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Jpegfm32.exe
        
        C:\Windows\system32\Jpegfm32.exe
        169⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\Jjklcf32.exe
        
        C:\Windows\system32\Jjklcf32.exe
        170⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\Jaddpppa.exe
        
        C:\Windows\system32\Jaddpppa.exe
        171⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Jfalhgni.exe
        
        C:\Windows\system32\Jfalhgni.exe
        172⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\Kmiqfoie.exe
        
        C:\Windows\system32\Kmiqfoie.exe
        173⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\Kdffiinp.exe
        
        C:\Windows\system32\Kdffiinp.exe
        174⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\Lmqggncn.exe
        
        C:\Windows\system32\Lmqggncn.exe
        175⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\Ldjodh32.exe
        
        C:\Windows\system32\Ldjodh32.exe
        176⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\Lkgdfb32.exe
        
        C:\Windows\system32\Lkgdfb32.exe
        177⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\Laqlclga.exe
        
        C:\Windows\system32\Laqlclga.exe
        178⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\Mcgbfcij.exe
        
        C:\Windows\system32\Mcgbfcij.exe
        179⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\Mnlfclip.exe
        
        C:\Windows\system32\Mnlfclip.exe
        180⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\Mciokcgg.exe
        
        C:\Windows\system32\Mciokcgg.exe
        181⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\Mjcghm32.exe
        
        C:\Windows\system32\Mjcghm32.exe
        182⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\Nqaipgal.exe
        
        C:\Windows\system32\Nqaipgal.exe
        183⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\Naaejj32.exe
        
        C:\Windows\system32\Naaejj32.exe
        184⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\Ncbaabom.exe
        
        C:\Windows\system32\Ncbaabom.exe
        185⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\Nkqpcnig.exe
        
        C:\Windows\system32\Nkqpcnig.exe
        186⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\Odbgbb32.exe
        
        C:\Windows\system32\Odbgbb32.exe
        187⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\Okloomoj.exe
        
        C:\Windows\system32\Okloomoj.exe
        188⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\Pegqmbch.exe
        
        C:\Windows\system32\Pegqmbch.exe
        189⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\Pkaijl32.exe
        
        C:\Windows\system32\Pkaijl32.exe
        190⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\Pbpjbe32.exe
        
        C:\Windows\system32\Pbpjbe32.exe
        191⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\Pglcjl32.exe
        
        C:\Windows\system32\Pglcjl32.exe
        192⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\Abpcicpi.exe
        
        C:\Windows\system32\Abpcicpi.exe
        193⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\Ddpeigle.exe
        
        C:\Windows\system32\Ddpeigle.exe
        194⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\Hcmgphma.exe
        
        C:\Windows\system32\Hcmgphma.exe
        195⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\Hmfkin32.exe
        
        C:\Windows\system32\Hmfkin32.exe
        196⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Hcpcehko.exe
        
        C:\Windows\system32\Hcpcehko.exe
        197⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\Hillnoif.exe
        
        C:\Windows\system32\Hillnoif.exe
        198⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\Icbpkg32.exe
        
        C:\Windows\system32\Icbpkg32.exe
        199⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\Iecmcpoj.exe
        
        C:\Windows\system32\Iecmcpoj.exe
        200⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\Ikmepj32.exe
        
        C:\Windows\system32\Ikmepj32.exe
        201⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\Ieeihomg.exe
        
        C:\Windows\system32\Ieeihomg.exe
        202⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\Ilpaei32.exe
        
        C:\Windows\system32\Ilpaei32.exe
        203⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\Ifefbbdj.exe
        
        C:\Windows\system32\Ifefbbdj.exe
        204⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\Ilbnkiba.exe
        
        C:\Windows\system32\Ilbnkiba.exe
        205⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\Iblfgc32.exe
        
        C:\Windows\system32\Iblfgc32.exe
        206⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Iifodmak.exe
        
        C:\Windows\system32\Iifodmak.exe
        207⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Ippgqg32.exe
        
        C:\Windows\system32\Ippgqg32.exe
        208⤵
        
        PID:312
        
        C:\Windows\SysWOW64\Ifjoma32.exe
        
        C:\Windows\system32\Ifjoma32.exe
        209⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Imdgjlgb.exe
        
        C:\Windows\system32\Imdgjlgb.exe
        210⤵
        
        PID:8
        
        C:\Windows\SysWOW64\Jfllca32.exe
        
        C:\Windows\system32\Jfllca32.exe
        211⤵
        
        PID:264
        
        C:\Windows\SysWOW64\Jpdqlgdc.exe
        
        C:\Windows\system32\Jpdqlgdc.exe
        212⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\Jimeelkc.exe
        
        C:\Windows\system32\Jimeelkc.exe
        213⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\Jpgmaf32.exe
        
        C:\Windows\system32\Jpgmaf32.exe
        214⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Jecejm32.exe
        
        C:\Windows\system32\Jecejm32.exe
        215⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\Jlnnfghd.exe
        
        C:\Windows\system32\Jlnnfghd.exe
        216⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\Jidkek32.exe
        
        C:\Windows\system32\Jidkek32.exe
        217⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\Kbceoped.exe
        
        C:\Windows\system32\Kbceoped.exe
        218⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\Kmijliej.exe
        
        C:\Windows\system32\Kmijliej.exe
        219⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\Kpgfhddn.exe
        
        C:\Windows\system32\Kpgfhddn.exe
        220⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\Kfanen32.exe
        
        C:\Windows\system32\Kfanen32.exe
        221⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\Lmkfah32.exe
        
        C:\Windows\system32\Lmkfah32.exe
        222⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\Ldeonbkd.exe
        
        C:\Windows\system32\Ldeonbkd.exe
        223⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Libggiik.exe
        
        C:\Windows\system32\Libggiik.exe
        224⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Llpcceho.exe
        
        C:\Windows\system32\Llpcceho.exe
        225⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\Lbjlpo32.exe
        
        C:\Windows\system32\Lbjlpo32.exe
        226⤵
        
        PID:980
        
        C:\Windows\SysWOW64\Lmppmh32.exe
        
        C:\Windows\system32\Lmppmh32.exe
        227⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\Ldjhib32.exe
        
        C:\Windows\system32\Ldjhib32.exe
        228⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\Lekeajmm.exe
        
        C:\Windows\system32\Lekeajmm.exe
        229⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\Lpqioclc.exe
        
        C:\Windows\system32\Lpqioclc.exe
        230⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Lboeknkf.exe
        
        C:\Windows\system32\Lboeknkf.exe
        231⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\Liimgh32.exe
        
        C:\Windows\system32\Liimgh32.exe
        232⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Lpcedbjp.exe
        
        C:\Windows\system32\Lpcedbjp.exe
        233⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\Lepnli32.exe
        
        C:\Windows\system32\Lepnli32.exe
        234⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\Mljficpd.exe
        
        C:\Windows\system32\Mljficpd.exe
        235⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\Mccofn32.exe
        
        C:\Windows\system32\Mccofn32.exe
        236⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\Mingbhon.exe
        
        C:\Windows\system32\Mingbhon.exe
        237⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\Mphoob32.exe
        
        C:\Windows\system32\Mphoob32.exe
        238⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\Mgagll32.exe
        
        C:\Windows\system32\Mgagll32.exe
        239⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\Ojcidelf.exe
        
        C:\Windows\system32\Ojcidelf.exe
        240⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\Odhman32.exe
        
        C:\Windows\system32\Odhman32.exe
        241⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\Qjjhla32.exe
        
        C:\Windows\system32\Qjjhla32.exe
        242⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\Qnhabp32.exe
        
        C:\Windows\system32\Qnhabp32.exe
        243⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\Adbiojfo.exe
        
        C:\Windows\system32\Adbiojfo.exe
        244⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\Anmjmojl.exe
        
        C:\Windows\system32\Anmjmojl.exe
        245⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\Aegbji32.exe
        
        C:\Windows\system32\Aegbji32.exe
        246⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Ajfhhp32.exe
        
        C:\Windows\system32\Ajfhhp32.exe
        247⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Aekleind.exe
        
        C:\Windows\system32\Aekleind.exe
        248⤵
        
        PID:780
        
        C:\Windows\SysWOW64\Bebbeh32.exe
        
        C:\Windows\system32\Bebbeh32.exe
        249⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\Bfcompnj.exe
        
        C:\Windows\system32\Bfcompnj.exe
        250⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\Bmngjj32.exe
        
        C:\Windows\system32\Bmngjj32.exe
        251⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\Bchogd32.exe
        
        C:\Windows\system32\Bchogd32.exe
        252⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\Cnbmolhd.exe
        
        C:\Windows\system32\Cnbmolhd.exe
        253⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\Cjindm32.exe
        
        C:\Windows\system32\Cjindm32.exe
        254⤵
        
        PID:868
        
        C:\Windows\SysWOW64\Cenaaf32.exe
        
        C:\Windows\system32\Cenaaf32.exe
        255⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Caebfg32.exe
        
        C:\Windows\system32\Caebfg32.exe
        256⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\Eoilfidj.exe
        
        C:\Windows\system32\Eoilfidj.exe
        257⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\Edknjonl.exe
        
        C:\Windows\system32\Edknjonl.exe
        258⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\Egijfjmp.exe
        
        C:\Windows\system32\Egijfjmp.exe
        259⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Emcbcd32.exe
        
        C:\Windows\system32\Emcbcd32.exe
        260⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\Edmjpoli.exe
        
        C:\Windows\system32\Edmjpoli.exe
        261⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\Fkgbli32.exe
        
        C:\Windows\system32\Fkgbli32.exe
        262⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\Fkqebg32.exe
        
        C:\Windows\system32\Fkqebg32.exe
        263⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\Ghnibj32.exe
        
        C:\Windows\system32\Ghnibj32.exe
        264⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\Gnkajapa.exe
        
        C:\Windows\system32\Gnkajapa.exe
        265⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\Hnagkp32.exe
        
        C:\Windows\system32\Hnagkp32.exe
        266⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\Hkehdd32.exe
        
        C:\Windows\system32\Hkehdd32.exe
        267⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\Ininloda.exe
        
        C:\Windows\system32\Ininloda.exe
        268⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\Idbfhiko.exe
        
        C:\Windows\system32\Idbfhiko.exe
        269⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\Ikmnec32.exe
        
        C:\Windows\system32\Ikmnec32.exe
        270⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\Inkjao32.exe
        
        C:\Windows\system32\Inkjao32.exe
        271⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\Iiqooh32.exe
        
        C:\Windows\system32\Iiqooh32.exe
        272⤵
        
        PID:184
        
        C:\Windows\SysWOW64\Iojgkbib.exe
        
        C:\Windows\system32\Iojgkbib.exe
        273⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\Jgjekc32.exe
        
        C:\Windows\system32\Jgjekc32.exe
        274⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\Jkhnab32.exe
        
        C:\Windows\system32\Jkhnab32.exe
        275⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\Jgonfcnb.exe
        
        C:\Windows\system32\Jgonfcnb.exe
        276⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\Jphcmp32.exe
        
        C:\Windows\system32\Jphcmp32.exe
        277⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\Klapgq32.exe
        
        C:\Windows\system32\Klapgq32.exe
        278⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\Kelaef32.exe
        
        C:\Windows\system32\Kelaef32.exe
        279⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\Lpbojlfd.exe
        
        C:\Windows\system32\Lpbojlfd.exe
        280⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\Mhncnodp.exe
        
        C:\Windows\system32\Mhncnodp.exe
        281⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\Mplapkoj.exe
        
        C:\Windows\system32\Mplapkoj.exe
        282⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\Midfiq32.exe
        
        C:\Windows\system32\Midfiq32.exe
        283⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\Mpnnek32.exe
        
        C:\Windows\system32\Mpnnek32.exe
        284⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\Nekgna32.exe
        
        C:\Windows\system32\Nekgna32.exe
        285⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\Nboggf32.exe
        
        C:\Windows\system32\Nboggf32.exe
        286⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\Nimioo32.exe
        
        C:\Windows\system32\Nimioo32.exe
        287⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\Npgalidl.exe
        
        C:\Windows\system32\Npgalidl.exe
        288⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\Ngaihcli.exe
        
        C:\Windows\system32\Ngaihcli.exe
        289⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\Nipedokm.exe
        
        C:\Windows\system32\Nipedokm.exe
        290⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\Opjnai32.exe
        
        C:\Windows\system32\Opjnai32.exe
        291⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\Ogcfncjf.exe
        
        C:\Windows\system32\Ogcfncjf.exe
        292⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\Ohebek32.exe
        
        C:\Windows\system32\Ohebek32.exe
        293⤵
        
        PID:528
        
        C:\Windows\SysWOW64\Oplkgi32.exe
        
        C:\Windows\system32\Oplkgi32.exe
        294⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\Ogfccchd.exe
        
        C:\Windows\system32\Ogfccchd.exe
        295⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\Olcklj32.exe
        
        C:\Windows\system32\Olcklj32.exe
        296⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\Oghpib32.exe
        
        C:\Windows\system32\Oghpib32.exe
        297⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\Ohjlqklp.exe
        
        C:\Windows\system32\Ohjlqklp.exe
        298⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\Oocdme32.exe
        
        C:\Windows\system32\Oocdme32.exe
        299⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\Oenljoji.exe
        
        C:\Windows\system32\Oenljoji.exe
        300⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\Ohlifj32.exe
        
        C:\Windows\system32\Ohlifj32.exe
        301⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\Oofacdaj.exe
        
        C:\Windows\system32\Oofacdaj.exe
        302⤵
        
        PID:116
        
        C:\Windows\SysWOW64\Oepipo32.exe
        
        C:\Windows\system32\Oepipo32.exe
        303⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\Ohnelj32.exe
        
        C:\Windows\system32\Ohnelj32.exe
        304⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\Phekliab.exe
        
        C:\Windows\system32\Phekliab.exe
        305⤵
        
        PID:884
        
        C:\Windows\SysWOW64\Poodicio.exe
        
        C:\Windows\system32\Poodicio.exe
        306⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\Agpoqoaf.exe
        
        C:\Windows\system32\Agpoqoaf.exe
        307⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\Bfqkmj32.exe
        
        C:\Windows\system32\Bfqkmj32.exe
        308⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\Cfjnch32.exe
        
        C:\Windows\system32\Cfjnch32.exe
        309⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\Ccednl32.exe
        
        C:\Windows\system32\Ccednl32.exe
        310⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\Dibmfb32.exe
        
        C:\Windows\system32\Dibmfb32.exe
        311⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\Dplebmbl.exe
        
        C:\Windows\system32\Dplebmbl.exe
        312⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\Dffmogji.exe
        
        C:\Windows\system32\Dffmogji.exe
        313⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\Ehomph32.exe
        
        C:\Windows\system32\Ehomph32.exe
        314⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\Ejmild32.exe
        
        C:\Windows\system32\Ejmild32.exe
        315⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\Fdlcehhn.exe
        
        C:\Windows\system32\Fdlcehhn.exe
        316⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\Fhjlkg32.exe
        
        C:\Windows\system32\Fhjlkg32.exe
        317⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\Filicodb.exe
        
        C:\Windows\system32\Filicodb.exe
        318⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Fdamph32.exe
        
        C:\Windows\system32\Fdamph32.exe
        319⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Fkkemble.exe
        
        C:\Windows\system32\Fkkemble.exe
        320⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\Faemjl32.exe
        
        C:\Windows\system32\Faemjl32.exe
        321⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\Fgbfbc32.exe
        
        C:\Windows\system32\Fgbfbc32.exe
        322⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\Fipbnn32.exe
        
        C:\Windows\system32\Fipbnn32.exe
        323⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\Fpjjkh32.exe
        
        C:\Windows\system32\Fpjjkh32.exe
        324⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\Fgdbgbof.exe
        
        C:\Windows\system32\Fgdbgbof.exe
        325⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\Fmnkdm32.exe
        
        C:\Windows\system32\Fmnkdm32.exe
        326⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\Gpmgph32.exe
        
        C:\Windows\system32\Gpmgph32.exe
        327⤵
        
        PID:752
        
        C:\Windows\SysWOW64\Ggfombmd.exe
        
        C:\Windows\system32\Ggfombmd.exe
        328⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\Gpodfh32.exe
        
        C:\Windows\system32\Gpodfh32.exe
        329⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\Ggilbb32.exe
        
        C:\Windows\system32\Ggilbb32.exe
        330⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\Gdoiaf32.exe
        
        C:\Windows\system32\Gdoiaf32.exe
        331⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\Gilajmfp.exe
        
        C:\Windows\system32\Gilajmfp.exe
        332⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\Ggpbcaei.exe
        
        C:\Windows\system32\Ggpbcaei.exe
        333⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\Hphglf32.exe
        
        C:\Windows\system32\Hphglf32.exe
        334⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\Hgghdp32.exe
        
        C:\Windows\system32\Hgghdp32.exe
        335⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\Hpomme32.exe
        
        C:\Windows\system32\Hpomme32.exe
        336⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\Hgieipmo.exe
        
        C:\Windows\system32\Hgieipmo.exe
        337⤵
        
        PID:332
        
        C:\Windows\SysWOW64\Hncmfj32.exe
        
        C:\Windows\system32\Hncmfj32.exe
        338⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\Jkggfl32.exe
        
        C:\Windows\system32\Jkggfl32.exe
        339⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\Lelcbmcc.exe
        
        C:\Windows\system32\Lelcbmcc.exe
        340⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\Miofcked.exe
        
        C:\Windows\system32\Miofcked.exe
        341⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\Pacfdila.exe
        
        C:\Windows\system32\Pacfdila.exe
        342⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Phnoac32.exe
        
        C:\Windows\system32\Phnoac32.exe
        343⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\Pkqdhnom.exe
        
        C:\Windows\system32\Pkqdhnom.exe
        344⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Pakleh32.exe
        
        C:\Windows\system32\Pakleh32.exe
        345⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\Phddbbnf.exe
        
        C:\Windows\system32\Phddbbnf.exe
        346⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Poomom32.exe
        
        C:\Windows\system32\Poomom32.exe
        347⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\Pehekgmp.exe
        
        C:\Windows\system32\Pehekgmp.exe
        348⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\Plbmhadm.exe
        
        C:\Windows\system32\Plbmhadm.exe
        349⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\Qifnaecf.exe
        
        C:\Windows\system32\Qifnaecf.exe
        350⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\Qocfjlan.exe
        
        C:\Windows\system32\Qocfjlan.exe
        351⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\Qhlkbaho.exe
        
        C:\Windows\system32\Qhlkbaho.exe
        352⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\Qoecol32.exe
        
        C:\Windows\system32\Qoecol32.exe
        353⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\Ahnghafl.exe
        
        C:\Windows\system32\Ahnghafl.exe
        354⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\Acclejeb.exe
        
        C:\Windows\system32\Acclejeb.exe
        355⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\Blecdn32.exe
        
        C:\Windows\system32\Blecdn32.exe
        356⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\Bhqmdoef.exe
        
        C:\Windows\system32\Bhqmdoef.exe
        357⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\Cbkncd32.exe
        
        C:\Windows\system32\Cbkncd32.exe
        358⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\Cckkmg32.exe
        
        C:\Windows\system32\Cckkmg32.exe
        359⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\Cihcen32.exe
        
        C:\Windows\system32\Cihcen32.exe
        360⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\Cobkbhgk.exe
        
        C:\Windows\system32\Cobkbhgk.exe
        361⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\Cbphncfo.exe
        
        C:\Windows\system32\Cbphncfo.exe
        362⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\Cijpkmml.exe
        
        C:\Windows\system32\Cijpkmml.exe
        363⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\Codhgg32.exe
        
        C:\Windows\system32\Codhgg32.exe
        364⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\Cbbdcc32.exe
        
        C:\Windows\system32\Cbbdcc32.exe
        365⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\Difpflco.exe
        
        C:\Windows\system32\Difpflco.exe
        366⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\Dpphcf32.exe
        
        C:\Windows\system32\Dpphcf32.exe
        367⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\Djelqo32.exe
        
        C:\Windows\system32\Djelqo32.exe
        368⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\Ejlban32.exe
        
        C:\Windows\system32\Ejlban32.exe
        369⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\Elnoifjg.exe
        
        C:\Windows\system32\Elnoifjg.exe
        370⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\Ecefjckj.exe
        
        C:\Windows\system32\Ecefjckj.exe
        371⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\Fikbhiaf.exe
        
        C:\Windows\system32\Fikbhiaf.exe
        372⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\Fpejec32.exe
        
        C:\Windows\system32\Fpejec32.exe
        373⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\Fbcfan32.exe
        
        C:\Windows\system32\Fbcfan32.exe
        374⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\Gmndjf32.exe
        
        C:\Windows\system32\Gmndjf32.exe
        375⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\Gbjlbm32.exe
        
        C:\Windows\system32\Gbjlbm32.exe
        376⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\Gideogil.exe
        
        C:\Windows\system32\Gideogil.exe
        377⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\Gpnmka32.exe
        
        C:\Windows\system32\Gpnmka32.exe
        378⤵
        
        PID:960
        
        C:\Windows\SysWOW64\Gbmigm32.exe
        
        C:\Windows\system32\Gbmigm32.exe
        379⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\Gifadggi.exe
        
        C:\Windows\system32\Gifadggi.exe
        380⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\Gdleap32.exe
        
        C:\Windows\system32\Gdleap32.exe
        381⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\Gfkbnk32.exe
        
        C:\Windows\system32\Gfkbnk32.exe
        382⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\Glgjfb32.exe
        
        C:\Windows\system32\Glgjfb32.exe
        383⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\Gbabblkg.exe
        
        C:\Windows\system32\Gbabblkg.exe
        384⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\Gkhkdjli.exe
        
        C:\Windows\system32\Gkhkdjli.exe
        385⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\Gljgkb32.exe
        
        C:\Windows\system32\Gljgkb32.exe
        386⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\Hgokikan.exe
        
        C:\Windows\system32\Hgokikan.exe
        387⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\Hmicee32.exe
        
        C:\Windows\system32\Hmicee32.exe
        388⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\Hdclbopg.exe
        
        C:\Windows\system32\Hdclbopg.exe
        389⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Hgahnjpk.exe
        
        C:\Windows\system32\Hgahnjpk.exe
        390⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\Idceim32.exe
        
        C:\Windows\system32\Idceim32.exe
        391⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\Igbaeh32.exe
        
        C:\Windows\system32\Igbaeh32.exe
        392⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\Inlibb32.exe
        
        C:\Windows\system32\Inlibb32.exe
        393⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\Idfaolpb.exe
        
        C:\Windows\system32\Idfaolpb.exe
        394⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\Ijcjgcni.exe
        
        C:\Windows\system32\Ijcjgcni.exe
        395⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\Ipmbcm32.exe
        
        C:\Windows\system32\Ipmbcm32.exe
        396⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\Jggjpgmc.exe
        
        C:\Windows\system32\Jggjpgmc.exe
        397⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\Jnqbmadp.exe
        
        C:\Windows\system32\Jnqbmadp.exe
        398⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\Jdkkjl32.exe
        
        C:\Windows\system32\Jdkkjl32.exe
        399⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\Jjgcbb32.exe
        
        C:\Windows\system32\Jjgcbb32.exe
        400⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\Jdmgok32.exe
        
        C:\Windows\system32\Jdmgok32.exe
        401⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\Jkgpleaf.exe
        
        C:\Windows\system32\Jkgpleaf.exe
        402⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\Jlhlcnge.exe
        
        C:\Windows\system32\Jlhlcnge.exe
        403⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\Jgnqafgk.exe
        
        C:\Windows\system32\Jgnqafgk.exe
        404⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\Jnhinq32.exe
        
        C:\Windows\system32\Jnhinq32.exe
        405⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\Jdaajkfd.exe
        
        C:\Windows\system32\Jdaajkfd.exe
        406⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\Jkligd32.exe
        
        C:\Windows\system32\Jkligd32.exe
        407⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\Jlmfomcp.exe
        
        C:\Windows\system32\Jlmfomcp.exe
        408⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\Kddnpj32.exe
        
        C:\Windows\system32\Kddnpj32.exe
        409⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\Kjafha32.exe
        
        C:\Windows\system32\Kjafha32.exe
        410⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\Kmobdm32.exe
        
        C:\Windows\system32\Kmobdm32.exe
        411⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\Kcikagij.exe
        
        C:\Windows\system32\Kcikagij.exe
        412⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\Knoonphp.exe
        
        C:\Windows\system32\Knoonphp.exe
        413⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\Kdigkjpl.exe
        
        C:\Windows\system32\Kdigkjpl.exe
        414⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Kjjinp32.exe
        
        C:\Windows\system32\Kjjinp32.exe
        415⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\Ldbjah32.exe
        
        C:\Windows\system32\Ldbjah32.exe
        416⤵
        
        PID:684
        
        C:\Windows\SysWOW64\Lklbnb32.exe
        
        C:\Windows\system32\Lklbnb32.exe
        417⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\Lcjchd32.exe
        
        C:\Windows\system32\Lcjchd32.exe
        418⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\Lnohemjm.exe
        
        C:\Windows\system32\Lnohemjm.exe
        419⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\Lgglnb32.exe
        
        C:\Windows\system32\Lgglnb32.exe
        420⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\Mgjicb32.exe
        
        C:\Windows\system32\Mgjicb32.exe
        421⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\Mndapl32.exe
        
        C:\Windows\system32\Mndapl32.exe
        422⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\Mglfibmh.exe
        
        C:\Windows\system32\Mglfibmh.exe
        423⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\Mjkbemll.exe
        
        C:\Windows\system32\Mjkbemll.exe
        424⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\Madjbg32.exe
        
        C:\Windows\system32\Madjbg32.exe
        425⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\Mkjnop32.exe
        
        C:\Windows\system32\Mkjnop32.exe
        426⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\Mmkkgh32.exe
        
        C:\Windows\system32\Mmkkgh32.exe
        427⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\Mceccbpj.exe
        
        C:\Windows\system32\Mceccbpj.exe
        428⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\Mmnglh32.exe
        
        C:\Windows\system32\Mmnglh32.exe
        429⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\Mgclja32.exe
        
        C:\Windows\system32\Mgclja32.exe
        430⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\Mjahfl32.exe
        
        C:\Windows\system32\Mjahfl32.exe
        431⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\Neglceej.exe
        
        C:\Windows\system32\Neglceej.exe
        432⤵
        
        PID:788
        
        C:\Windows\SysWOW64\Nladpo32.exe
        
        C:\Windows\system32\Nladpo32.exe
        433⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\Nmbaggce.exe
        
        C:\Windows\system32\Nmbaggce.exe
        434⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Nclida32.exe
        
        C:\Windows\system32\Nclida32.exe
        435⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\Njfaalao.exe
        
        C:\Windows\system32\Njfaalao.exe
        436⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\Napjnfik.exe
        
        C:\Windows\system32\Napjnfik.exe
        437⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\Nlfnkoia.exe
        
        C:\Windows\system32\Nlfnkoia.exe
        438⤵
        
        PID:740
        
        C:\Windows\SysWOW64\Nabfcegi.exe
        
        C:\Windows\system32\Nabfcegi.exe
        439⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\Ndaboafl.exe
        
        C:\Windows\system32\Ndaboafl.exe
        440⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\Njkklk32.exe
        
        C:\Windows\system32\Njkklk32.exe
        441⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\Naecieef.exe
        
        C:\Windows\system32\Naecieef.exe
        442⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\Nljgfn32.exe
        
        C:\Windows\system32\Nljgfn32.exe
        443⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\Omldnfkj.exe
        
        C:\Windows\system32\Omldnfkj.exe
        444⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\Odfljp32.exe
        
        C:\Windows\system32\Odfljp32.exe
        445⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Ojpdgjid.exe
        
        C:\Windows\system32\Ojpdgjid.exe
        446⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\Oajmdd32.exe
        
        C:\Windows\system32\Oajmdd32.exe
        447⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\Odhipp32.exe
        
        C:\Windows\system32\Odhipp32.exe
        448⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\Ojbamj32.exe
        
        C:\Windows\system32\Ojbamj32.exe
        449⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\Oaliidon.exe
        
        C:\Windows\system32\Oaliidon.exe
        450⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\Pddhlnfg.exe
        
        C:\Windows\system32\Pddhlnfg.exe
        451⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\Pknqhh32.exe
        
        C:\Windows\system32\Pknqhh32.exe
        452⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\Pahiebeq.exe
        
        C:\Windows\system32\Pahiebeq.exe
        453⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\Phaabm32.exe
        
        C:\Windows\system32\Phaabm32.exe
        454⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\Pkpmnh32.exe
        
        C:\Windows\system32\Pkpmnh32.exe
        455⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\Pajekb32.exe
        
        C:\Windows\system32\Pajekb32.exe
        456⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\Pdhbgn32.exe
        
        C:\Windows\system32\Pdhbgn32.exe
        457⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\Pkbjchio.exe
        
        C:\Windows\system32\Pkbjchio.exe
        458⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\Palbpb32.exe
        
        C:\Windows\system32\Palbpb32.exe
        459⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\Phfjmlhh.exe
        
        C:\Windows\system32\Phfjmlhh.exe
        460⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\Qopbjf32.exe
        
        C:\Windows\system32\Qopbjf32.exe
        461⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\Qejkfp32.exe
        
        C:\Windows\system32\Qejkfp32.exe
        462⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\Qldccjno.exe
        
        C:\Windows\system32\Qldccjno.exe
        463⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\Qmepkb32.exe
        
        C:\Windows\system32\Qmepkb32.exe
        464⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\Qdphgmlj.exe
        
        C:\Windows\system32\Qdphgmlj.exe
        465⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\Akipdg32.exe
        
        C:\Windows\system32\Akipdg32.exe
        466⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\Aachaa32.exe
        
        C:\Windows\system32\Aachaa32.exe
        467⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\Adbdml32.exe
        
        C:\Windows\system32\Adbdml32.exe
        468⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\Aklmjfad.exe
        
        C:\Windows\system32\Aklmjfad.exe
        469⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\Aeaagoaj.exe
        
        C:\Windows\system32\Aeaagoaj.exe
        470⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\Ahpmckpn.exe
        
        C:\Windows\system32\Ahpmckpn.exe
        471⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\Aojepe32.exe
        
        C:\Windows\system32\Aojepe32.exe
        472⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\Aecnmo32.exe
        
        C:\Windows\system32\Aecnmo32.exe
        473⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\Alnfiifd.exe
        
        C:\Windows\system32\Alnfiifd.exe
        474⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Anobaa32.exe
        
        C:\Windows\system32\Anobaa32.exe
        475⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\Adiknkco.exe
        
        C:\Windows\system32\Adiknkco.exe
        476⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\Alpboida.exe
        
        C:\Windows\system32\Alpboida.exe
        477⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\Anaofa32.exe
        
        C:\Windows\system32\Anaofa32.exe
        478⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\Bdkgckal.exe
        
        C:\Windows\system32\Bdkgckal.exe
        479⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\Blbodh32.exe
        
        C:\Windows\system32\Blbodh32.exe
        480⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\Baohmo32.exe
        
        C:\Windows\system32\Baohmo32.exe
        481⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\Bdndik32.exe
        
        C:\Windows\system32\Bdndik32.exe
        482⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\Bochfc32.exe
        
        C:\Windows\system32\Bochfc32.exe
        483⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\Bemqcngl.exe
        
        C:\Windows\system32\Bemqcngl.exe
        484⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Blgiphni.exe
        
        C:\Windows\system32\Blgiphni.exe
        485⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\Bnhegp32.exe
        
        C:\Windows\system32\Bnhegp32.exe
        486⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\Bhnidi32.exe
        
        C:\Windows\system32\Bhnidi32.exe
        487⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\Bohbackj.exe
        
        C:\Windows\system32\Bohbackj.exe
        488⤵
        
        PID:264
        
        C:\Windows\SysWOW64\Beajnm32.exe
        
        C:\Windows\system32\Beajnm32.exe
        489⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\Bllbkg32.exe
        
        C:\Windows\system32\Bllbkg32.exe
        490⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\Bnmobopb.exe
        
        C:\Windows\system32\Bnmobopb.exe
        491⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\Cdggoi32.exe
        
        C:\Windows\system32\Cdggoi32.exe
        492⤵
        
        PID:980
        
        C:\Windows\SysWOW64\Ckaolcol.exe
        
        C:\Windows\system32\Ckaolcol.exe
        493⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\Cakghn32.exe
        
        C:\Windows\system32\Cakghn32.exe
        494⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\Clplff32.exe
        
        C:\Windows\system32\Clplff32.exe
        495⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\Cnahmo32.exe
        
        C:\Windows\system32\Cnahmo32.exe
        496⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\Cdlpjicj.exe
        
        C:\Windows\system32\Cdlpjicj.exe
        497⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\Coadgacp.exe
        
        C:\Windows\system32\Coadgacp.exe
        498⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\Cfkmdl32.exe
        
        C:\Windows\system32\Cfkmdl32.exe
        499⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\Cleeafbi.exe
        
        C:\Windows\system32\Cleeafbi.exe
        500⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\Cocamaam.exe
        
        C:\Windows\system32\Cocamaam.exe
        501⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\Cfmijkhj.exe
        
        C:\Windows\system32\Cfmijkhj.exe
        502⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\Clgbfe32.exe
        
        C:\Windows\system32\Clgbfe32.exe
        503⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Cninnnfe.exe
        
        C:\Windows\system32\Cninnnfe.exe
        504⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\Ddbfkh32.exe
        
        C:\Windows\system32\Ddbfkh32.exe
        505⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\Dkmogbeo.exe
        
        C:\Windows\system32\Dkmogbeo.exe
        506⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\Dbfgdllk.exe
        
        C:\Windows\system32\Dbfgdllk.exe
        507⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\Dhqoaf32.exe
        
        C:\Windows\system32\Dhqoaf32.exe
        508⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\Dojgnpke.exe
        
        C:\Windows\system32\Dojgnpke.exe
        509⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\Dbicjlji.exe
        
        C:\Windows\system32\Dbicjlji.exe
        510⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\Diclff32.exe
        
        C:\Windows\system32\Diclff32.exe
        511⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\Domdcpib.exe
        
        C:\Windows\system32\Domdcpib.exe
        512⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\Dbkpokhf.exe
        
        C:\Windows\system32\Dbkpokhf.exe
        513⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\Dieilepc.exe
        
        C:\Windows\system32\Dieilepc.exe
        514⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\Dooaip32.exe
        
        C:\Windows\system32\Dooaip32.exe
        515⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\Dbnmek32.exe
        
        C:\Windows\system32\Dbnmek32.exe
        516⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\Digeaenp.exe
        
        C:\Windows\system32\Digeaenp.exe
        517⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\Dkfanqmd.exe
        
        C:\Windows\system32\Dkfanqmd.exe
        518⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\Ebpjjk32.exe
        
        C:\Windows\system32\Ebpjjk32.exe
        519⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\Eijbge32.exe
        
        C:\Windows\system32\Eijbge32.exe
        520⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\Ekhncp32.exe
        
        C:\Windows\system32\Ekhncp32.exe
        521⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\Ebbfpjbn.exe
        
        C:\Windows\system32\Ebbfpjbn.exe
        522⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\Eilomd32.exe
        
        C:\Windows\system32\Eilomd32.exe
        523⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\Eofgioah.exe
        
        C:\Windows\system32\Eofgioah.exe
        524⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\Ebdcejpk.exe
        
        C:\Windows\system32\Ebdcejpk.exe
        525⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\Eiokbd32.exe
        
        C:\Windows\system32\Eiokbd32.exe
        526⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\Eohcon32.exe
        
        C:\Windows\system32\Eohcon32.exe
        527⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\Ebgpkj32.exe
        
        C:\Windows\system32\Ebgpkj32.exe
        528⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\Eiahhdee.exe
        
        C:\Windows\system32\Eiahhdee.exe
        529⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\Epkpdn32.exe
        
        C:\Windows\system32\Epkpdn32.exe
        530⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\Efeiahdo.exe
        
        C:\Windows\system32\Efeiahdo.exe
        531⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\Emoanbll.exe
        
        C:\Windows\system32\Emoanbll.exe
        532⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\Epmmjnkp.exe
        
        C:\Windows\system32\Epmmjnkp.exe
        533⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\Ffgegh32.exe
        
        C:\Windows\system32\Ffgegh32.exe
        534⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\Fmancbji.exe
        
        C:\Windows\system32\Fmancbji.exe
        535⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\Fnbjkj32.exe
        
        C:\Windows\system32\Fnbjkj32.exe
        536⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\Felbhdgd.exe
        
        C:\Windows\system32\Felbhdgd.exe
        537⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\Fmcjiagf.exe
        
        C:\Windows\system32\Fmcjiagf.exe
        538⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\Fnegqjne.exe
        
        C:\Windows\system32\Fnegqjne.exe
        539⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\Feoomd32.exe
        
        C:\Windows\system32\Feoomd32.exe
        540⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\Fligjnlo.exe
        
        C:\Windows\system32\Fligjnlo.exe
        541⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\Fbbpgh32.exe
        
        C:\Windows\system32\Fbbpgh32.exe
        542⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\Fimhcbkh.exe
        
        C:\Windows\system32\Fimhcbkh.exe
        543⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\Fpfppl32.exe
        
        C:\Windows\system32\Fpfppl32.exe
        544⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\Ffqhmf32.exe
        
        C:\Windows\system32\Ffqhmf32.exe
        545⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\Fiodib32.exe
        
        C:\Windows\system32\Fiodib32.exe
        546⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\Gpimflqb.exe
        
        C:\Windows\system32\Gpimflqb.exe
        547⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\Gbgibgpf.exe
        
        C:\Windows\system32\Gbgibgpf.exe
        548⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\Giaaoa32.exe
        
        C:\Windows\system32\Giaaoa32.exe
        549⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\Gpkiklop.exe
        
        C:\Windows\system32\Gpkiklop.exe
        550⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\Gfeahffl.exe
        
        C:\Windows\system32\Gfeahffl.exe
        551⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\Gmojep32.exe
        
        C:\Windows\system32\Gmojep32.exe
        552⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\Gnqflhcg.exe
        
        C:\Windows\system32\Gnqflhcg.exe
        553⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\Gmdcpoid.exe
        
        C:\Windows\system32\Gmdcpoid.exe
        554⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\Goepgg32.exe
        
        C:\Windows\system32\Goepgg32.exe
        555⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\Geohdago.exe
        
        C:\Windows\system32\Geohdago.exe
        556⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\Hlipal32.exe
        
        C:\Windows\system32\Hlipal32.exe
        557⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\Hbchnfei.exe
        
        C:\Windows\system32\Hbchnfei.exe
        558⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\Headjael.exe
        
        C:\Windows\system32\Headjael.exe
        559⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\Hlkmfkli.exe
        
        C:\Windows\system32\Hlkmfkli.exe
        560⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\Hbeece32.exe
        
        C:\Windows\system32\Hbeece32.exe
        561⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\Hedaoa32.exe
        
        C:\Windows\system32\Hedaoa32.exe
        562⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\Hlnjlkjf.exe
        
        C:\Windows\system32\Hlnjlkjf.exe
        563⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\Hbhbie32.exe
        
        C:\Windows\system32\Hbhbie32.exe
        564⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\Hiajeoip.exe
        
        C:\Windows\system32\Hiajeoip.exe
        565⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\Hplbbipm.exe
        
        C:\Windows\system32\Hplbbipm.exe
        566⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\Hehkjpod.exe
        
        C:\Windows\system32\Hehkjpod.exe
        567⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\Hlbcgj32.exe
        
        C:\Windows\system32\Hlbcgj32.exe
        568⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\Hblkddmn.exe
        
        C:\Windows\system32\Hblkddmn.exe
        569⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\Hekgppma.exe
        
        C:\Windows\system32\Hekgppma.exe
        570⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\Ilepmjdo.exe
        
        C:\Windows\system32\Ilepmjdo.exe
        571⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\Ibohid32.exe
        
        C:\Windows\system32\Ibohid32.exe
        572⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\Imdlgm32.exe
        
        C:\Windows\system32\Imdlgm32.exe
        573⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\Kedcml32.exe
        
        C:\Windows\system32\Kedcml32.exe
        574⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\Klceeejl.exe
        
        C:\Windows\system32\Klceeejl.exe
        575⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\Kgiibnib.exe
        
        C:\Windows\system32\Kgiibnib.exe
        576⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\Knbaoh32.exe
        
        C:\Windows\system32\Knbaoh32.exe
        577⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\Kpankd32.exe
        
        C:\Windows\system32\Kpankd32.exe
        578⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\Lfnfck32.exe
        
        C:\Windows\system32\Lfnfck32.exe
        579⤵
        
        PID:948
        
        C:\Windows\SysWOW64\Lqcjqcnp.exe
        
        C:\Windows\system32\Lqcjqcnp.exe
        580⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\Lgmbmn32.exe
        
        C:\Windows\system32\Lgmbmn32.exe
        581⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\Lngkjhmi.exe
        
        C:\Windows\system32\Lngkjhmi.exe
        582⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\Lcdcbokq.exe
        
        C:\Windows\system32\Lcdcbokq.exe
        583⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\Ljnloi32.exe
        
        C:\Windows\system32\Ljnloi32.exe
        584⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\Lqhdlc32.exe
        
        C:\Windows\system32\Lqhdlc32.exe
        585⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\Lgblhmag.exe
        
        C:\Windows\system32\Lgblhmag.exe
        586⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\Lqjqab32.exe
        
        C:\Windows\system32\Lqjqab32.exe
        587⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\Lgdinmod.exe
        
        C:\Windows\system32\Lgdinmod.exe
        588⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\Lnnakg32.exe
        
        C:\Windows\system32\Lnnakg32.exe
        589⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\Lopmbomp.exe
        
        C:\Windows\system32\Lopmbomp.exe
        590⤵
        
        PID:408
        
        C:\Windows\SysWOW64\Mjeaph32.exe
        
        C:\Windows\system32\Mjeaph32.exe
        591⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\Mqojlbcb.exe
        
        C:\Windows\system32\Mqojlbcb.exe
        592⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\Mgibil32.exe
        
        C:\Windows\system32\Mgibil32.exe
        593⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Mncjffbl.exe
        
        C:\Windows\system32\Mncjffbl.exe
        594⤵
        
        PID:716
        
        C:\Windows\SysWOW64\Mqafbaap.exe
        
        C:\Windows\system32\Mqafbaap.exe
        595⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\Mgkoolil.exe
        
        C:\Windows\system32\Mgkoolil.exe
        596⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\Mnegkf32.exe
        
        C:\Windows\system32\Mnegkf32.exe
        597⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\Mqdcga32.exe
        
        C:\Windows\system32\Mqdcga32.exe
        598⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\Mgnldkgj.exe
        
        C:\Windows\system32\Mgnldkgj.exe
        599⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\Mnhdae32.exe
        
        C:\Windows\system32\Mnhdae32.exe
        600⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\Mqfpma32.exe
        
        C:\Windows\system32\Mqfpma32.exe
        601⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\Mgphjk32.exe
        
        C:\Windows\system32\Mgphjk32.exe
        602⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\Mnjqfeld.exe
        
        C:\Windows\system32\Mnjqfeld.exe
        603⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\Mokmnm32.exe
        
        C:\Windows\system32\Mokmnm32.exe
        604⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\Nfeekgjo.exe
        
        C:\Windows\system32\Nfeekgjo.exe
        605⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\Nmomga32.exe
        
        C:\Windows\system32\Nmomga32.exe
        606⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\Npnjcm32.exe
        
        C:\Windows\system32\Npnjcm32.exe
        607⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\Nfhbpghl.exe
        
        C:\Windows\system32\Nfhbpghl.exe
        608⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\Nnojad32.exe
        
        C:\Windows\system32\Nnojad32.exe
        609⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\Nclbjk32.exe
        
        C:\Windows\system32\Nclbjk32.exe
        610⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\Njekfenc.exe
        
        C:\Windows\system32\Njekfenc.exe
        611⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\Nqpccp32.exe
        
        C:\Windows\system32\Nqpccp32.exe
        612⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\Nflkkf32.exe
        
        C:\Windows\system32\Nflkkf32.exe
        613⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\Nmfchq32.exe
        
        C:\Windows\system32\Nmfchq32.exe
        614⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\Ncplekbq.exe
        
        C:\Windows\system32\Ncplekbq.exe
        615⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\Njjdae32.exe
        
        C:\Windows\system32\Njjdae32.exe
        616⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\Nadlnoaj.exe
        
        C:\Windows\system32\Nadlnoaj.exe
        617⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\Ogndki32.exe
        
        C:\Windows\system32\Ogndki32.exe
        618⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\Pfdjccol.exe
        
        C:\Windows\system32\Pfdjccol.exe
        619⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\Pmnbpm32.exe
        
        C:\Windows\system32\Pmnbpm32.exe
        620⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\Pdhklgnf.exe
        
        C:\Windows\system32\Pdhklgnf.exe
        621⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\Pjaciafc.exe
        
        C:\Windows\system32\Pjaciafc.exe
        622⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\Qalkfl32.exe
        
        C:\Windows\system32\Qalkfl32.exe
        623⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\Qhfcbfdl.exe
        
        C:\Windows\system32\Qhfcbfdl.exe
        624⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\Qoplop32.exe
        
        C:\Windows\system32\Qoplop32.exe
        625⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\Qanhkk32.exe
        
        C:\Windows\system32\Qanhkk32.exe
        626⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\Qhhphebj.exe
        
        C:\Windows\system32\Qhhphebj.exe
        627⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\Qobhepjf.exe
        
        C:\Windows\system32\Qobhepjf.exe
        628⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\Apcemh32.exe
        
        C:\Windows\system32\Apcemh32.exe
        629⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\Afmmibga.exe
        
        C:\Windows\system32\Afmmibga.exe
        630⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\Amgefl32.exe
        
        C:\Windows\system32\Amgefl32.exe
        631⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\Adanbffk.exe
        
        C:\Windows\system32\Adanbffk.exe
        632⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\Akkfop32.exe
        
        C:\Windows\system32\Akkfop32.exe
        633⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\Aaenlj32.exe
        
        C:\Windows\system32\Aaenlj32.exe
        634⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\Ahofidlb.exe
        
        C:\Windows\system32\Ahofidlb.exe
        635⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\Aoioeo32.exe
        
        C:\Windows\system32\Aoioeo32.exe
        636⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\Apjkmgjm.exe
        
        C:\Windows\system32\Apjkmgjm.exe
        637⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\Agdcja32.exe
        
        C:\Windows\system32\Agdcja32.exe
        638⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\Amnlfk32.exe
        
        C:\Windows\system32\Amnlfk32.exe
        639⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\Adhdcepc.exe
        
        C:\Windows\system32\Adhdcepc.exe
        640⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\Akblpo32.exe
        
        C:\Windows\system32\Akblpo32.exe
        641⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\Baldmiom.exe
        
        C:\Windows\system32\Baldmiom.exe
        642⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\Bhfmic32.exe
        
        C:\Windows\system32\Bhfmic32.exe
        643⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\Bopefnnf.exe
        
        C:\Windows\system32\Bopefnnf.exe
        644⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\Bpaanfce.exe
        
        C:\Windows\system32\Bpaanfce.exe
        645⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\Bgkijp32.exe
        
        C:\Windows\system32\Bgkijp32.exe
        646⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\Bmeagjbo.exe
        
        C:\Windows\system32\Bmeagjbo.exe
        647⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\Eoagdi32.exe
        
        C:\Windows\system32\Eoagdi32.exe
        648⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\Eqbclagp.exe
        
        C:\Windows\system32\Eqbclagp.exe
        649⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\Eqiilp32.exe
        
        C:\Windows\system32\Eqiilp32.exe
        650⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\Foclpf32.exe
        
        C:\Windows\system32\Foclpf32.exe
        651⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\Geenclkn.exe
        
        C:\Windows\system32\Geenclkn.exe
        652⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\Hnibhp32.exe
        
        C:\Windows\system32\Hnibhp32.exe
        653⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\Hecjej32.exe
        
        C:\Windows\system32\Hecjej32.exe
        654⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\Hhagaf32.exe
        
        C:\Windows\system32\Hhagaf32.exe
        655⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\Hnkonpeo.exe
        
        C:\Windows\system32\Hnkonpeo.exe
        656⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\Heegjj32.exe
        
        C:\Windows\system32\Heegjj32.exe
        657⤵
        
        PID:884
        
        C:\Windows\SysWOW64\Ieojqi32.exe
        
        C:\Windows\system32\Ieojqi32.exe
        658⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\Ilibmcln.exe
        
        C:\Windows\system32\Ilibmcln.exe
        659⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\Ibcjjm32.exe
        
        C:\Windows\system32\Ibcjjm32.exe
        660⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\Iimcgg32.exe
        
        C:\Windows\system32\Iimcgg32.exe
        661⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\Ipgkcabd.exe
        
        C:\Windows\system32\Ipgkcabd.exe
        662⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\Iahgki32.exe
        
        C:\Windows\system32\Iahgki32.exe
        663⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\Iioplg32.exe
        
        C:\Windows\system32\Iioplg32.exe
        664⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\Ipihiaqa.exe
        
        C:\Windows\system32\Ipihiaqa.exe
        665⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\Jajdai32.exe
        
        C:\Windows\system32\Jajdai32.exe
        666⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\Jhdlncnl.exe
        
        C:\Windows\system32\Jhdlncnl.exe
        667⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\Jondjmei.exe
        
        C:\Windows\system32\Jondjmei.exe
        668⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\Jehmgg32.exe
        
        C:\Windows\system32\Jehmgg32.exe
        669⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\Jlbecadc.exe
        
        C:\Windows\system32\Jlbecadc.exe
        670⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\Kcepfj32.exe
        
        C:\Windows\system32\Kcepfj32.exe
        671⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\Kiphcdkb.exe
        
        C:\Windows\system32\Kiphcdkb.exe
        672⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\Kpiqpo32.exe
        
        C:\Windows\system32\Kpiqpo32.exe
        673⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\Kchmljab.exe
        
        C:\Windows\system32\Kchmljab.exe
        674⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Kibeid32.exe
        
        C:\Windows\system32\Kibeid32.exe
        675⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\Kplmenpl.exe
        
        C:\Windows\system32\Kplmenpl.exe
        676⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\Kamjmf32.exe
        
        C:\Windows\system32\Kamjmf32.exe
        677⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Khgbjqng.exe
        
        C:\Windows\system32\Khgbjqng.exe
        678⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Kpnjknni.exe
        
        C:\Windows\system32\Kpnjknni.exe
        679⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\Kaofcf32.exe
        
        C:\Windows\system32\Kaofcf32.exe
        680⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\Khiopp32.exe
        
        C:\Windows\system32\Khiopp32.exe
        681⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\Lpqgqn32.exe
        
        C:\Windows\system32\Lpqgqn32.exe
        682⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\Laachfbe.exe
        
        C:\Windows\system32\Laachfbe.exe
        683⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\Lhlkep32.exe
        
        C:\Windows\system32\Lhlkep32.exe
        684⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\Lpccfm32.exe
        
        C:\Windows\system32\Lpccfm32.exe
        685⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\Leplndhk.exe
        
        C:\Windows\system32\Leplndhk.exe
        686⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\Lhnhkpgo.exe
        
        C:\Windows\system32\Lhnhkpgo.exe
        687⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\Lohqgj32.exe
        
        C:\Windows\system32\Lohqgj32.exe
        688⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\Lebiddfi.exe
        
        C:\Windows\system32\Lebiddfi.exe
        689⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\Lllaqn32.exe
        
        C:\Windows\system32\Lllaqn32.exe
        690⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\Lcfimheb.exe
        
        C:\Windows\system32\Lcfimheb.exe
        691⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Ljpajbmo.exe
        
        C:\Windows\system32\Ljpajbmo.exe
        692⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\Moacnh32.exe
        
        C:\Windows\system32\Moacnh32.exe
        693⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\Mfkkjbnn.exe
        
        C:\Windows\system32\Mfkkjbnn.exe
        694⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\Mledgm32.exe
        
        C:\Windows\system32\Mledgm32.exe
        695⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\Mcolcgmh.exe
        
        C:\Windows\system32\Mcolcgmh.exe
        696⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\Mjidpa32.exe
        
        C:\Windows\system32\Mjidpa32.exe
        697⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\Mqclmk32.exe
        
        C:\Windows\system32\Mqclmk32.exe
        698⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\Nbibpb32.exe
        
        C:\Windows\system32\Nbibpb32.exe
        699⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\Nhckmmeg.exe
        
        C:\Windows\system32\Nhckmmeg.exe
        700⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\Nomcig32.exe
        
        C:\Windows\system32\Nomcig32.exe
        701⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\Nfgkfadq.exe
        
        C:\Windows\system32\Nfgkfadq.exe
        702⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\Nhegblcd.exe
        
        C:\Windows\system32\Nhegblcd.exe
        703⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\Noopof32.exe
        
        C:\Windows\system32\Noopof32.exe
        704⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\Nfihkq32.exe
        
        C:\Windows\system32\Nfihkq32.exe
        705⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\Nqolii32.exe
        
        C:\Windows\system32\Nqolii32.exe
        706⤵
        
        PID:500
        
        C:\Windows\SysWOW64\Nfldap32.exe
        
        C:\Windows\system32\Nfldap32.exe
        707⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\Nqaini32.exe
        
        C:\Windows\system32\Nqaini32.exe
        708⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\Nbbefafp.exe
        
        C:\Windows\system32\Nbbefafp.exe
        709⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\Oqcedino.exe
        
        C:\Windows\system32\Oqcedino.exe
        710⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\Ocbapdmb.exe
        
        C:\Windows\system32\Ocbapdmb.exe
        711⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\Ojljmn32.exe
        
        C:\Windows\system32\Ojljmn32.exe
        712⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\Oqfbihll.exe
        
        C:\Windows\system32\Oqfbihll.exe
        713⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\Obgoaq32.exe
        
        C:\Windows\system32\Obgoaq32.exe
        714⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\Oiagnk32.exe
        
        C:\Windows\system32\Oiagnk32.exe
        715⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\Oqhooh32.exe
        
        C:\Windows\system32\Oqhooh32.exe
        716⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\Obikgppg.exe
        
        C:\Windows\system32\Obikgppg.exe
        717⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\Oicccj32.exe
        
        C:\Windows\system32\Oicccj32.exe
        718⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\Opnlpdoa.exe
        
        C:\Windows\system32\Opnlpdoa.exe
        719⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\Oblhlpne.exe
        
        C:\Windows\system32\Oblhlpne.exe
        720⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Oifpijea.exe
        
        C:\Windows\system32\Oifpijea.exe
        721⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\Ockdfceh.exe
        
        C:\Windows\system32\Ockdfceh.exe
        722⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\Pjemcm32.exe
        
        C:\Windows\system32\Pjemcm32.exe
        723⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\Pqoepgca.exe
        
        C:\Windows\system32\Pqoepgca.exe
        724⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\Pcnalbce.exe
        
        C:\Windows\system32\Pcnalbce.exe
        725⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\Pjhihm32.exe
        
        C:\Windows\system32\Pjhihm32.exe
        726⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\Paaaeg32.exe
        
        C:\Windows\system32\Paaaeg32.exe
        727⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\Pfojmn32.exe
        
        C:\Windows\system32\Pfojmn32.exe
        728⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\Pmhbjhgc.exe
        
        C:\Windows\system32\Pmhbjhgc.exe
        729⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\Pbekboej.exe
        
        C:\Windows\system32\Pbekboej.exe
        730⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\Pjlcclfl.exe
        
        C:\Windows\system32\Pjlcclfl.exe
        731⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\Ppiklc32.exe
        
        C:\Windows\system32\Ppiklc32.exe
        732⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\Pbgghn32.exe
        
        C:\Windows\system32\Pbgghn32.exe
        733⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\Piapehkd.exe
        
        C:\Windows\system32\Piapehkd.exe
        734⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\Pplhab32.exe
        
        C:\Windows\system32\Pplhab32.exe
        735⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\Qfepnmjn.exe
        
        C:\Windows\system32\Qfepnmjn.exe
        736⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\Qmphkg32.exe
        
        C:\Windows\system32\Qmphkg32.exe
        737⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\Qciqga32.exe
        
        C:\Windows\system32\Qciqga32.exe
        738⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\Qifiph32.exe
        
        C:\Windows\system32\Qifiph32.exe
        739⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\Qppambnl.exe
        
        C:\Windows\system32\Qppambnl.exe
        740⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\Afjjil32.exe
        
        C:\Windows\system32\Afjjil32.exe
        741⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\Amdbffme.exe
        
        C:\Windows\system32\Amdbffme.exe
        742⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\Apbnbali.exe
        
        C:\Windows\system32\Apbnbali.exe
        743⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\Afmfolcf.exe
        
        C:\Windows\system32\Afmfolcf.exe
        744⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\Amfokf32.exe
        
        C:\Windows\system32\Amfokf32.exe
        745⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\Adqghpbp.exe
        
        C:\Windows\system32\Adqghpbp.exe
        746⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\Ajjoej32.exe
        
        C:\Windows\system32\Ajjoej32.exe
        747⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\Aadgadai.exe
        
        C:\Windows\system32\Aadgadai.exe
        748⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\Ajmljjhj.exe
        
        C:\Windows\system32\Ajmljjhj.exe
        749⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\Aagdgd32.exe
        
        C:\Windows\system32\Aagdgd32.exe
        750⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\Abhqolee.exe
        
        C:\Windows\system32\Abhqolee.exe
        751⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\Aibilf32.exe
        
        C:\Windows\system32\Aibilf32.exe
        752⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\Aplahpdo.exe
        
        C:\Windows\system32\Aplahpdo.exe
        753⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\Bffiejkk.exe
        
        C:\Windows\system32\Bffiejkk.exe
        754⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\Bakmbcka.exe
        
        C:\Windows\system32\Bakmbcka.exe
        755⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\Bbmjjk32.exe
        
        C:\Windows\system32\Bbmjjk32.exe
        756⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\Bjdbki32.exe
        
        C:\Windows\system32\Bjdbki32.exe
        757⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\Banjhbio.exe
        
        C:\Windows\system32\Banjhbio.exe
        758⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\Bbofpk32.exe
        
        C:\Windows\system32\Bbofpk32.exe
        759⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\Biiole32.exe
        
        C:\Windows\system32\Biiole32.exe
        760⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\Bpcgionf.exe
        
        C:\Windows\system32\Bpcgionf.exe
        761⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\Bfmoei32.exe
        
        C:\Windows\system32\Bfmoei32.exe
        762⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\Bmggbcmp.exe
        
        C:\Windows\system32\Bmggbcmp.exe
        763⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\Bpedoold.exe
        
        C:\Windows\system32\Bpedoold.exe
        764⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\Bfolki32.exe
        
        C:\Windows\system32\Bfolki32.exe
        765⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\Bmidhc32.exe
        
        C:\Windows\system32\Bmidhc32.exe
        766⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\Cdcldmbj.exe
        
        C:\Windows\system32\Cdcldmbj.exe
        767⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\Ckmeag32.exe
        
        C:\Windows\system32\Ckmeag32.exe
        768⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\Cagmnaad.exe
        
        C:\Windows\system32\Cagmnaad.exe
        769⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\Cbhifj32.exe
        
        C:\Windows\system32\Cbhifj32.exe
        770⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\Cibabdno.exe
        
        C:\Windows\system32\Cibabdno.exe
        771⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\Caijca32.exe
        
        C:\Windows\system32\Caijca32.exe
        772⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\Cckfkiep.exe
        
        C:\Windows\system32\Cckfkiep.exe
        773⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\Cienhc32.exe
        
        C:\Windows\system32\Cienhc32.exe
        774⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\Cpofdndi.exe
        
        C:\Windows\system32\Cpofdndi.exe
        775⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\Cgioah32.exe
        
        C:\Windows\system32\Cgioah32.exe
        776⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\Cigknc32.exe
        
        C:\Windows\system32\Cigknc32.exe
        777⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\Cpacjm32.exe
        
        C:\Windows\system32\Cpacjm32.exe
        778⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\Cgklggic.exe
        
        C:\Windows\system32\Cgklggic.exe
        779⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\Caqpdpii.exe
        
        C:\Windows\system32\Caqpdpii.exe
        780⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\Dcbllh32.exe
        
        C:\Windows\system32\Dcbllh32.exe
        781⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\Dngqia32.exe
        
        C:\Windows\system32\Dngqia32.exe
        782⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\Ddaifk32.exe
        
        C:\Windows\system32\Ddaifk32.exe
        783⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\Dgpebf32.exe
        
        C:\Windows\system32\Dgpebf32.exe
        784⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\Dnjmoqmk.exe
        
        C:\Windows\system32\Dnjmoqmk.exe
        785⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\Ddcekk32.exe
        
        C:\Windows\system32\Ddcekk32.exe
        786⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\Dgbagf32.exe
        
        C:\Windows\system32\Dgbagf32.exe
        787⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\Dnljdqkh.exe
        
        C:\Windows\system32\Dnljdqkh.exe
        788⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\Ddfbaj32.exe
        
        C:\Windows\system32\Ddfbaj32.exe
        789⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\Dkpjnd32.exe
        
        C:\Windows\system32\Dkpjnd32.exe
        790⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\Dajbjoao.exe
        
        C:\Windows\system32\Dajbjoao.exe
        791⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\Ddhofjpb.exe
        
        C:\Windows\system32\Ddhofjpb.exe
        792⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\Infhohhe.exe
        
        C:\Windows\system32\Infhohhe.exe
        793⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\Ieqplb32.exe
        
        C:\Windows\system32\Ieqplb32.exe
        794⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\Iljhhlgo.exe
        
        C:\Windows\system32\Iljhhlgo.exe
        795⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\Ibdpefnl.exe
        
        C:\Windows\system32\Ibdpefnl.exe
        796⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\Idfmmo32.exe
        
        C:\Windows\system32\Idfmmo32.exe
        797⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\Jjpejikg.exe
        
        C:\Windows\system32\Jjpejikg.exe
        798⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\Jajmfc32.exe
        
        C:\Windows\system32\Jajmfc32.exe
        799⤵
        
        PID:6540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4596

C:\Windows\SysWOW64\Jnnnpg32.exe
C:\Windows\system32\Jnnnpg32.exe
1⤵
PID:6524

C:\Windows\SysWOW64\Jhfbim32.exe
C:\Windows\system32\Jhfbim32.exe
1⤵
PID:6804
- C:\Windows\SysWOW64\Jbkffe32.exe
  C:\Windows\system32\Jbkffe32.exe
  2⤵
  PID:6728

C:\Windows\SysWOW64\Jobgkfnh.exe
C:\Windows\system32\Jobgkfnh.exe
1⤵
PID:7396

C:\Windows\SysWOW64\Jbppaedo.exe
C:\Windows\system32\Jbppaedo.exe
1⤵
PID:2308
- C:\Windows\SysWOW64\Khmhilbf.exe
  C:\Windows\system32\Khmhilbf.exe
  2⤵
  PID:6320

C:\Windows\SysWOW64\Khoeok32.exe
C:\Windows\system32\Khoeok32.exe
1⤵
PID:4480

C:\Windows\SysWOW64\Kahihagd.exe
C:\Windows\system32\Kahihagd.exe
1⤵
PID:11036

C:\Windows\SysWOW64\Kbibgcld.exe
C:\Windows\system32\Kbibgcld.exe
1⤵
PID:6772

C:\Windows\SysWOW64\Llddei32.exe
C:\Windows\system32\Llddei32.exe
1⤵
PID:7276
- C:\Windows\SysWOW64\Lbnlbc32.exe
  C:\Windows\system32\Lbnlbc32.exe
  2⤵
  PID:7808
- - C:\Windows\SysWOW64\Ldpijknm.exe
    C:\Windows\system32\Ldpijknm.exe
    3⤵
    PID:7352
  - - C:\Windows\SysWOW64\Lkiage32.exe
      C:\Windows\system32\Lkiage32.exe
      4⤵
      PID:7848
    - - C:\Windows\SysWOW64\Lacicolf.exe
        
        C:\Windows\system32\Lacicolf.exe
        5⤵
        
        PID:10520
      - C:\Windows\SysWOW64\Lhmapi32.exe
        
        C:\Windows\system32\Lhmapi32.exe
        6⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\Lklnle32.exe
        
        C:\Windows\system32\Lklnle32.exe
        7⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\Laffio32.exe
        
        C:\Windows\system32\Laffio32.exe
        8⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\Lhpnfibq.exe
        
        C:\Windows\system32\Lhpnfibq.exe
        9⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\Lojfbc32.exe
        
        C:\Windows\system32\Lojfbc32.exe
        10⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\Lahboo32.exe
        
        C:\Windows\system32\Lahboo32.exe
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\Lhbkkipn.exe
        
        C:\Windows\system32\Lhbkkipn.exe
        12⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\Lolchc32.exe
        
        C:\Windows\system32\Lolchc32.exe
        13⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\Mefkdm32.exe
        
        C:\Windows\system32\Mefkdm32.exe
        14⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\Mhdgqh32.exe
        
        C:\Windows\system32\Mhdgqh32.exe
        15⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\Monpnbeh.exe
        
        C:\Windows\system32\Monpnbeh.exe
        16⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\Mehhjm32.exe
        
        C:\Windows\system32\Mehhjm32.exe
        17⤵
        
        PID:7724

C:\Windows\SysWOW64\Mcabopgi.exe
C:\Windows\system32\Mcabopgi.exe
1⤵
PID:7212

C:\Windows\SysWOW64\Mklfcb32.exe
C:\Windows\system32\Mklfcb32.exe
1⤵
PID:10456

C:\Windows\SysWOW64\Nhpgmg32.exe
C:\Windows\system32\Nhpgmg32.exe
1⤵
PID:2788

C:\Windows\SysWOW64\Nlnpbe32.exe
C:\Windows\system32\Nlnpbe32.exe
1⤵
PID:7600

C:\Windows\SysWOW64\Ndidgg32.exe
C:\Windows\system32\Ndidgg32.exe
1⤵
PID:2112

C:\Windows\SysWOW64\Nhgmmfnf.exe
C:\Windows\system32\Nhgmmfnf.exe
1⤵
PID:7744
- C:\Windows\SysWOW64\Noaejpec.exe
  C:\Windows\system32\Noaejpec.exe
  2⤵
  PID:7796

C:\Windows\SysWOW64\Ofpgaihj.exe
C:\Windows\system32\Ofpgaihj.exe
1⤵
PID:7556
- C:\Windows\SysWOW64\Oljonc32.exe
  C:\Windows\system32\Oljonc32.exe
  2⤵
  PID:7056

C:\Windows\SysWOW64\Pigfdcoc.exe
C:\Windows\system32\Pigfdcoc.exe
1⤵
PID:6948
- C:\Windows\SysWOW64\Pkfbpoog.exe
  C:\Windows\system32\Pkfbpoog.exe
  2⤵
  PID:7448
- - C:\Windows\SysWOW64\Pbpjmi32.exe
    C:\Windows\system32\Pbpjmi32.exe
    3⤵
    PID:7228
  - - C:\Windows\SysWOW64\Pijcjcmq.exe
      C:\Windows\system32\Pijcjcmq.exe
      4⤵
      PID:6164
    - - C:\Windows\SysWOW64\Podkfm32.exe
        
        C:\Windows\system32\Podkfm32.exe
        5⤵
        
        PID:1960
      - C:\Windows\SysWOW64\Pfnccg32.exe
        
        C:\Windows\system32\Pfnccg32.exe
        6⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\Pmhkpacg.exe
        
        C:\Windows\system32\Pmhkpacg.exe
        7⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\Pcacll32.exe
        
        C:\Windows\system32\Pcacll32.exe
        8⤵
        
        PID:6724

C:\Windows\SysWOW64\Pkmhan32.exe
C:\Windows\system32\Pkmhan32.exe
1⤵
PID:6928
- C:\Windows\SysWOW64\Pbgqnhpl.exe
  C:\Windows\system32\Pbgqnhpl.exe
  2⤵
  PID:3648

C:\Windows\SysWOW64\Qicepaef.exe
C:\Windows\system32\Qicepaef.exe
1⤵
PID:2460

C:\Windows\SysWOW64\Amanfpkl.exe
C:\Windows\system32\Amanfpkl.exe
1⤵
PID:7816
- C:\Windows\SysWOW64\Ackfbj32.exe
  C:\Windows\system32\Ackfbj32.exe
  2⤵
  PID:1016
- - C:\Windows\SysWOW64\Aihoka32.exe
    C:\Windows\system32\Aihoka32.exe
    3⤵
    PID:4492
  - - C:\Windows\SysWOW64\Alfkgm32.exe
      C:\Windows\system32\Alfkgm32.exe
      4⤵
      PID:4208

C:\Windows\SysWOW64\Apddmk32.exe
C:\Windows\system32\Apddmk32.exe
1⤵
PID:7088

C:\Windows\SysWOW64\Amhdfo32.exe
C:\Windows\system32\Amhdfo32.exe
1⤵
PID:6672
- C:\Windows\SysWOW64\Acbmcima.exe
  C:\Windows\system32\Acbmcima.exe
  2⤵
  PID:6172

C:\Windows\SysWOW64\Amjalo32.exe
C:\Windows\system32\Amjalo32.exe
1⤵
PID:7356
- C:\Windows\SysWOW64\Abgjdeai.exe
  C:\Windows\system32\Abgjdeai.exe
  2⤵
  PID:7316
- - C:\Windows\SysWOW64\Bmmnanao.exe
    C:\Windows\system32\Bmmnanao.exe
    3⤵
    PID:6244
  - - C:\Windows\SysWOW64\Bbjfjepf.exe
      C:\Windows\system32\Bbjfjepf.exe
      4⤵
      PID:7924

C:\Windows\SysWOW64\Bejolq32.exe
C:\Windows\system32\Bejolq32.exe
1⤵
PID:7700

C:\Windows\SysWOW64\Demehnlb.exe
C:\Windows\system32\Demehnlb.exe
1⤵
PID:1900

C:\Windows\SysWOW64\Diknnlbi.exe
C:\Windows\system32\Diknnlbi.exe
1⤵
PID:1236
- C:\Windows\SysWOW64\Dpefkf32.exe
  C:\Windows\system32\Dpefkf32.exe
  2⤵
  PID:6544

C:\Windows\SysWOW64\Dmifdjio.exe
C:\Windows\system32\Dmifdjio.exe
1⤵
PID:3676

C:\Windows\SysWOW64\Dibdok32.exe
C:\Windows\system32\Dibdok32.exe
1⤵
PID:6600
- C:\Windows\SysWOW64\Dpllle32.exe
  C:\Windows\system32\Dpllle32.exe
  2⤵
  PID:3212

C:\Windows\SysWOW64\Emplei32.exe
C:\Windows\system32\Emplei32.exe
1⤵
PID:7984

C:\Windows\SysWOW64\Epqegd32.exe
C:\Windows\system32\Epqegd32.exe
1⤵
PID:2252

C:\Windows\SysWOW64\Elgfle32.exe
C:\Windows\system32\Elgfle32.exe
1⤵
PID:3016

C:\Windows\SysWOW64\Eljcae32.exe
C:\Windows\system32\Eljcae32.exe
1⤵
PID:8292
- C:\Windows\SysWOW64\Edakbbdl.exe
  C:\Windows\system32\Edakbbdl.exe
  2⤵
  PID:6268

C:\Windows\SysWOW64\Ellpgeag.exe
C:\Windows\system32\Ellpgeag.exe
1⤵
PID:3928

C:\Windows\SysWOW64\Fdjnha32.exe
C:\Windows\system32\Fdjnha32.exe
1⤵
PID:1272

C:\Windows\SysWOW64\Ffngfi32.exe
C:\Windows\system32\Ffngfi32.exe
1⤵
PID:980

C:\Windows\SysWOW64\Gcbgom32.exe
C:\Windows\system32\Gcbgom32.exe
1⤵
PID:5320

C:\Windows\SysWOW64\Gdadip32.exe
C:\Windows\system32\Gdadip32.exe
1⤵
PID:8532

C:\Windows\SysWOW64\Glmhnb32.exe
C:\Windows\system32\Glmhnb32.exe
1⤵
PID:9164

C:\Windows\SysWOW64\Gcimpl32.exe
C:\Windows\system32\Gcimpl32.exe
1⤵
PID:8496
- C:\Windows\SysWOW64\Gjcfmfpk.exe
  C:\Windows\system32\Gjcfmfpk.exe
  2⤵
  PID:6812
- - C:\Windows\SysWOW64\Gdhjjopa.exe
    C:\Windows\system32\Gdhjjopa.exe
    3⤵
    PID:8948
  - - C:\Windows\SysWOW64\Gfjfag32.exe
      C:\Windows\system32\Gfjfag32.exe
      4⤵
      PID:1668
    - - C:\Windows\SysWOW64\Gqokopee.exe
        
        C:\Windows\system32\Gqokopee.exe
        5⤵
        
        PID:4168
      - C:\Windows\SysWOW64\Hgiclj32.exe
        
        C:\Windows\system32\Hgiclj32.exe
        6⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\Hqagdpcc.exe
        
        C:\Windows\system32\Hqagdpcc.exe
        7⤵
        
        PID:9200

C:\Windows\SysWOW64\Inokdcjb.exe
C:\Windows\system32\Inokdcjb.exe
1⤵
PID:8424

C:\Windows\SysWOW64\Ifjohe32.exe
C:\Windows\system32\Ifjohe32.exe
1⤵
PID:8472

C:\Windows\SysWOW64\Icnpbi32.exe
C:\Windows\system32\Icnpbi32.exe
1⤵
PID:7840
- C:\Windows\SysWOW64\Ijhhocnc.exe
  C:\Windows\system32\Ijhhocnc.exe
  2⤵
  PID:8332
- - C:\Windows\SysWOW64\Iqbpkn32.exe
    C:\Windows\system32\Iqbpkn32.exe
    3⤵
    PID:8096

C:\Windows\SysWOW64\Imiapo32.exe
C:\Windows\system32\Imiapo32.exe
1⤵
PID:4864
- C:\Windows\SysWOW64\Icbimiba.exe
  C:\Windows\system32\Icbimiba.exe
  2⤵
  PID:8544
- - C:\Windows\SysWOW64\Ijmajc32.exe
    C:\Windows\system32\Ijmajc32.exe
    3⤵
    PID:8648
  - - C:\Windows\SysWOW64\Jafjfmak.exe
      C:\Windows\system32\Jafjfmak.exe
      4⤵
      PID:9136
    - - C:\Windows\SysWOW64\Jgqbcg32.exe
        
        C:\Windows\system32\Jgqbcg32.exe
        5⤵
        
        PID:9188
      - C:\Windows\SysWOW64\Jnkjpa32.exe
        
        C:\Windows\system32\Jnkjpa32.exe
        6⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\Jedblkga.exe
        
        C:\Windows\system32\Jedblkga.exe
        7⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\Jffodc32.exe
        
        C:\Windows\system32\Jffodc32.exe
        8⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\Jmpganel.exe
        
        C:\Windows\system32\Jmpganel.exe
        9⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\Jcjonh32.exe
        
        C:\Windows\system32\Jcjonh32.exe
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\Jjcgjbdf.exe
        
        C:\Windows\system32\Jjcgjbdf.exe
        11⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\Janpglkc.exe
        
        C:\Windows\system32\Janpglkc.exe
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\Jcllcgjf.exe
        
        C:\Windows\system32\Jcllcgjf.exe
        13⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\Jjfdpa32.exe
        
        C:\Windows\system32\Jjfdpa32.exe
        14⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\Japmmlip.exe
        
        C:\Windows\system32\Japmmlip.exe
        15⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\Jgjeif32.exe
        
        C:\Windows\system32\Jgjeif32.exe
        16⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\Kndmfphj.exe
        
        C:\Windows\system32\Kndmfphj.exe
        17⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\Kenebjof.exe
        
        C:\Windows\system32\Kenebjof.exe
        18⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\Kfoajb32.exe
        
        C:\Windows\system32\Kfoajb32.exe
        19⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\Knfjlp32.exe
        
        C:\Windows\system32\Knfjlp32.exe
        20⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\Kccbdf32.exe
        
        C:\Windows\system32\Kccbdf32.exe
        21⤵
        
        PID:9116

C:\Windows\SysWOW64\Keekci32.exe
C:\Windows\system32\Keekci32.exe
1⤵
PID:8600
- C:\Windows\SysWOW64\Kffhkaom.exe
  C:\Windows\system32\Kffhkaom.exe
  2⤵
  PID:4636
- - C:\Windows\SysWOW64\Kmpphk32.exe
    C:\Windows\system32\Kmpphk32.exe
    3⤵
    PID:8980

C:\Windows\SysWOW64\Kfhdqa32.exe
C:\Windows\system32\Kfhdqa32.exe
1⤵
PID:8196
- C:\Windows\SysWOW64\Lmbmmkdg.exe
  C:\Windows\system32\Lmbmmkdg.exe
  2⤵
  PID:3116
- - C:\Windows\SysWOW64\Lejenhei.exe
    C:\Windows\system32\Lejenhei.exe
    3⤵
    PID:8972
  - - C:\Windows\SysWOW64\Lfkafq32.exe
      C:\Windows\system32\Lfkafq32.exe
      4⤵
      PID:4940

C:\Windows\SysWOW64\Ldoape32.exe
C:\Windows\system32\Ldoape32.exe
1⤵
PID:8356
- C:\Windows\SysWOW64\Ljijlo32.exe
  C:\Windows\system32\Ljijlo32.exe
  2⤵
  PID:8592

C:\Windows\SysWOW64\Ldckkdfl.exe
C:\Windows\system32\Ldckkdfl.exe
1⤵
PID:8572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Acclejeb.exe

Filesize
352KB

MD5
64a643c2c71ed48bf2297c0ccaca012b

SHA1
ca9a00eb67dbc2b394e0df504d4095bc5217ae50

SHA256
0beef833ae6136618722168b7c979915cca3a7dc3fc2bf2da9cb26e45b540ae7

SHA512
b69fa9570c5a959ae13e842415766036ee1323a5b7caa4f2bf554a8ba215530c0636a98c808471d5166e6f47f2989776c0fffbcb7fb5fd0c01383a12697b66ce

Download Submit
C:\Windows\SysWOW64\Akjgdjoj.exe

Filesize
352KB

MD5
e547b7d2246f93cb44c704fc9bd342e7

SHA1
a9a05e942b0535b280ad3e7f24e2d1a710bd2927

SHA256
ea33a568eb2d43cf566aaee361f4c8239aab63d42c3c11e1f46f7b49d64be405

SHA512
e10fc217adb6e2b89c40338eb8a4e56f41f49596f0fd933a930630d0fbe60cc831f24279363850cc82b6d47dee3560447cdad79735e25d858335f049f5e96c11

Download Submit
C:\Windows\SysWOW64\Bjkcqdje.exe

Filesize
352KB

MD5
0a1ff5c995b254adaa64dfbf8eca2259

SHA1
f73dcb810ece9c1a933f90d1618d8e471ca5e66a

SHA256
6f3eec8c496441bffccecf1ac563cf770c4fc61bc73affeb4f0de6d8ebeeadfd

SHA512
0946e6ad5c137698d07753743bf120877ed30dde7a3ec88e27dec6a0abaf176bdf0f3fb89bf3e63cf413c0813d8a00c10402e691aaa68d4ad01d76e1565d2ee4

Download Submit
C:\Windows\SysWOW64\Canocm32.exe

Filesize
352KB

MD5
d892eb4a3c87998740f87882fd105e62

SHA1
22971406995dfb93af01c654c621d926d47bfb56

SHA256
3d36248b4e3a8d2291ce343e5e248eb942d7cb41cc2ac55731682debc1df4b4a

SHA512
d798e87f734aac9359b8aa00e9d52fb2c99054c6fea5884ee4eeb65e93330bf71a77a97281a9e55934a500095a86a98c32d7786e998b01450944bcd2e84e812d

Download Submit
C:\Windows\SysWOW64\Canocm32.exe

Filesize
352KB

MD5
80b9ff32a95db28b3068c06831558f16

SHA1
72863d90a2d650853b140668fd749c139ad78fee

SHA256
0e93d2a112be9763e04b1aa3dc06a003621876c140ce31403965f3af3a46c547

SHA512
9ff2157bd8bf8259b0342ca3eb6c7e233c6ba7463a432c4d8cb0b40969a4c8f926b4f1e4927813cd85a65aa5834f6545a36b05b6ebb8e25fc5d55615952876f0

Download Submit
C:\Windows\SysWOW64\Cbnknpqj.exe

Filesize
352KB

MD5
48ed9c44c5136ff5eb14ecab8267691b

SHA1
2bc72bd7eb4303d2825ceef8290105631a93c2f9

SHA256
237585dc2e5981ce6f5740924768c6fc0c19f1250cd564042207e6d38a328b95

SHA512
166f65ee11d437c4e0fa908b16144a35a2f5773fc3ae815f0e2bbc9eab128379b22938ca9c6a23c9856be349fe71fd5b4291fbf272bdd125181a0185b37dd7c8

Download Submit
C:\Windows\SysWOW64\Cckkmg32.exe

Filesize
352KB

MD5
9858e658c0d1dcf16de7a8e1bc5a7cbd

SHA1
0f064c728d26dbd291e1dc4d22d3c1930cfca7fd

SHA256
993355b788cc087a628734226372242540fde21017e9ee6b1eae440c679ee0b0

SHA512
39f2fce7e74cef54720353ca852bae8433c966aa55aa24c203925fc3bba18455b78f372ac2d5906d2ae0ef746d1bee06608debb67331d122a868b95dc61d40ec

Download Submit
C:\Windows\SysWOW64\Cobkbhgk.exe

Filesize
352KB

MD5
cb430d1fead4ad5a34ee7dfa666e0bd9

SHA1
5c081a1cad2d5c70771d6fb664ff4f11c5ba1cdb

SHA256
f6bdb8ed230ba2e42f0d0c8a67c2c300c1aac593cd4040b4d986c8600821ea31

SHA512
d83ef9ec8ad0648694ae16a94dba9d6dd053410a144b67836301a209a0ef16580218f11bf5b92bbcfce33d545069063f494ae9059114f2477c8a934c2d83ef4b

Download Submit
C:\Windows\SysWOW64\Dbdano32.exe

Filesize
352KB

MD5
76398c524d1256960d4943e5ee7b660d

SHA1
1f26b95b08163fb226395f15758e6d120bf178b4

SHA256
8c6c8d267a3c15bb9a4bc9c8081e0bd88bb3ec4062a7ea3cff04745db57c2689

SHA512
f8e183ec9e014f0caa4a7a1f18c43b24bd0ca62e4b0de19f153067c1ac3f0f0184906ba3403e6cf56196a225fa8c8dc5ee9b6aa57d6ba9b4c119ff585187d259

Download Submit
C:\Windows\SysWOW64\Dmiaig32.exe

Filesize
352KB

MD5
dce3006dce9e5bac440fd94247a600aa

SHA1
932b75caa1131fe698020110aead8d2f368d3141

SHA256
6b9a27ad4d8d8a048545d275afbfb0bb30c1e4344c4e317da0693fd296b955c4

SHA512
46e770343a83e21c43734eef8443a9e4b767d272b549582ad1c7083851c4bbe1af46b30baadd576e060b5a212050056c6db61d74a2a7d46562cd8a12ae475a31

Download Submit
C:\Windows\SysWOW64\Dmphjfab.exe

Filesize
352KB

MD5
f419ac789892a5140e30bdf4dd31629e

SHA1
06f9b90fe9a79cc17f193c51c2b7dda7006d3ed3

SHA256
2242cc3acd98b700f9d26e991d823ae1d7197b60eca995942a163e40bf2112c7

SHA512
0a0ef3555e1598d9dbf2ddefd2cf6e512a8cafde6608758f6d4bb4d1cf8180103ef9f946fd181eaa47c2874628a4e368a6298b27a88a33bfeb78481760f1a78a

Download Submit
C:\Windows\SysWOW64\Ebpqjmpd.exe

Filesize
352KB

MD5
abcd2ff3939ff4f7f85f6f535546aed4

SHA1
cf803e18754032c3d79f88cf5422f563c96f3abf

SHA256
b588cc5f68883542b2ee6c4ad798d24c247fc514934481d1b571ad08af532261

SHA512
4d36141be2415c6a3b17dd861b9e7b06425892f72c7f30d95e2893c790ce2e6a78af94d54d5a3b6865f4182bbb9a2cb3fa71bf8b1d792b31be28a4042f5424cb

Download Submit
C:\Windows\SysWOW64\Eiobbgcl.exe

Filesize
352KB

MD5
d61608741c47131373c32007c6ade40f

SHA1
c33962ab5a32e9d4969cc4369357663b1d32783a

SHA256
9062c4f948450e15158572b52a4b7b89d4227b96c9809981b1a850eb8416638f

SHA512
c0e70efe17cc9a40bf088797fcb85aa101fae508934b1d4227aec905b759256cfa35036d8d86fbbd6139ccc6132c9ec8a6414044df0328f35924d6efd51c44b1

Download Submit
C:\Windows\SysWOW64\Fbggkl32.exe

Filesize
352KB

MD5
2dd68d71045baed8e2f707fd6a80ce25

SHA1
77f2ec8e2a09217942456d670137cdbaf2fd04f8

SHA256
421dfe1c72ea4140d0efd7156f00490a890d7b333ba9d413d34c6c280463e8b5

SHA512
6e2395de1588151a06c539f4955cec98d0ff0eab9b377e7f5e70e46059aed40407b3a33f7a4988166a3ad50f91d2ce9b90b2860bff3ae3350205dbc3cb255e4c

Download Submit
C:\Windows\SysWOW64\Fbggkl32.exe

Filesize
352KB

MD5
62f969c7add4ae69bdfd2dd0e703dbd3

SHA1
c12268798bd315c3fbb831a8e3961b4d0934c4cf

SHA256
dfaac3aade199b462fc9693a2897a221f98c4ea0cacb2670694bd0b469e1e6d2

SHA512
f4e7e8436df5186237304a466471fd13927ccf55568ce9a1efddd0583c5b508ed1a1e79de7d8e3b1e8274fe0092dc6546ce6a804767d7334c733ad25cb42002f

Download Submit
C:\Windows\SysWOW64\Fdlcehhn.exe

Filesize
352KB

MD5
0af02242744f62c1d81d5e2548504883

SHA1
0615ef9f2cf73b374066b9b3596cafacc27d28fa

SHA256
fcdc3b1a95a7781ef9d51ea6eada813f44d7a2a7856e83e49b0c6b2e17be2b73

SHA512
2c13244eb31d5fb9a2e257b7bfe57f2cceb4ee447615b208bbf81116c594f2c58a66088a6f27e4c5226eec83aaf159f76d4f38fee0002d32bd4b46a03b3f199f

Download Submit
C:\Windows\SysWOW64\Fnmqegle.exe

Filesize
352KB

MD5
ef07feff81b79cfa30ce20c09df8f820

SHA1
c56774e1f83da321b5a28d52730e0766431aa390

SHA256
033ecd1e5956781a6f1287b49b104f52af49391ea256d76057cd03a7314a5cd3

SHA512
4165ceec21a6e513d1413ddc573ecb01b66d2193bb1d5cdc04dfb21e7c4eb840598f5ec4dffff60413f1efae0777c63720f8025e1d2898bb112ddbc9f8bfb116

Download Submit
C:\Windows\SysWOW64\Gdleap32.exe

Filesize
352KB

MD5
c2c7f167f3c05f02e4e933ee97f8c2d9

SHA1
bb37452ee0d0699069aa4a47b3fa237b43ab6321

SHA256
44e5b05e748ea9e4150f01d9684c7d9ce502a847afff0f530936f53e6f8cd030

SHA512
13124747f5af8fcb9d8987fcec9b6da47a708faefd950701babb2b9b1e434f5eba36cde4a2c69ece8b386b2c415f976a64aa3a6bfb76c6471d2615b9434850dc

Download Submit
C:\Windows\SysWOW64\Giaaoa32.exe

Filesize
352KB

MD5
18e75cf26b995a12a59ad4ee4464b93a

SHA1
b55ba75bc2091a5d3a9b0d9d612b47fae0de23c0

SHA256
17836774007032bd798f161e011b385262c00da51d61fb4b3d30b8aa6e705770

SHA512
7e24265a1efafdc23eef1aa58e2ae2b784e2fa2c0e821582b98cfd353cf5cd58da8784abea2a8981a6c0dc03ecf50e67e1dc777dc9bc4bf2a604413106d4881f

Download Submit
C:\Windows\SysWOW64\Gjghdj32.exe

Filesize
352KB

MD5
ae070d567b601aa16c16b6143eef915b

SHA1
66f9a5b30541938f89d179146ab62a277d215d2d

SHA256
bceb96418a901ea3146657bd3947d5e9bdcc5f840650cd0ee454a9ca2447105f

SHA512
b431c0d5fd4a10622baf7f3c4771ae47727c685370909b58a94d5eadc5d328ca72f788ef4861555cc05e08e53bea9f0c0253b2e59b274857d179ccdd6f4a0d0c

Download Submit
C:\Windows\SysWOW64\Gljgkb32.exe

Filesize
352KB

MD5
51727538a58a8440ccf18385d26b8a96

SHA1
b4b566ecfbefc2c104e7cf5588980f9ff6e2ab7a

SHA256
8c8b3f84f1aaf2d67654f311e8af4f16779f1046df5cc99df33378f731cf903b

SHA512
8fb2a58a106018d11bee766949681b701eedb8dad3a610ccc01ab61ba30c1fc2e35ca5554a52783dee2b120cd22c472bc0dbbe262edf21dba396dc5af2743717

Download Submit
C:\Windows\SysWOW64\Gmfilfep.exe

Filesize
352KB

MD5
22344cf8f8897fbce3a67f9264ce80bb

SHA1
f6b3f88b3125878b055580bd0f08283f20532760

SHA256
55e154a7c2cbd7038d236578fb116b0dca8459b1d49859228cada173727c7ccc

SHA512
3674e08579f7ff82995677844b6465fd9604566a7d2f6594ec7219ff343171938880d8fde74802416b09fb83a797ff219c578de73c8a7fee5cb6da6be14b78e5

Download Submit
C:\Windows\SysWOW64\Gmojep32.exe

Filesize
352KB

MD5
ee69d763bad82d251687e996b5c0000c

SHA1
9881295ed241b312604aa068b9cc7d20a033f21b

SHA256
95923ff2157a9ea8737bc034d602abee162b09bdafcda4dbe2ed8489e8031c9b

SHA512
1e173169615d9dd3415866d084919750ae734f918a90e48911f57a92b90c3bb0822a567490cf00cc2a12d91df2c280af433196ad0af41a69e62f0274b5d5aead

Download Submit
C:\Windows\SysWOW64\Gpnmka32.exe

Filesize
352KB

MD5
989d44dbaf123ad90afa7d6bec5e0fed

SHA1
6b821f09ab202aa1fda100fc22e61454c899f7ce

SHA256
dd7907806690d42e6243d5520742f7b64b2b7238d1971a76210c2b050614f59c

SHA512
3b48b3a25ff213b629e4d4fe83d33aba555a269f67dbe1d7e75ac73adbd13a216160fe580a3b0ee1dc3e900cdfb526b099291bf0947a8e933f65bd80b877340b

Download Submit
C:\Windows\SysWOW64\Habeni32.exe

Filesize
352KB

MD5
36c196dd5f8e60dff3e1f9cb5382d9d4

SHA1
37c30ac25df2ae55b358e3edba95b8297b19aa3b

SHA256
571e2eb3a95d422ce5979c59d758d8a49da28e7a036736ced348c6d7300f38bb

SHA512
1e3f6f8649748cb6fcee4d893a096ae8d2c28c6ee0d2bb723f85daed3e856fa7f5daa8eba5eccb9080f4cb7df3cbe8ad9031a06d3f40156ed75d34a585c8d1b7

Download Submit
C:\Windows\SysWOW64\Hkgnalep.exe

Filesize
352KB

MD5
e189c877fe5bb077ea9a0920975975cb

SHA1
8d2dde21c3d71e84098e893379c971a52dfc7a80

SHA256
9b923336b015dea787223e5d309cc0f17933d7af7c043e8f96266f430f63db62

SHA512
ff8e4a21e73a9b954e44e8a49bbbdba9a3e1fc7b00842cd1d13f40fc1e45632c5f01de8457dd345f6777bb7d6c848bc290c80a687b504e6f81cf12c3388e4af7

Download Submit
C:\Windows\SysWOW64\Hlhaee32.exe

Filesize
352KB

MD5
23ddcff00aedbef38e056c08dbefaef3

SHA1
f31ee88d665889310851f4adf14145696c8f721f

SHA256
cf50a2a838b52937c1bf3ac247edeb7e70f61e1664ce524fa04e858e6805a230

SHA512
2410a95b99fdbbf78ce7cff4b85427b47e46852b0d60f547bc3fed7f737659dc97ca01c8bc99ca71ea2f26c43ff3ba38473d8b98afd9d2a67bac94a8bf23ccb0

Download Submit
C:\Windows\SysWOW64\Hlipfh32.exe

Filesize
352KB

MD5
c33eecbeb0633214372a05ee2c0cec58

SHA1
bf6d17a16d9fcd59398b18c00175fe1801f9744e

SHA256
39790048e97683dc5bc29aa941c540ff3bde75ed98e34c763e69d5daf05a341a

SHA512
fef0e20e24ac0291ffa9862a6f06469fada727f42ef6f571b8c913d97c0ce9f42d17d6bb05107552d6455129e452c175df8be95352f44175927c6947d1ef422f

Download Submit
C:\Windows\SysWOW64\Hmdend32.exe

Filesize
352KB

MD5
ed722d8603de8c7940f2d4570e1c454f

SHA1
ea6846221d6dc92bc1c295c8e0d11d1c4e55f8b2

SHA256
7185717eb330757c1e5003c7778ac36faaa995d4033585e4903fa4738fe0c6e8

SHA512
0bc6b40a3fcdde48802f5f38b4579feb584932b5be990a8fb244eabc2befd463aed6e5b1fb220fad060597ca2b042a7fac104c6eb4388b18f268bf2fae9b349c

Download Submit
C:\Windows\SysWOW64\Iameid32.exe

Filesize
352KB

MD5
a9e401c283e7d55e5b775fdd41162027

SHA1
da9fc4297200266d06a28e9d76c41498982fd9c7

SHA256
315c5e9d76f1dd418cf1890fe9f6e09ee746c77bf6a7d2460307757fd1597511

SHA512
e31097def9144f83759cf8a844617331cdbc59d67ab2670aae5be9e8ab11fdc2a6e05863569fa5faeedd134dce4149ffdfaad7c5ec61ee72b8bbc1be350204df

Download Submit
C:\Windows\SysWOW64\Iameid32.exe

Filesize
352KB

MD5
45c1f78ac5bc2f65abb4ce88f933b310

SHA1
00d382811c24865fb4f5c629ce920ede78fa4109

SHA256
8be0943206d0390b6c005f477c8bfe7d9dd901478315b3cfd44c0972187a8924

SHA512
ff78d1206cac5a6d6728b3be0e857d8155b5e06914e0197f00a9b0f961ba2b7b86cb058289edc579164f5f36448674c48ae6c9737a36cb974f907281a50e6547

Download Submit
C:\Windows\SysWOW64\Icpecm32.exe

Filesize
352KB

MD5
26223ef95e985b360f946544fc872e4a

SHA1
d855425b863b8aa0cb74840472b0642ebb558e4b

SHA256
3451c16d7269dcc3b31a421150eb09c586289060fcf365d2d20e98c6fde0e09d

SHA512
0201fad60a521bd09d7fa748e0a4aef9b0603c59809cf7c880d5a6d0cc4976b604565ed002b72a2b8816383e4cb5f90d3ca36de7c03fc3557feab52123f4b7ae

Download Submit
C:\Windows\SysWOW64\Idinej32.exe

Filesize
352KB

MD5
479f390b5be54e3813f871a13d89450e

SHA1
92ac84bbd52e0ba483d04b0f0a5b8e667ab0ebb2

SHA256
d2aec547128d4140b38b0f358d2429c03631b7fd8970ded7a17af9e288fb13e8

SHA512
85f2c2febd32e41ba14b543a0ec0f6e2c04d87e730705346980e7dbf772fad98f2a7d313d01424bc15629993acf78d1a8493bb97f5ad5a941d217efcb618545d

Download Submit
C:\Windows\SysWOW64\Ifnkeb32.exe

Filesize
352KB

MD5
1ce18abd4f59aefaf3d599215841497d

SHA1
815698d3f5dfd07218983114c3b748cc5676c4a1

SHA256
52bffb7a1e006bba21b6fe35296d2963882c17dcb5eb347529b3e9dd6f9adc3b

SHA512
984f1a138d0c50c44eda46d09dbd2b3021dca492c74ae08600c19c2a8b39480ae4a425873e65b2010e5bfc4bf2a3c79772d2eb26c1023c036ffce393e28b623f

Download Submit
C:\Windows\SysWOW64\Ifnkeb32.exe

Filesize
352KB

MD5
88e4b9a86eec1c9f82790ab954f90a60

SHA1
68566361bcbed12a8c19bc67ee181b8659d49b67

SHA256
432963de8b17bee44d1ed812c27ba03278bd9fa17c37e0e758816714dd25c071

SHA512
0704869e8ce6fffe832078aab9f3d20dcbf7d19c5983d631041c54a9a307a4db6803b74e0365727a759c27f4882b14beb5f23b14e9cc4c99438417bef072a7ed

Download Submit
C:\Windows\SysWOW64\Iimcgg32.exe

Filesize
352KB

MD5
ba49444c7864efee5fda444c85c40f6e

SHA1
9d590d20d4f9d38523660249b7b8ad558ee427df

SHA256
5647ae4aa07642ec8ce0fbffceb4f833fdab5fa790613bde84ddf128d8352e54

SHA512
5c1720a2828ab27fda6a964b3bceb79e8b832d060a04d8155d7d23f0e125fd8d4deed085f02320045ddf005b1a63560e403fdced68c8f2c5cc9249c71fef6af5

Download Submit
C:\Windows\SysWOW64\Iiokacgp.exe

Filesize
352KB

MD5
8d9f4ae858f544a304f9421d3cd3eb7e

SHA1
dc055131a1f7c7429f01b3085e0e56f463009858

SHA256
d32a9ff06d6de225a391aec9f77e7ac2b4449a871cd1c35f9aa78f837b132153

SHA512
3e08f7a592fca8069676503c3277c52f62d00cddd4ed12580e4168d86ea5356c100d1487d460115ac4c4409891aa5ac6c8de9e48399ba65c74eeb8f3efd1c110

Download Submit
C:\Windows\SysWOW64\Ikejbjip.exe

Filesize
352KB

MD5
57199b48807d9de1f2668d004b85381c

SHA1
5501fe1ece89ef4383f5b388f41475449030efcf

SHA256
4f1f45cb76c3020408e4fb1489c313db3cfbdcf23c4969ac4ba3825418cfd09b

SHA512
6608b2c3f9f34b0d8b7dbe3e101e899977e0375ded0db89932a2be6a506f96cc47fab83ccf3ddb0fa6180ac3da0b1ab34c5447fa89b997270493c3059fa735be

Download Submit
C:\Windows\SysWOW64\Ioffhn32.exe

Filesize
352KB

MD5
289c47bd68ccdee4fecdb86d263b5513

SHA1
0b2f5d2318f64beb535c811ca04ae0e64f6e1ae2

SHA256
f43ea11b69a1264aab2c49eb451734dd2dc61b14794b659ff280521de738518a

SHA512
70a3eb93b58ce034944cc73040d55819956d47c474eafe81de36388335f44a4b0247f3706b0d1eed9b5485f5cf9e06f6248038c9a15db606309651fd64d12855

Download Submit
C:\Windows\SysWOW64\Jcmkjeko.exe

Filesize
352KB

MD5
5b2e1589fea3c9a216067a58548cc83a

SHA1
235b5cda7a1b5a36d3a3d157761e9baa9209adfc

SHA256
eb0ca8fbce271dc9888dfc118efe16ef7c74c2a7cfd3b945a5edb491a957f72a

SHA512
3d807998cf4478a2cd771aacb156fc1c8a4872522871e25a1d46c2c4d629e3eccb48f08addd20fcb7ed5c953ebbeb7cead6e9fac2059dddf3581383a01bd064b

Download Submit
C:\Windows\SysWOW64\Jedjkkmo.exe

Filesize
352KB

MD5
88a0656d848fe28371ac71d3249ed13b

SHA1
36b61749773ee933a93f387d290357f1e4696f39

SHA256
865a35a102120693730aab128ba92da19ee7e88edad974483eb014f97902a97c

SHA512
bdcd05d1e1675823eb536b97d4960ea258a32d59c1484e7792ff620db8ac2e651f728b80365b9927861998e7716786aff6f8f5b4aa6359b80840c693750aa29b

Download Submit
C:\Windows\SysWOW64\Jfikaqme.exe

Filesize
352KB

MD5
58b183787749137c12271ef57cbecc54

SHA1
0e313433c32c867a457ea2ada56fe1ad482b6f27

SHA256
4eba21b5a8cf355c4eda9ee457a81698e6abbc67af9724f57c0f414d9fe36e57

SHA512
a2d3ca69461f4e87892a1781928dea8d610d38f898a75142892375e3a6bb7ba82c24d4ab22462d7ae8d2119021042e9b01cf53b623b4768e1fbe5d867e90c83c

Download Submit
C:\Windows\SysWOW64\Jgiiclkl.exe

Filesize
352KB

MD5
ba39efdc74ac8fcc45755c807c580062

SHA1
98ba2d7a2f1ea9145d36694de6b3929a4609ea1b

SHA256
5e596558c97a1d9c3306bb5826102d61607f86491f7c5ac868ee927f508aae7b

SHA512
3704fb033db23f677ecc473055cebd4f88cbcbb7fa098e663063a1b66dd6d5ca2399be09b9df4f718ae518f90fea42051993549237df092ad9347d321c7d3691

Download Submit
C:\Windows\SysWOW64\Jginej32.exe

Filesize
352KB

MD5
4254120919eade3114aef9ca26aa37f0

SHA1
4a847aeedcafd2921396cb8b91ca441d53653b1d

SHA256
b4036def8bcafc854e28abfb2600fe74bf2c1a109ddb17222f9692ac95b0ca98

SHA512
ea3ffa936eccc9f1265ecbd6f7ccb4ae615ef80ca511fa2e5a67978d1b3e9152dbbbc7925989b85db4e549ae76bfc32401f653f73cf41fe58bd65228cb0192d7

Download Submit
C:\Windows\SysWOW64\Jogeia32.exe

Filesize
352KB

MD5
b9ca1f3c8f789c9f8c1da439716f938a

SHA1
2f2e3cd847428c6f165886724248d678024bfa31

SHA256
cc00af9c7f2ee2a0d4a424029e81dc3d6c304f34dad17f422da09afc4c27d6ec

SHA512
d1d3c27c0e5e7ff873649a0ce315a2bcf94dba95e0134012f8f7237ec119ae129f257f119edca06bbed6e22ecc25133f9f077ef5e99027aa510c0cf540865fa8

Download Submit
C:\Windows\SysWOW64\Kbgafqla.exe

Filesize
352KB

MD5
c3bf7feec250c1fbf3460d43a1c16179

SHA1
7a1a7e29d4a0ca6d92a3faa2d9ad78f0dcacbf1d

SHA256
ffe47fbc329cd6a47a36f2797cc936850792b12c765fc2dcd62b6d2414545800

SHA512
836fc6e5422851362d8bf8e299020ee6e7953df4b0b6573f19794ff1b2164c738554a0d07a2a7b20fac20145540cfefa64eed5d6b2c5bcfed3e39f0d635dae60

Download Submit
C:\Windows\SysWOW64\Kmjinjnj.exe

Filesize
352KB

MD5
faec3dcf01a3284240064b1ade73afc2

SHA1
f4527088798adad07d5feaf7a6d493b87ca4574a

SHA256
1d0607c0215439c52f3e4f4e74f6be02f10acdb8e9377c0c378426a78fc0257a

SHA512
827eda43a5c18a2809ecb0bb46f07bd8b84fbdbc83517093d7633d550e60a9ad5f3f65c35ab78d9a43ab85dca780507078974cad24707e5944bfedbc0a7c6901

Download Submit
C:\Windows\SysWOW64\Lfcmhc32.exe

Filesize
352KB

MD5
8956a9bad1462c3ed17d32c74ba57c02

SHA1
891951bda86941c6ba248b60d78d42c774239633

SHA256
d2429a5782cfa4fec920df2bc189875716169d97de232ee5e6f471615638455e

SHA512
e209bc161a34b209f248e20f3c2887aaec8a68809c45b139ea9625008611a9377f36523d54a8725bbe84dca8edd8f9d825399ac296aaa6c5889bd83369ad3c6d

Download Submit
C:\Windows\SysWOW64\Lgjglg32.exe

Filesize
352KB

MD5
f4c3c9a5301a7e5aabae1f6b15e2b8ae

SHA1
1466297683003f8ddd67920e903c9ac11f5f3aa1

SHA256
bb3b81ebc9bb7ade88d27acf267293d8e447653fe7ea68e391a84c73d08ab7c0

SHA512
bfcee93a9f4685fe4d3b35ce67df1af50df7a0dc9bffdb6d43ec50e57fc903ad9e21091d3490bb7f9949197706667f8fb18285e5974ea23c0e05d1596df8740a

Download Submit
C:\Windows\SysWOW64\Liabjh32.exe

Filesize
352KB

MD5
5ec81969d54b39f30d4fcdfcb2bdecb0

SHA1
a196ed5ad6cf1f14deec8ab3ef5543f6c6645999

SHA256
d1ebac617f47f0850c2ffd347e282fa22f487a5406f58b9cb0a549099bdc767a

SHA512
dcc607801d358c63495e1772b96aaa785225d06305d5346aa051da44829cef814268095826e39aa818893ee67429a479e321f5f4479f77b9795597257b5e0c91

Download Submit
C:\Windows\SysWOW64\Lihpdj32.exe

Filesize
352KB

MD5
d90d1ac473fa37d10cc0526e39019749

SHA1
999b911365360c6d0f72072697a1ba6c52606824

SHA256
9fda9945831c93d66ec3d4321beab7a76446ae859ebb3c8a5ac99d605ea5ed1f

SHA512
29458a722dc8a6e45375ee2fdbfa6726fb1d2741a88f07c7b89cd5563a265d72a4859c9c12e56a4654af8b17b0f90882dcc2187bac7d40bf9eb23957480bb570

Download Submit
C:\Windows\SysWOW64\Lihpdj32.exe

Filesize
352KB

MD5
0bea8c6b2ef2b033a44e613ef44deaae

SHA1
e781e3dc28c57449c5398d5a3083e4e29ad1fc20

SHA256
3ba092180a11d42d9e8b0b55d995241794c22608ebd90a7ba98f90254272bbf4

SHA512
a9a6cfa118833e38d10424408e387f8e1dcbcd4ff2cf4eeebdbf83caae53644e80b0535693236806c42e14781b46042539cef2cf8643385874fc64835dc358a1

Download Submit
C:\Windows\SysWOW64\Liofdigo.exe

Filesize
352KB

MD5
51d66cbf120d9cb9fcc8f71db96d1f18

SHA1
1344ae235fa0d6c19c6bcbf615c3b529af32a598

SHA256
9d27d8be62d1b56b21437a3a5bf0f3a9eed09423b0c2a778e2d366a5389ae722

SHA512
3e2d8cbbe0e38fde557fbfd32917f77a391bab121221d165a14c4661946f853783c6dbfaf4fb89b29ade85ea889dd2d560a8d05bbb4217266d04e4a86870eda3

Download Submit
C:\Windows\SysWOW64\Ljglnmdi.exe

Filesize
352KB

MD5
d986fe70a411060d3d44732e13a8d2fb

SHA1
d2ce3e04112acac64feb073ebba33d4f339ccb8b

SHA256
78a664012817cc8be11b7ab57c2e9a85fd4801725eb404b358070c93bb768fa0

SHA512
3497312c582b7b21f51664dea9795761e17a74d23d420650d396e2dd330ac57ea38e21011c03632d0b8e4696b979610789510a9da927541d45cf7f12192ba3af

Download Submit
C:\Windows\SysWOW64\Lqcjqcnp.exe

Filesize
352KB

MD5
111064a9ff6b28a7c4d40819a607ecc3

SHA1
4a1eef11c9b67c1b25b7707738385ad73bfbf86a

SHA256
095098e7d1c786b352f18ec5e9898195f83a35885e3ba4ae3e779e2ebbdd3018

SHA512
3dc58b6899e7387ae2c4f6dba4d503f99863cef86bb1246ec2a80996d30ee3537bc5d2c692cb275e8a84034422beb433e535a27204f68dd9596c8ef9af31cd69

Download Submit
C:\Windows\SysWOW64\Mjiloqjb.exe

Filesize
352KB

MD5
421189512f0c90902481d4ff95e82762

SHA1
0e0e00bf884da05ead5336e6ac976dd1352ad1ae

SHA256
3b6a5f338cc74a1b33d8ed4eaf806d3b965152f2238738e3badda37867d21bcc

SHA512
2f74f1b7097495b864972deae72c0a652e7819af49b8ba89bcda384010d0b9a34444b96f8d98e090b70c26b81730ab7449381da94cccecdeb2c1b9fde3f93cfc

Download Submit
C:\Windows\SysWOW64\Nfgkfadq.exe

Filesize
352KB

MD5
b1b0f0a9f3cc447a3297607b521dbcaa

SHA1
489d74f512a874f7238efa6b481a5fb2099f00ee

SHA256
63f41933c0401aa8e5db0c29731939b4b36cc813ffc2993c0d7dea8d61887d58

SHA512
162c13cd2c9aa88f3fe224708b4284c7a6177f72e5ff2e0ba1e21e3f8eb68c975113f98a3b77a5b58103c832a4da6c4b9b25c4139f4fb09a45310cf0c098007b

Download Submit
C:\Windows\SysWOW64\Nieoal32.exe

Filesize
352KB

MD5
7712a89e8ead9f8272a5cab7dec1ded5

SHA1
89b3a219add4a8043711966bd3f1b29162ab99d6

SHA256
d3597d4ed6a7d7db6e7e9c46bab33f476a1a498a4d3ea6ab9cc0b18ac0f68e45

SHA512
db622fa827dd337ddc7b72dd15e050ed3cce06082a9b68cc95f7ef1415a1f94904980bc80252331d0b15f0a04168ccbc53cd152fe8f0341f88b9ead1e5d800ba

Download Submit
C:\Windows\SysWOW64\Nnidcg32.exe

Filesize
352KB

MD5
a3288cc91ecb3bb89015514447b462ff

SHA1
e679e38a8a00766327832555b6ef24134e58dae9

SHA256
ffdea97ad2a250e0580ed2fcc537acd29e7157d66a0bc0cca341485007a86938

SHA512
0d9d7ca35d8d1f672d8e10c38f4a081fb17ec125c35846efa59e4c3b83ac18cefbfbda846fc8b0ac4ca67410bc07fbc61d7f8328b6a1351e54df3bee33e61502

Download Submit
C:\Windows\SysWOW64\Npgmdnlj.dll

Filesize
7KB

MD5
eca61f0d1bd1687882d6ffc0ade4f05a

SHA1
6ffb6823a51b7d0fdcbf50fbd2564400783a85c3

SHA256
acb2492c62177033eeb44af234e20a94ecada367b96edffde5cbf4b7785258cc

SHA512
ca2c66494d8fb7d2e389b5c418b6ced676eb7329f6ab6f4d785bbadd5b4c7bce051593b9944374583f0576cac9810c6b509c18cfbb15413c2164173cb35673f9

Download Submit
C:\Windows\SysWOW64\Nqaini32.exe

Filesize
352KB

MD5
d255de13aa5a131162c0abdf29be6bae

SHA1
e9d3fad0be826df30b5d9fa1491d85e7afe763f8

SHA256
e9770b4349b608d6066256f0d253a8c4b06e1e15338646a91514f9a259fe20f3

SHA512
a3a7d3f64c42ab7e8fd5534977e9cbcab4a7cca5df4cd12d11f2cc5de5916bdb35876c5bffb3233a1d468c610655a1d93df4b35fbe080c6319a8305b8a9a2d3e

Download Submit
C:\Windows\SysWOW64\Nqaipgal.exe

Filesize
352KB

MD5
50e9d005ee0ca45d0ff4f1c14c9c9720

SHA1
b85211dc4d82629e010775e05c0387788ed5d48b

SHA256
1c68751fa1155f7a102ddf6a1231cf7d991e4c0c75cb2dbc471bfeaf2617d9a8

SHA512
b2464617a9420928b7c0524b251342e404669d8116c4fa29fd36f0373b4b64438c6329d2f87d0dc87d4cf663a85d17c35f08ce39c9630ff00a1649ca801e803c

Download Submit
C:\Windows\SysWOW64\Nqolii32.exe

Filesize
352KB

MD5
8a5622665b53e3e30301947df8b13dba

SHA1
936596b0b88b186098c3fe167324e6f73525f11b

SHA256
ca7f579eea4b553ef03c76f89bfb9f9e9d400bac9a48a46cdad3c5598d3b442c

SHA512
fc1e6d8a88cb4a75ef2f907727b73b3533d0cf4118e6fea16ed7071aeed818698cd1ab682f6c596d7f7903936c35546556869ea3897046d1075ca34be4a4a058

Download Submit
C:\Windows\SysWOW64\Oaliidon.exe

Filesize
352KB

MD5
7477c2f6168b0af2af326d39c4d4166d

SHA1
5e8e57c2d67668f6ef801627c9d6069e68b19b70

SHA256
62ec84dd547b2ef8eada933c1d67fde7ae4f1e2b5f89094600841eec5eac2ac3

SHA512
1c4ad02320c63d41c1c6e15a5214e666403840ae014eb594a99746e8759b10727469f42f0d8b64ce23c5ddedd127d09310c0fa7c62fbda19230a5673ebe809da

Download Submit
C:\Windows\SysWOW64\Ohebek32.exe

Filesize
352KB

MD5
d03116e4e3664a39a66b7f448f415902

SHA1
7a70dc2f36f1cdac1d424efd5b9a12c3c04a7601

SHA256
d2c619414b5503226db66786877c3c2c878a6ba532e8d4728479a8d75906b07b

SHA512
66bec8d986e8ad62b945900391459e1f05033b3b224f1d225d63aa470735a0e2779df342fa1f6d5073dd54bf7c05f9850d74b98760ca9dd8533fe5b045740639

Download Submit
C:\Windows\SysWOW64\Oicccj32.exe

Filesize
352KB

MD5
cb2e99a00a11ac19abbbd633c16d02cd

SHA1
176ea5b6e144c8944b96d3ff13ca1046f97ced9e

SHA256
6261e7810e616db78ac6ffd40011a0860757f9711ba2d4bec87b91b1cf0fe7cc

SHA512
2c93190a64f0e4aa6557b5931cea214406476dd9e12280ae17ebd39cd85c9f53c94ea5a5155fc7ebfb76222082fa0b07bad12f083d432a272efb63337feccc63

Download Submit
C:\Windows\SysWOW64\Opfnne32.exe

Filesize
352KB

MD5
e0a34ed9d36ada601c0c3014cf4596d4

SHA1
654537e88ac3a24f255235966909b794e49a0e58

SHA256
793377c1770af19139fab44dbca77954d1801b08ced53dc8b61905df7f5fb65f

SHA512
59f2107c663b73cff7fc72a2673ab791ffb06028058f3f1b45cc310db48058a742bf47e24d8c0921e74c59ad098934aac85dabc8cdbdcb0e9f61d76a3c9706bf

Download Submit
C:\Windows\SysWOW64\Phnoac32.exe

Filesize
352KB

MD5
abe6592ab38811c7359dcbda90757cfe

SHA1
95cabd4eda872c21edc2b2718a5a03486c6cf7e0

SHA256
b0816ad9debad8be06d512ccd28abc3bb05bd344f498e43bba6f7d0ea10ea29d

SHA512
888b59ebfbbdccbf1706818b672844d5d7a87aa74c4f738e6db7252f439843f4b5e5658f2460cd577a9946bdfeb0269fd300d7f803e7c7d8cbbf6592b1f05702

Download Submit
C:\Windows\SysWOW64\Pjgemi32.exe

Filesize
352KB

MD5
eaba09e37e517d7d65a8cfe153d69409

SHA1
c00e89f13d057894dcf13f27266f6ea491ca170a

SHA256
aad5117f3a30d2247a05f2a8a67864be8f3a7f0240f24a825e40e4c78e5735d8

SHA512
73ce01bd1dc2f40892a7ad8d05ff07b789b47c1230174c3ac8a905cf7f80918ee454ec17c8d7aa86695d5f6beeef06ce78f093caef792fe9d4705976ad1695bf

Download Submit
C:\Windows\SysWOW64\Ppffec32.exe

Filesize
352KB

MD5
a7c1c73809e94d740459f41487746dce

SHA1
d6b5162dbd46eb0971d02d5e452b6cadae4cf9b1

SHA256
4b416417e87c487833723e0d8b022bfa11f713985801ff9317431777bd2d0067

SHA512
7a9d4737bf87919f007aebaeca3916aa5592875ea85d6a2208c97a65a531f564bedc531b61ab9507ce6d9043aee9bf45ccca537fcd76c024250bb6785098dfbf

Download Submit
C:\Windows\SysWOW64\Qajhigcj.exe

Filesize
352KB

MD5
5175f9b07733aa4ba9c82d11e051fa6c

SHA1
b6ca56ae2065189d635e366803f2800c13e5e8ba

SHA256
32e146c0cf19b0229095c7abc9929db935d3ac0ef4b91e8bba1271f154a26b08

SHA512
82c5730b405a95c4fa865aded470406a57f56d96841874a1576ae68275eb91cad93b46bd9ad4647d0aaa6f3588e42e589d8ebfffe07163cd5359f63765452e87

Download Submit
memory/32-224-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/116-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/380-111-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/492-382-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/572-334-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/696-298-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/960-103-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1140-358-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1264-370-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1272-406-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1300-232-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1316-346-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1432-63-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1516-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1560-15-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1568-352-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1604-430-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1696-184-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1996-332-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2240-159-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2316-262-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2356-394-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2408-316-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2416-88-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2428-268-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2484-442-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2868-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2912-412-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2916-248-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3024-274-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3076-47-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3116-207-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3164-191-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3328-200-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3348-310-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3492-400-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3524-80-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3548-376-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3620-71-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3648-436-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3676-255-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3888-151-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3916-418-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3940-56-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3988-176-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4132-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4312-215-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4336-322-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4372-292-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4396-96-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4448-239-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4540-119-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4556-388-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4564-340-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4572-24-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4588-135-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4608-364-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4652-280-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4684-168-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4940-286-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4956-143-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4980-304-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4996-424-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5016-128-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads