Malware Analysis Report

2025-01-03 09:13

Sample ID 240620-ph3n5a1ekm
Target 05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118
SHA256 1c8462b0fb2d3b88c83148687171098da5d40e2dc1c1f688b0127b44dc6995f1
Tags
bootkit evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1c8462b0fb2d3b88c83148687171098da5d40e2dc1c1f688b0127b44dc6995f1

Threat Level: Shows suspicious behavior

The file 05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit evasion persistence

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Suspicious use of SetThreadContext

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 12:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 12:20

Reported

2024-06-20 12:23

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\laeczsr.exe N/A
N/A N/A C:\Windows\SysWOW64\laeczsr.exe N/A
N/A N/A C:\Windows\SysWOW64\kwrsyvk.exe N/A
N/A N/A C:\Windows\SysWOW64\kwrsyvk.exe N/A
N/A N/A C:\Windows\SysWOW64\himnoyq.exe N/A
N/A N/A C:\Windows\SysWOW64\himnoyq.exe N/A
N/A N/A C:\Windows\SysWOW64\bvrawel.exe N/A
N/A N/A C:\Windows\SysWOW64\bvrawel.exe N/A
N/A N/A C:\Windows\SysWOW64\boasqrv.exe N/A
N/A N/A C:\Windows\SysWOW64\boasqrv.exe N/A
N/A N/A C:\Windows\SysWOW64\ymhsrya.exe N/A
N/A N/A C:\Windows\SysWOW64\ymhsrya.exe N/A
N/A N/A C:\Windows\SysWOW64\dnpnavg.exe N/A
N/A N/A C:\Windows\SysWOW64\dnpnavg.exe N/A
N/A N/A C:\Windows\SysWOW64\cjbtfmx.exe N/A
N/A N/A C:\Windows\SysWOW64\cjbtfmx.exe N/A
N/A N/A C:\Windows\SysWOW64\fbtixie.exe N/A
N/A N/A C:\Windows\SysWOW64\fbtixie.exe N/A
N/A N/A C:\Windows\SysWOW64\ccbdfok.exe N/A
N/A N/A C:\Windows\SysWOW64\ccbdfok.exe N/A
N/A N/A C:\Windows\SysWOW64\ebptdsy.exe N/A
N/A N/A C:\Windows\SysWOW64\ebptdsy.exe N/A
N/A N/A C:\Windows\SysWOW64\jcxotyw.exe N/A
N/A N/A C:\Windows\SysWOW64\jcxotyw.exe N/A
N/A N/A C:\Windows\SysWOW64\oprwnaj.exe N/A
N/A N/A C:\Windows\SysWOW64\oprwnaj.exe N/A
N/A N/A C:\Windows\SysWOW64\vxmohxs.exe N/A
N/A N/A C:\Windows\SysWOW64\vxmohxs.exe N/A
N/A N/A C:\Windows\SysWOW64\ayujpuq.exe N/A
N/A N/A C:\Windows\SysWOW64\ayujpuq.exe N/A
N/A N/A C:\Windows\SysWOW64\ctxtkvf.exe N/A
N/A N/A C:\Windows\SysWOW64\ctxtkvf.exe N/A
N/A N/A C:\Windows\SysWOW64\kbllfko.exe N/A
N/A N/A C:\Windows\SysWOW64\kbllfko.exe N/A
N/A N/A C:\Windows\SysWOW64\zretlck.exe N/A
N/A N/A C:\Windows\SysWOW64\zretlck.exe N/A
N/A N/A C:\Windows\SysWOW64\gcdyava.exe N/A
N/A N/A C:\Windows\SysWOW64\gcdyava.exe N/A
N/A N/A C:\Windows\SysWOW64\twjguie.exe N/A
N/A N/A C:\Windows\SysWOW64\twjguie.exe N/A
N/A N/A C:\Windows\SysWOW64\ddnmezm.exe N/A
N/A N/A C:\Windows\SysWOW64\ddnmezm.exe N/A
N/A N/A C:\Windows\SysWOW64\ozowmbn.exe N/A
N/A N/A C:\Windows\SysWOW64\ozowmbn.exe N/A
N/A N/A C:\Windows\SysWOW64\vdyjdmp.exe N/A
N/A N/A C:\Windows\SysWOW64\vdyjdmp.exe N/A
N/A N/A C:\Windows\SysWOW64\fgouqpe.exe N/A
N/A N/A C:\Windows\SysWOW64\fgouqpe.exe N/A
N/A N/A C:\Windows\SysWOW64\vwztxzz.exe N/A
N/A N/A C:\Windows\SysWOW64\vwztxzz.exe N/A
N/A N/A C:\Windows\SysWOW64\hbqwlqk.exe N/A
N/A N/A C:\Windows\SysWOW64\hbqwlqk.exe N/A
N/A N/A C:\Windows\SysWOW64\rauueos.exe N/A
N/A N/A C:\Windows\SysWOW64\rauueos.exe N/A
N/A N/A C:\Windows\SysWOW64\fnmjkkr.exe N/A
N/A N/A C:\Windows\SysWOW64\fnmjkkr.exe N/A
N/A N/A C:\Windows\SysWOW64\oqbuxnx.exe N/A
N/A N/A C:\Windows\SysWOW64\oqbuxnx.exe N/A
N/A N/A C:\Windows\SysWOW64\cltjdrw.exe N/A
N/A N/A C:\Windows\SysWOW64\cltjdrw.exe N/A
N/A N/A C:\Windows\SysWOW64\ofzzoei.exe N/A
N/A N/A C:\Windows\SysWOW64\ofzzoei.exe N/A
N/A N/A C:\Windows\SysWOW64\ypojjzo.exe N/A
N/A N/A C:\Windows\SysWOW64\ypojjzo.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\ogjfxuo.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\arllbds.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\vwravct.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\btfepvm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\bdjnvdm.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\uxmfpeu.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\tpsrcgp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\wjphbwb.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\equimpt.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\smnliue.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\cyybuup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\okkoioq.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\ozhtzxt.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\hnmngie.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\avltmpl.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\ebkwfvg.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\vdyjdmp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\ofzzoei.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\tfmjxhe.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\yqypkxd.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\fswfcio.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\xmdkyma.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\kkefwkh.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\rauueos.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\qfwvqtl.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\fgvdado.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\gsggnwa.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\otepelj.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\crcgmyb.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\hcdwvnt.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\mxkymtw.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\vazrnlz.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\wvqulsj.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\mowwmnz.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\pqrdhbp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\fgouqpe.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\hjzkpzu.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\vrdtupi.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\qhlwoqg.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\usevgyn.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\hbqwlqk.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\fepiwgy.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\kcooiro.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\mmmpgec.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\zbwztkf.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\vrcpzhp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Windows\SysWOW64\mrnocop.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\laeczsr.exe N/A
N/A N/A C:\Windows\SysWOW64\laeczsr.exe N/A
N/A N/A C:\Windows\SysWOW64\laeczsr.exe N/A
N/A N/A C:\Windows\SysWOW64\kwrsyvk.exe N/A
N/A N/A C:\Windows\SysWOW64\kwrsyvk.exe N/A
N/A N/A C:\Windows\SysWOW64\kwrsyvk.exe N/A
N/A N/A C:\Windows\SysWOW64\himnoyq.exe N/A
N/A N/A C:\Windows\SysWOW64\himnoyq.exe N/A
N/A N/A C:\Windows\SysWOW64\himnoyq.exe N/A
N/A N/A C:\Windows\SysWOW64\bvrawel.exe N/A
N/A N/A C:\Windows\SysWOW64\bvrawel.exe N/A
N/A N/A C:\Windows\SysWOW64\boasqrv.exe N/A
N/A N/A C:\Windows\SysWOW64\boasqrv.exe N/A
N/A N/A C:\Windows\SysWOW64\ymhsrya.exe N/A
N/A N/A C:\Windows\SysWOW64\ymhsrya.exe N/A
N/A N/A C:\Windows\SysWOW64\dnpnavg.exe N/A
N/A N/A C:\Windows\SysWOW64\dnpnavg.exe N/A
N/A N/A C:\Windows\SysWOW64\cjbtfmx.exe N/A
N/A N/A C:\Windows\SysWOW64\cjbtfmx.exe N/A
N/A N/A C:\Windows\SysWOW64\fbtixie.exe N/A
N/A N/A C:\Windows\SysWOW64\fbtixie.exe N/A
N/A N/A C:\Windows\SysWOW64\ccbdfok.exe N/A
N/A N/A C:\Windows\SysWOW64\ccbdfok.exe N/A
N/A N/A C:\Windows\SysWOW64\ebptdsy.exe N/A
N/A N/A C:\Windows\SysWOW64\ebptdsy.exe N/A
N/A N/A C:\Windows\SysWOW64\jcxotyw.exe N/A
N/A N/A C:\Windows\SysWOW64\jcxotyw.exe N/A
N/A N/A C:\Windows\SysWOW64\oprwnaj.exe N/A
N/A N/A C:\Windows\SysWOW64\oprwnaj.exe N/A
N/A N/A C:\Windows\SysWOW64\vxmohxs.exe N/A
N/A N/A C:\Windows\SysWOW64\vxmohxs.exe N/A
N/A N/A C:\Windows\SysWOW64\ayujpuq.exe N/A
N/A N/A C:\Windows\SysWOW64\ayujpuq.exe N/A
N/A N/A C:\Windows\SysWOW64\ctxtkvf.exe N/A
N/A N/A C:\Windows\SysWOW64\ctxtkvf.exe N/A
N/A N/A C:\Windows\SysWOW64\kbllfko.exe N/A
N/A N/A C:\Windows\SysWOW64\kbllfko.exe N/A
N/A N/A C:\Windows\SysWOW64\zretlck.exe N/A
N/A N/A C:\Windows\SysWOW64\zretlck.exe N/A
N/A N/A C:\Windows\SysWOW64\gcdyava.exe N/A
N/A N/A C:\Windows\SysWOW64\gcdyava.exe N/A
N/A N/A C:\Windows\SysWOW64\twjguie.exe N/A
N/A N/A C:\Windows\SysWOW64\twjguie.exe N/A
N/A N/A C:\Windows\SysWOW64\ddnmezm.exe N/A
N/A N/A C:\Windows\SysWOW64\ddnmezm.exe N/A
N/A N/A C:\Windows\SysWOW64\ozowmbn.exe N/A
N/A N/A C:\Windows\SysWOW64\ozowmbn.exe N/A
N/A N/A C:\Windows\SysWOW64\vdyjdmp.exe N/A
N/A N/A C:\Windows\SysWOW64\vdyjdmp.exe N/A
N/A N/A C:\Windows\SysWOW64\fgouqpe.exe N/A
N/A N/A C:\Windows\SysWOW64\fgouqpe.exe N/A
N/A N/A C:\Windows\SysWOW64\vwztxzz.exe N/A
N/A N/A C:\Windows\SysWOW64\vwztxzz.exe N/A
N/A N/A C:\Windows\SysWOW64\hbqwlqk.exe N/A
N/A N/A C:\Windows\SysWOW64\hbqwlqk.exe N/A
N/A N/A C:\Windows\SysWOW64\rauueos.exe N/A
N/A N/A C:\Windows\SysWOW64\rauueos.exe N/A
N/A N/A C:\Windows\SysWOW64\fnmjkkr.exe N/A
N/A N/A C:\Windows\SysWOW64\fnmjkkr.exe N/A
N/A N/A C:\Windows\SysWOW64\oqbuxnx.exe N/A
N/A N/A C:\Windows\SysWOW64\oqbuxnx.exe N/A
N/A N/A C:\Windows\SysWOW64\cltjdrw.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\famedqn.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\hxbkozx.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\yzabxeb.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\zwieyat.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\zbwztkf.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\jpagmjd.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\kahztoh.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\jhjrqrw.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\vqhwfka.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\aqlfloz.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\tlffalw.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\kkmyfle.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\budveol.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\qeuwsca.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\wjphbwb.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ekzfsyt.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ufkvihh.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\kssqxvo.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ogjfxuo.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\bjdfvhu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\pnipcoc.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\zkbybzg.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\vjwwhxf.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\mveflei.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\dyhjkoa.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\krdorad.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\wxsrcln.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\gkpqhrk.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ypojjzo.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\lcgzpdn.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\mgxboqy.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\rjraede.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\iccztyz.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\kaqnaal.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\qjzkusf.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ncizspc.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ohgcdex.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\vulpuof.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\oonhfxx.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\sfygjmt.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\mugdtch.exe N/A
File opened for modification \??\PhysicalDrive0 N/A N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\vxmohxs.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\hbqwlqk.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\uglambu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\quyhoqp.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ohkuddl.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\ibhmqzj.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\knxvcjf.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\deqhhgl.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\xmdkyma.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\zretlck.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\yenlwec.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\qhloidq.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\ogxqrnw.exe C:\Windows\SysWOW64\bpcwify.exe N/A
File created C:\Windows\SysWOW64\qctjqoj.exe C:\Windows\SysWOW64\deqhhgl.exe N/A
File opened for modification C:\Windows\SysWOW64\ortahni.exe C:\Windows\SysWOW64\bsyyynd.exe N/A
File created C:\Windows\SysWOW64\fnibavw.exe N/A N/A
File created C:\Windows\SysWOW64\qmvdwyb.exe C:\Windows\SysWOW64\gnjfmzu.exe N/A
File created C:\Windows\SysWOW64\qyxedup.exe C:\Windows\SysWOW64\dicbvmj.exe N/A
File created C:\Windows\SysWOW64\fwjpdwo.exe C:\Windows\SysWOW64\sghmvwr.exe N/A
File opened for modification C:\Windows\SysWOW64\zuqoaav.exe C:\Windows\SysWOW64\mvnlkap.exe N/A
File opened for modification C:\Windows\SysWOW64\thivtvf.exe N/A N/A
File created C:\Windows\SysWOW64\ddqffgh.exe C:\Windows\SysWOW64\qmvdwyb.exe N/A
File created C:\Windows\SysWOW64\jsiymhd.exe C:\Windows\SysWOW64\wcnvdgx.exe N/A
File created C:\Windows\SysWOW64\sbrejpl.exe C:\Windows\SysWOW64\iybtvlf.exe N/A
File opened for modification C:\Windows\SysWOW64\mdpixir.exe C:\Windows\SysWOW64\zfvfpit.exe N/A
File created C:\Windows\SysWOW64\nzyhcqj.exe C:\Windows\SysWOW64\ajweuil.exe N/A
File opened for modification C:\Windows\SysWOW64\toxakej.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\vqmyjbd.exe N/A N/A
File created C:\Windows\SysWOW64\eqnfasz.exe N/A N/A
File created C:\Windows\SysWOW64\monyfzs.exe C:\Windows\SysWOW64\zxkvwrm.exe N/A
File opened for modification C:\Windows\SysWOW64\psnydbe.exe C:\Windows\SysWOW64\dyhjkoa.exe N/A
File created C:\Windows\SysWOW64\mofxyoe.exe C:\Windows\SysWOW64\zbwztkf.exe N/A
File opened for modification C:\Windows\SysWOW64\ajweuil.exe C:\Windows\SysWOW64\qkshjje.exe N/A
File opened for modification C:\Windows\SysWOW64\aklyoru.exe C:\Windows\SysWOW64\oecdsii.exe N/A
File opened for modification C:\Windows\SysWOW64\lgklpzs.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\jckcafo.exe C:\Windows\SysWOW64\xxsamwl.exe N/A
File opened for modification C:\Windows\SysWOW64\ufkvihh.exe C:\Windows\SysWOW64\hdefxvc.exe N/A
File opened for modification C:\Windows\SysWOW64\jjkinfz.exe N/A N/A
File created C:\Windows\SysWOW64\ctrgfma.exe N/A N/A
File created C:\Windows\SysWOW64\rweswgo.exe C:\Windows\SysWOW64\hmphici.exe N/A
File created C:\Windows\SysWOW64\wscidxs.exe C:\Windows\SysWOW64\knkghph.exe N/A
File opened for modification C:\Windows\SysWOW64\fgeihux.exe C:\Windows\SysWOW64\stnsbyy.exe N/A
File created C:\Windows\SysWOW64\wlghxkh.exe C:\Windows\SysWOW64\njqxcht.exe N/A
File created C:\Windows\SysWOW64\ycefstn.exe C:\Windows\SysWOW64\liyphhi.exe N/A
File opened for modification C:\Windows\SysWOW64\hwjmdcd.exe C:\Windows\SysWOW64\ujrwxgf.exe N/A
File opened for modification C:\Windows\SysWOW64\yvnyrpm.exe C:\Windows\SysWOW64\ufkvihh.exe N/A
File opened for modification C:\Windows\SysWOW64\gtjtmbn.exe C:\Windows\SysWOW64\ucoqebq.exe N/A
File opened for modification C:\Windows\SysWOW64\bsyyynd.exe C:\Windows\SysWOW64\ocevqef.exe N/A
File created C:\Windows\SysWOW64\jjeutul.exe N/A N/A
File created C:\Windows\SysWOW64\mxkymtw.exe C:\Windows\SysWOW64\cyybuup.exe N/A
File created C:\Windows\SysWOW64\lqlrgfg.exe C:\Windows\SysWOW64\ydtbabh.exe N/A
File created C:\Windows\SysWOW64\zdkqwxx.exe C:\Windows\SysWOW64\mnpnnpr.exe N/A
File created C:\Windows\SysWOW64\fjjeliw.exe C:\Windows\SysWOW64\vcxhbkp.exe N/A
File created C:\Windows\SysWOW64\mveflei.exe C:\Windows\SysWOW64\ziuqfib.exe N/A
File created C:\Windows\SysWOW64\zddbqet.exe C:\Windows\SysWOW64\psnydbe.exe N/A
File opened for modification C:\Windows\SysWOW64\lpnvypm.exe C:\Windows\SysWOW64\ycefstn.exe N/A
File created C:\Windows\SysWOW64\mxkgqva.exe N/A N/A
File created C:\Windows\SysWOW64\xcdlstl.exe N/A N/A
File created C:\Windows\SysWOW64\cmazzzk.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\ctxtkvf.exe C:\Windows\SysWOW64\ayujpuq.exe N/A
File created C:\Windows\SysWOW64\qjbqoow.exe C:\Windows\SysWOW64\dkynfoq.exe N/A
File created C:\Windows\SysWOW64\jrlmhzr.exe C:\Windows\SysWOW64\weuwbws.exe N/A
File opened for modification C:\Windows\SysWOW64\iddpnjc.exe C:\Windows\SysWOW64\vbxicfy.exe N/A
File created C:\Windows\SysWOW64\vqzuacu.exe C:\Windows\SysWOW64\irerruw.exe N/A
File opened for modification C:\Windows\SysWOW64\kzphxrt.exe N/A N/A
File created C:\Windows\SysWOW64\ifstrxw.exe C:\Windows\SysWOW64\ydcrdtq.exe N/A
File opened for modification C:\Windows\SysWOW64\fepiwgy.exe C:\Windows\SysWOW64\srykqka.exe N/A
File opened for modification C:\Windows\SysWOW64\vbjojmq.exe C:\Windows\SysWOW64\mnizlmd.exe N/A
File opened for modification C:\Windows\SysWOW64\fjjeliw.exe C:\Windows\SysWOW64\vcxhbkp.exe N/A
File opened for modification C:\Windows\SysWOW64\opjbjqj.exe C:\Windows\SysWOW64\fjjeliw.exe N/A
File created C:\Windows\SysWOW64\fegaxyu.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\rcoobmi.exe N/A N/A
File created C:\Windows\SysWOW64\ovkbgnh.exe C:\Windows\SysWOW64\behyyej.exe N/A
File opened for modification C:\Windows\SysWOW64\cjlauvr.exe C:\Windows\SysWOW64\psqxmnl.exe N/A
File opened for modification C:\Windows\SysWOW64\hcdwvnt.exe C:\Windows\SysWOW64\upmgpkv.exe N/A
File created C:\Windows\SysWOW64\mrnocop.exe C:\Windows\SysWOW64\zphzrbl.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2300 set thread context of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2948 set thread context of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2800 set thread context of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 1536 set thread context of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 824 set thread context of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 920 set thread context of 1528 N/A C:\Windows\SysWOW64\boasqrv.exe C:\Windows\SysWOW64\boasqrv.exe
PID 3056 set thread context of 2576 N/A C:\Windows\SysWOW64\ymhsrya.exe C:\Windows\SysWOW64\ymhsrya.exe
PID 2572 set thread context of 2560 N/A C:\Windows\SysWOW64\dnpnavg.exe C:\Windows\SysWOW64\dnpnavg.exe
PID 2008 set thread context of 1592 N/A C:\Windows\SysWOW64\cjbtfmx.exe C:\Windows\SysWOW64\cjbtfmx.exe
PID 2232 set thread context of 2324 N/A C:\Windows\SysWOW64\fbtixie.exe C:\Windows\SysWOW64\fbtixie.exe
PID 1760 set thread context of 1764 N/A C:\Windows\SysWOW64\ccbdfok.exe C:\Windows\SysWOW64\ccbdfok.exe
PID 1048 set thread context of 1524 N/A C:\Windows\SysWOW64\ebptdsy.exe C:\Windows\SysWOW64\ebptdsy.exe
PID 2096 set thread context of 2884 N/A C:\Windows\SysWOW64\jcxotyw.exe C:\Windows\SysWOW64\jcxotyw.exe
PID 1968 set thread context of 2964 N/A C:\Windows\SysWOW64\oprwnaj.exe C:\Windows\SysWOW64\oprwnaj.exe
PID 308 set thread context of 2792 N/A C:\Windows\SysWOW64\vxmohxs.exe C:\Windows\SysWOW64\vxmohxs.exe
PID 1884 set thread context of 1128 N/A C:\Windows\SysWOW64\ayujpuq.exe C:\Windows\SysWOW64\ayujpuq.exe
PID 404 set thread context of 112 N/A C:\Windows\SysWOW64\ctxtkvf.exe C:\Windows\SysWOW64\ctxtkvf.exe
PID 824 set thread context of 1064 N/A C:\Windows\SysWOW64\kbllfko.exe C:\Windows\SysWOW64\kbllfko.exe
PID 1048 set thread context of 1704 N/A C:\Windows\SysWOW64\zretlck.exe C:\Windows\SysWOW64\zretlck.exe
PID 3064 set thread context of 2500 N/A C:\Windows\SysWOW64\gcdyava.exe C:\Windows\SysWOW64\gcdyava.exe
PID 2632 set thread context of 1744 N/A C:\Windows\SysWOW64\twjguie.exe C:\Windows\SysWOW64\twjguie.exe
PID 2528 set thread context of 1200 N/A C:\Windows\SysWOW64\ddnmezm.exe C:\Windows\SysWOW64\ddnmezm.exe
PID 1288 set thread context of 708 N/A C:\Windows\SysWOW64\ozowmbn.exe C:\Windows\SysWOW64\ozowmbn.exe
PID 1508 set thread context of 1316 N/A C:\Windows\SysWOW64\vdyjdmp.exe C:\Windows\SysWOW64\vdyjdmp.exe
PID 2160 set thread context of 1176 N/A C:\Windows\SysWOW64\fgouqpe.exe C:\Windows\SysWOW64\fgouqpe.exe
PID 1708 set thread context of 1444 N/A C:\Windows\SysWOW64\vwztxzz.exe C:\Windows\SysWOW64\vwztxzz.exe
PID 1728 set thread context of 2336 N/A C:\Windows\SysWOW64\hbqwlqk.exe C:\Windows\SysWOW64\hbqwlqk.exe
PID 2448 set thread context of 2240 N/A C:\Windows\SysWOW64\rauueos.exe C:\Windows\SysWOW64\rauueos.exe
PID 2952 set thread context of 1520 N/A C:\Windows\SysWOW64\fnmjkkr.exe C:\Windows\SysWOW64\fnmjkkr.exe
PID 1940 set thread context of 584 N/A C:\Windows\SysWOW64\oqbuxnx.exe C:\Windows\SysWOW64\oqbuxnx.exe
PID 2260 set thread context of 2196 N/A C:\Windows\SysWOW64\cltjdrw.exe C:\Windows\SysWOW64\cltjdrw.exe
PID 2648 set thread context of 1416 N/A C:\Windows\SysWOW64\ofzzoei.exe C:\Windows\SysWOW64\ofzzoei.exe
PID 3068 set thread context of 2728 N/A C:\Windows\SysWOW64\ypojjzo.exe C:\Windows\SysWOW64\ypojjzo.exe
PID 1448 set thread context of 1640 N/A C:\Windows\SysWOW64\lcgzpdn.exe C:\Windows\SysWOW64\lcgzpdn.exe
PID 2436 set thread context of 2520 N/A C:\Windows\SysWOW64\vqhwfka.exe C:\Windows\SysWOW64\vqhwfka.exe
PID 2556 set thread context of 336 N/A C:\Windows\SysWOW64\idqmloz.exe C:\Windows\SysWOW64\idqmloz.exe
PID 1300 set thread context of 1600 N/A C:\Windows\SysWOW64\vulpuof.exe C:\Windows\SysWOW64\vulpuof.exe
PID 568 set thread context of 2204 N/A C:\Windows\SysWOW64\fimesws.exe C:\Windows\SysWOW64\fimesws.exe
PID 1860 set thread context of 2300 N/A C:\Windows\SysWOW64\svdcxzr.exe C:\Windows\SysWOW64\svdcxzr.exe
PID 2580 set thread context of 2948 N/A C:\Windows\SysWOW64\ftyxgiw.exe C:\Windows\SysWOW64\ftyxgiw.exe
PID 2632 set thread context of 2784 N/A C:\Windows\SysWOW64\rnemrma.exe C:\Windows\SysWOW64\rnemrma.exe
PID 1344 set thread context of 452 N/A C:\Windows\SysWOW64\emhpaug.exe C:\Windows\SysWOW64\emhpaug.exe
PID 1808 set thread context of 1940 N/A C:\Windows\SysWOW64\ollmktg.exe C:\Windows\SysWOW64\ollmktg.exe
PID 1104 set thread context of 824 N/A C:\Windows\SysWOW64\brcphcr.exe C:\Windows\SysWOW64\brcphcr.exe
PID 920 set thread context of 2468 N/A C:\Windows\SysWOW64\oemfmgp.exe C:\Windows\SysWOW64\oemfmgp.exe
PID 2540 set thread context of 828 N/A C:\Windows\SysWOW64\bgamysc.exe C:\Windows\SysWOW64\bgamysc.exe
PID 3016 set thread context of 2536 N/A C:\Windows\SysWOW64\owvpgsz.exe C:\Windows\SysWOW64\owvpgsz.exe
PID 1612 set thread context of 2856 N/A C:\Windows\SysWOW64\yvzvrrh.exe C:\Windows\SysWOW64\yvzvrrh.exe
PID 2712 set thread context of 1504 N/A C:\Windows\SysWOW64\hjzkpzu.exe C:\Windows\SysWOW64\hjzkpzu.exe
PID 2272 set thread context of 936 N/A C:\Windows\SysWOW64\vwravct.exe C:\Windows\SysWOW64\vwravct.exe
PID 904 set thread context of 2860 N/A C:\Windows\SysWOW64\ehgkifz.exe C:\Windows\SysWOW64\ehgkifz.exe
PID 2548 set thread context of 2508 N/A C:\Windows\SysWOW64\ezhccsj.exe C:\Windows\SysWOW64\ezhccsj.exe
PID 2348 set thread context of 2764 N/A C:\Windows\SysWOW64\oytaurq.exe C:\Windows\SysWOW64\oytaurq.exe
PID 2136 set thread context of 2080 N/A C:\Windows\SysWOW64\tpocdzw.exe C:\Windows\SysWOW64\tpocdzw.exe
PID 1252 set thread context of 2888 N/A C:\Windows\SysWOW64\gnjfmzu.exe C:\Windows\SysWOW64\gnjfmzu.exe
PID 972 set thread context of 1964 N/A C:\Windows\SysWOW64\qmvdwyb.exe C:\Windows\SysWOW64\qmvdwyb.exe
PID 1028 set thread context of 2676 N/A C:\Windows\SysWOW64\ddqffgh.exe C:\Windows\SysWOW64\ddqffgh.exe
PID 1004 set thread context of 2296 N/A C:\Windows\SysWOW64\qfwvqtl.exe C:\Windows\SysWOW64\qfwvqtl.exe
PID 1304 set thread context of 880 N/A C:\Windows\SysWOW64\aqlfloz.exe C:\Windows\SysWOW64\aqlfloz.exe
PID 1724 set thread context of 1548 N/A C:\Windows\SysWOW64\ngoiuwx.exe C:\Windows\SysWOW64\ngoiuwx.exe
PID 1544 set thread context of 1804 N/A C:\Windows\SysWOW64\ziuqfib.exe C:\Windows\SysWOW64\ziuqfib.exe
PID 1040 set thread context of 2160 N/A C:\Windows\SysWOW64\mveflei.exe C:\Windows\SysWOW64\mveflei.exe
PID 2412 set thread context of 2068 N/A C:\Windows\SysWOW64\zxkvwrm.exe C:\Windows\SysWOW64\zxkvwrm.exe
PID 2820 set thread context of 2844 N/A C:\Windows\SysWOW64\monyfzs.exe C:\Windows\SysWOW64\monyfzs.exe

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\cjivdll.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\geoduye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\azyeuoz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\dkrktke.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\ohgcdex.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\uaknzix.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\ldetwhx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\nnwqmeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\qjbqoow.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\qctjqoj.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\gueoxad.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\mdlbdvk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\pnipcoc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\ekzfsyt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\gqstqnp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\dicbvmj.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\tlffalw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\qjzkusf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\ofjyzpy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\sqqikqu.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\miggeyh.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\ysryssk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\jhhdtrz.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\fswfcio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\xcwcleq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\qjzkusf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\vulpuof.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\ncizspc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\geoduye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\jhjrqrw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\fuskgxf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\xbpaotk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\zusdgqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\wvqulsj.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\vbxicfy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\fpivgzs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\ezfsbph.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\dyhjkoa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\dkmhkus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\njqxcht.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\ineucqo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\SysWOW64\xrmikvb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\hgjpfch.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\uqpbooi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\SysWOW64\fcrrmkv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\dkmhkus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Windows\SysWOW64\ftyxgiw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2300 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe
PID 2656 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2656 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2656 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2656 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 2948 wrote to memory of 1820 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\laeczsr.exe
PID 1820 wrote to memory of 2800 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 1820 wrote to memory of 2800 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 1820 wrote to memory of 2800 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 1820 wrote to memory of 2800 N/A C:\Windows\SysWOW64\laeczsr.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2800 wrote to memory of 2340 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\kwrsyvk.exe
PID 2340 wrote to memory of 1536 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\himnoyq.exe
PID 2340 wrote to memory of 1536 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\himnoyq.exe
PID 2340 wrote to memory of 1536 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\himnoyq.exe
PID 2340 wrote to memory of 1536 N/A C:\Windows\SysWOW64\kwrsyvk.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 1536 wrote to memory of 480 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\himnoyq.exe
PID 480 wrote to memory of 824 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\bvrawel.exe
PID 480 wrote to memory of 824 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\bvrawel.exe
PID 480 wrote to memory of 824 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\bvrawel.exe
PID 480 wrote to memory of 824 N/A C:\Windows\SysWOW64\himnoyq.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe
PID 824 wrote to memory of 1044 N/A C:\Windows\SysWOW64\bvrawel.exe C:\Windows\SysWOW64\bvrawel.exe

Processes

C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

C:\Windows\SysWOW64\laeczsr.exe

C:\Windows\system32\laeczsr.exe 504 "C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

C:\Windows\SysWOW64\laeczsr.exe

"C:\Windows\SysWOW64\laeczsr.exe"

C:\Windows\SysWOW64\kwrsyvk.exe

C:\Windows\system32\kwrsyvk.exe 452 "C:\Windows\SysWOW64\laeczsr.exe"

C:\Windows\SysWOW64\kwrsyvk.exe

"C:\Windows\SysWOW64\kwrsyvk.exe"

C:\Windows\SysWOW64\himnoyq.exe

C:\Windows\system32\himnoyq.exe 452 "C:\Windows\SysWOW64\kwrsyvk.exe"

C:\Windows\SysWOW64\himnoyq.exe

"C:\Windows\SysWOW64\himnoyq.exe"

C:\Windows\SysWOW64\bvrawel.exe

C:\Windows\system32\bvrawel.exe 452 "C:\Windows\SysWOW64\himnoyq.exe"

C:\Windows\SysWOW64\bvrawel.exe

"C:\Windows\SysWOW64\bvrawel.exe"

C:\Windows\SysWOW64\boasqrv.exe

C:\Windows\system32\boasqrv.exe 452 "C:\Windows\SysWOW64\bvrawel.exe"

C:\Windows\SysWOW64\boasqrv.exe

"C:\Windows\SysWOW64\boasqrv.exe"

C:\Windows\SysWOW64\ymhsrya.exe

C:\Windows\system32\ymhsrya.exe 452 "C:\Windows\SysWOW64\boasqrv.exe"

C:\Windows\SysWOW64\ymhsrya.exe

"C:\Windows\SysWOW64\ymhsrya.exe"

C:\Windows\SysWOW64\dnpnavg.exe

C:\Windows\system32\dnpnavg.exe 452 "C:\Windows\SysWOW64\ymhsrya.exe"

C:\Windows\SysWOW64\dnpnavg.exe

"C:\Windows\SysWOW64\dnpnavg.exe"

C:\Windows\SysWOW64\cjbtfmx.exe

C:\Windows\system32\cjbtfmx.exe 452 "C:\Windows\SysWOW64\dnpnavg.exe"

C:\Windows\SysWOW64\cjbtfmx.exe

"C:\Windows\SysWOW64\cjbtfmx.exe"

C:\Windows\SysWOW64\fbtixie.exe

C:\Windows\system32\fbtixie.exe 452 "C:\Windows\SysWOW64\cjbtfmx.exe"

C:\Windows\SysWOW64\fbtixie.exe

"C:\Windows\SysWOW64\fbtixie.exe"

C:\Windows\SysWOW64\ccbdfok.exe

C:\Windows\system32\ccbdfok.exe 452 "C:\Windows\SysWOW64\fbtixie.exe"

C:\Windows\SysWOW64\ccbdfok.exe

"C:\Windows\SysWOW64\ccbdfok.exe"

C:\Windows\SysWOW64\ebptdsy.exe

C:\Windows\system32\ebptdsy.exe 452 "C:\Windows\SysWOW64\ccbdfok.exe"

C:\Windows\SysWOW64\ebptdsy.exe

"C:\Windows\SysWOW64\ebptdsy.exe"

C:\Windows\SysWOW64\jcxotyw.exe

C:\Windows\system32\jcxotyw.exe 452 "C:\Windows\SysWOW64\ebptdsy.exe"

C:\Windows\SysWOW64\jcxotyw.exe

"C:\Windows\SysWOW64\jcxotyw.exe"

C:\Windows\SysWOW64\oprwnaj.exe

C:\Windows\system32\oprwnaj.exe 452 "C:\Windows\SysWOW64\jcxotyw.exe"

C:\Windows\SysWOW64\oprwnaj.exe

"C:\Windows\SysWOW64\oprwnaj.exe"

C:\Windows\SysWOW64\vxmohxs.exe

C:\Windows\system32\vxmohxs.exe 452 "C:\Windows\SysWOW64\oprwnaj.exe"

C:\Windows\SysWOW64\vxmohxs.exe

"C:\Windows\SysWOW64\vxmohxs.exe"

C:\Windows\SysWOW64\ayujpuq.exe

C:\Windows\system32\ayujpuq.exe 452 "C:\Windows\SysWOW64\vxmohxs.exe"

C:\Windows\SysWOW64\ayujpuq.exe

"C:\Windows\SysWOW64\ayujpuq.exe"

C:\Windows\SysWOW64\ctxtkvf.exe

C:\Windows\system32\ctxtkvf.exe 452 "C:\Windows\SysWOW64\ayujpuq.exe"

C:\Windows\SysWOW64\ctxtkvf.exe

"C:\Windows\SysWOW64\ctxtkvf.exe"

C:\Windows\SysWOW64\kbllfko.exe

C:\Windows\system32\kbllfko.exe 452 "C:\Windows\SysWOW64\ctxtkvf.exe"

C:\Windows\SysWOW64\kbllfko.exe

"C:\Windows\SysWOW64\kbllfko.exe"

C:\Windows\SysWOW64\zretlck.exe

C:\Windows\system32\zretlck.exe 496 "C:\Windows\SysWOW64\kbllfko.exe"

C:\Windows\SysWOW64\zretlck.exe

"C:\Windows\SysWOW64\zretlck.exe"

C:\Windows\SysWOW64\gcdyava.exe

C:\Windows\system32\gcdyava.exe 464 "C:\Windows\SysWOW64\zretlck.exe"

C:\Windows\SysWOW64\gcdyava.exe

"C:\Windows\SysWOW64\gcdyava.exe"

C:\Windows\SysWOW64\twjguie.exe

C:\Windows\system32\twjguie.exe 528 "C:\Windows\SysWOW64\gcdyava.exe"

C:\Windows\SysWOW64\twjguie.exe

"C:\Windows\SysWOW64\twjguie.exe"

C:\Windows\SysWOW64\ddnmezm.exe

C:\Windows\system32\ddnmezm.exe 452 "C:\Windows\SysWOW64\twjguie.exe"

C:\Windows\SysWOW64\ddnmezm.exe

"C:\Windows\SysWOW64\ddnmezm.exe"

C:\Windows\SysWOW64\ozowmbn.exe

C:\Windows\system32\ozowmbn.exe 452 "C:\Windows\SysWOW64\ddnmezm.exe"

C:\Windows\SysWOW64\ozowmbn.exe

"C:\Windows\SysWOW64\ozowmbn.exe"

C:\Windows\SysWOW64\vdyjdmp.exe

C:\Windows\system32\vdyjdmp.exe 452 "C:\Windows\SysWOW64\ozowmbn.exe"

C:\Windows\SysWOW64\vdyjdmp.exe

"C:\Windows\SysWOW64\vdyjdmp.exe"

C:\Windows\SysWOW64\fgouqpe.exe

C:\Windows\system32\fgouqpe.exe 452 "C:\Windows\SysWOW64\vdyjdmp.exe"

C:\Windows\SysWOW64\fgouqpe.exe

"C:\Windows\SysWOW64\fgouqpe.exe"

C:\Windows\SysWOW64\vwztxzz.exe

C:\Windows\system32\vwztxzz.exe 528 "C:\Windows\SysWOW64\fgouqpe.exe"

C:\Windows\SysWOW64\vwztxzz.exe

"C:\Windows\SysWOW64\vwztxzz.exe"

C:\Windows\SysWOW64\hbqwlqk.exe

C:\Windows\system32\hbqwlqk.exe 528 "C:\Windows\SysWOW64\vwztxzz.exe"

C:\Windows\SysWOW64\hbqwlqk.exe

"C:\Windows\SysWOW64\hbqwlqk.exe"

C:\Windows\SysWOW64\rauueos.exe

C:\Windows\system32\rauueos.exe 528 "C:\Windows\SysWOW64\hbqwlqk.exe"

C:\Windows\SysWOW64\rauueos.exe

"C:\Windows\SysWOW64\rauueos.exe"

C:\Windows\SysWOW64\fnmjkkr.exe

C:\Windows\system32\fnmjkkr.exe 528 "C:\Windows\SysWOW64\rauueos.exe"

C:\Windows\SysWOW64\fnmjkkr.exe

"C:\Windows\SysWOW64\fnmjkkr.exe"

C:\Windows\SysWOW64\oqbuxnx.exe

C:\Windows\system32\oqbuxnx.exe 528 "C:\Windows\SysWOW64\fnmjkkr.exe"

C:\Windows\SysWOW64\oqbuxnx.exe

"C:\Windows\SysWOW64\oqbuxnx.exe"

C:\Windows\SysWOW64\cltjdrw.exe

C:\Windows\system32\cltjdrw.exe 528 "C:\Windows\SysWOW64\oqbuxnx.exe"

C:\Windows\SysWOW64\cltjdrw.exe

"C:\Windows\SysWOW64\cltjdrw.exe"

C:\Windows\SysWOW64\ofzzoei.exe

C:\Windows\system32\ofzzoei.exe 536 "C:\Windows\SysWOW64\cltjdrw.exe"

C:\Windows\SysWOW64\ofzzoei.exe

"C:\Windows\SysWOW64\ofzzoei.exe"

C:\Windows\SysWOW64\ypojjzo.exe

C:\Windows\system32\ypojjzo.exe 528 "C:\Windows\SysWOW64\ofzzoei.exe"

C:\Windows\SysWOW64\ypojjzo.exe

"C:\Windows\SysWOW64\ypojjzo.exe"

C:\Windows\SysWOW64\lcgzpdn.exe

C:\Windows\system32\lcgzpdn.exe 528 "C:\Windows\SysWOW64\ypojjzo.exe"

C:\Windows\SysWOW64\lcgzpdn.exe

"C:\Windows\SysWOW64\lcgzpdn.exe"

C:\Windows\SysWOW64\vqhwfka.exe

C:\Windows\system32\vqhwfka.exe 528 "C:\Windows\SysWOW64\lcgzpdn.exe"

C:\Windows\SysWOW64\vqhwfka.exe

"C:\Windows\SysWOW64\vqhwfka.exe"

C:\Windows\SysWOW64\idqmloz.exe

C:\Windows\system32\idqmloz.exe 528 "C:\Windows\SysWOW64\vqhwfka.exe"

C:\Windows\SysWOW64\idqmloz.exe

"C:\Windows\SysWOW64\idqmloz.exe"

C:\Windows\SysWOW64\vulpuof.exe

C:\Windows\system32\vulpuof.exe 536 "C:\Windows\SysWOW64\idqmloz.exe"

C:\Windows\SysWOW64\vulpuof.exe

"C:\Windows\SysWOW64\vulpuof.exe"

C:\Windows\SysWOW64\fimesws.exe

C:\Windows\system32\fimesws.exe 528 "C:\Windows\SysWOW64\vulpuof.exe"

C:\Windows\SysWOW64\fimesws.exe

"C:\Windows\SysWOW64\fimesws.exe"

C:\Windows\SysWOW64\svdcxzr.exe

C:\Windows\system32\svdcxzr.exe 528 "C:\Windows\SysWOW64\fimesws.exe"

C:\Windows\SysWOW64\svdcxzr.exe

"C:\Windows\SysWOW64\svdcxzr.exe"

C:\Windows\SysWOW64\ftyxgiw.exe

C:\Windows\system32\ftyxgiw.exe 528 "C:\Windows\SysWOW64\svdcxzr.exe"

C:\Windows\SysWOW64\ftyxgiw.exe

"C:\Windows\SysWOW64\ftyxgiw.exe"

C:\Windows\SysWOW64\rnemrma.exe

C:\Windows\system32\rnemrma.exe 528 "C:\Windows\SysWOW64\ftyxgiw.exe"

C:\Windows\SysWOW64\rnemrma.exe

"C:\Windows\SysWOW64\rnemrma.exe"

C:\Windows\SysWOW64\emhpaug.exe

C:\Windows\system32\emhpaug.exe 532 "C:\Windows\SysWOW64\rnemrma.exe"

C:\Windows\SysWOW64\emhpaug.exe

"C:\Windows\SysWOW64\emhpaug.exe"

C:\Windows\SysWOW64\ollmktg.exe

C:\Windows\system32\ollmktg.exe 528 "C:\Windows\SysWOW64\emhpaug.exe"

C:\Windows\SysWOW64\ollmktg.exe

"C:\Windows\SysWOW64\ollmktg.exe"

C:\Windows\SysWOW64\brcphcr.exe

C:\Windows\system32\brcphcr.exe 528 "C:\Windows\SysWOW64\ollmktg.exe"

C:\Windows\SysWOW64\brcphcr.exe

"C:\Windows\SysWOW64\brcphcr.exe"

C:\Windows\SysWOW64\oemfmgp.exe

C:\Windows\system32\oemfmgp.exe 536 "C:\Windows\SysWOW64\brcphcr.exe"

C:\Windows\SysWOW64\oemfmgp.exe

"C:\Windows\SysWOW64\oemfmgp.exe"

C:\Windows\SysWOW64\bgamysc.exe

C:\Windows\system32\bgamysc.exe 528 "C:\Windows\SysWOW64\oemfmgp.exe"

C:\Windows\SysWOW64\bgamysc.exe

"C:\Windows\SysWOW64\bgamysc.exe"

C:\Windows\SysWOW64\owvpgsz.exe

C:\Windows\system32\owvpgsz.exe 536 "C:\Windows\SysWOW64\bgamysc.exe"

C:\Windows\SysWOW64\owvpgsz.exe

"C:\Windows\SysWOW64\owvpgsz.exe"

C:\Windows\SysWOW64\yvzvrrh.exe

C:\Windows\system32\yvzvrrh.exe 528 "C:\Windows\SysWOW64\owvpgsz.exe"

C:\Windows\SysWOW64\yvzvrrh.exe

"C:\Windows\SysWOW64\yvzvrrh.exe"

C:\Windows\SysWOW64\hjzkpzu.exe

C:\Windows\system32\hjzkpzu.exe 528 "C:\Windows\SysWOW64\yvzvrrh.exe"

C:\Windows\SysWOW64\hjzkpzu.exe

"C:\Windows\SysWOW64\hjzkpzu.exe"

C:\Windows\SysWOW64\vwravct.exe

C:\Windows\system32\vwravct.exe 528 "C:\Windows\SysWOW64\hjzkpzu.exe"

C:\Windows\SysWOW64\vwravct.exe

"C:\Windows\SysWOW64\vwravct.exe"

C:\Windows\SysWOW64\ehgkifz.exe

C:\Windows\system32\ehgkifz.exe 536 "C:\Windows\SysWOW64\vwravct.exe"

C:\Windows\SysWOW64\ehgkifz.exe

"C:\Windows\SysWOW64\ehgkifz.exe"

C:\Windows\SysWOW64\rxbnrgf.exe

C:\Windows\system32\rxbnrgf.exe 520 "C:\Windows\SysWOW64\ehgkifz.exe"

C:\Windows\SysWOW64\rxbnrgf.exe

"C:\Windows\SysWOW64\rxbnrgf.exe"

C:\Windows\SysWOW64\ezhccsj.exe

C:\Windows\system32\ezhccsj.exe 532 "C:\Windows\SysWOW64\rxbnrgf.exe"

C:\Windows\SysWOW64\ezhccsj.exe

"C:\Windows\SysWOW64\ezhccsj.exe"

C:\Windows\SysWOW64\oytaurq.exe

C:\Windows\system32\oytaurq.exe 528 "C:\Windows\SysWOW64\ezhccsj.exe"

C:\Windows\SysWOW64\oytaurq.exe

"C:\Windows\SysWOW64\oytaurq.exe"

C:\Windows\SysWOW64\tpocdzw.exe

C:\Windows\system32\tpocdzw.exe 528 "C:\Windows\SysWOW64\oytaurq.exe"

C:\Windows\SysWOW64\tpocdzw.exe

"C:\Windows\SysWOW64\tpocdzw.exe"

C:\Windows\SysWOW64\gnjfmzu.exe

C:\Windows\system32\gnjfmzu.exe 528 "C:\Windows\SysWOW64\tpocdzw.exe"

C:\Windows\SysWOW64\gnjfmzu.exe

"C:\Windows\SysWOW64\gnjfmzu.exe"

C:\Windows\SysWOW64\qmvdwyb.exe

C:\Windows\system32\qmvdwyb.exe 528 "C:\Windows\SysWOW64\gnjfmzu.exe"

C:\Windows\SysWOW64\qmvdwyb.exe

"C:\Windows\SysWOW64\qmvdwyb.exe"

C:\Windows\SysWOW64\ddqffgh.exe

C:\Windows\system32\ddqffgh.exe 528 "C:\Windows\SysWOW64\qmvdwyb.exe"

C:\Windows\SysWOW64\ddqffgh.exe

"C:\Windows\SysWOW64\ddqffgh.exe"

C:\Windows\SysWOW64\qfwvqtl.exe

C:\Windows\system32\qfwvqtl.exe 528 "C:\Windows\SysWOW64\ddqffgh.exe"

C:\Windows\SysWOW64\qfwvqtl.exe

"C:\Windows\SysWOW64\qfwvqtl.exe"

C:\Windows\SysWOW64\aqlfloz.exe

C:\Windows\system32\aqlfloz.exe 528 "C:\Windows\SysWOW64\qfwvqtl.exe"

C:\Windows\SysWOW64\aqlfloz.exe

"C:\Windows\SysWOW64\aqlfloz.exe"

C:\Windows\SysWOW64\ngoiuwx.exe

C:\Windows\system32\ngoiuwx.exe 528 "C:\Windows\SysWOW64\aqlfloz.exe"

C:\Windows\SysWOW64\ngoiuwx.exe

"C:\Windows\SysWOW64\ngoiuwx.exe"

C:\Windows\SysWOW64\ziuqfib.exe

C:\Windows\system32\ziuqfib.exe 528 "C:\Windows\SysWOW64\ngoiuwx.exe"

C:\Windows\SysWOW64\ziuqfib.exe

"C:\Windows\SysWOW64\ziuqfib.exe"

C:\Windows\SysWOW64\mveflei.exe

C:\Windows\system32\mveflei.exe 528 "C:\Windows\SysWOW64\ziuqfib.exe"

C:\Windows\SysWOW64\mveflei.exe

"C:\Windows\SysWOW64\mveflei.exe"

C:\Windows\SysWOW64\zxkvwrm.exe

C:\Windows\system32\zxkvwrm.exe 528 "C:\Windows\SysWOW64\mveflei.exe"

C:\Windows\SysWOW64\zxkvwrm.exe

"C:\Windows\SysWOW64\zxkvwrm.exe"

C:\Windows\SysWOW64\monyfzs.exe

C:\Windows\system32\monyfzs.exe 528 "C:\Windows\SysWOW64\zxkvwrm.exe"

C:\Windows\SysWOW64\monyfzs.exe

"C:\Windows\SysWOW64\monyfzs.exe"

C:\Windows\SysWOW64\wcnvdgx.exe

C:\Windows\system32\wcnvdgx.exe 528 "C:\Windows\SysWOW64\monyfzs.exe"

C:\Windows\SysWOW64\wcnvdgx.exe

"C:\Windows\SysWOW64\wcnvdgx.exe"

C:\Windows\SysWOW64\jsiymhd.exe

C:\Windows\system32\jsiymhd.exe 528 "C:\Windows\SysWOW64\wcnvdgx.exe"

C:\Windows\SysWOW64\jsiymhd.exe

"C:\Windows\SysWOW64\jsiymhd.exe"

C:\Windows\SysWOW64\vrdtupi.exe

C:\Windows\system32\vrdtupi.exe 528 "C:\Windows\SysWOW64\jsiymhd.exe"

C:\Windows\SysWOW64\vrdtupi.exe

"C:\Windows\SysWOW64\vrdtupi.exe"

C:\Windows\SysWOW64\ihgvdxo.exe

C:\Windows\system32\ihgvdxo.exe 528 "C:\Windows\SysWOW64\vrdtupi.exe"

C:\Windows\SysWOW64\ihgvdxo.exe

"C:\Windows\SysWOW64\ihgvdxo.exe"

C:\Windows\SysWOW64\skvgqsu.exe

C:\Windows\system32\skvgqsu.exe 528 "C:\Windows\SysWOW64\ihgvdxo.exe"

C:\Windows\SysWOW64\skvgqsu.exe

"C:\Windows\SysWOW64\skvgqsu.exe"

C:\Windows\SysWOW64\fiqihaa.exe

C:\Windows\system32\fiqihaa.exe 528 "C:\Windows\SysWOW64\skvgqsu.exe"

C:\Windows\SysWOW64\fiqihaa.exe

"C:\Windows\SysWOW64\fiqihaa.exe"

C:\Windows\SysWOW64\szllpix.exe

C:\Windows\system32\szllpix.exe 528 "C:\Windows\SysWOW64\fiqihaa.exe"

C:\Windows\SysWOW64\szllpix.exe

"C:\Windows\SysWOW64\szllpix.exe"

C:\Windows\SysWOW64\cjivdll.exe

C:\Windows\system32\cjivdll.exe 528 "C:\Windows\SysWOW64\szllpix.exe"

C:\Windows\SysWOW64\cjivdll.exe

"C:\Windows\SysWOW64\cjivdll.exe"

C:\Windows\SysWOW64\padylmj.exe

C:\Windows\system32\padylmj.exe 536 "C:\Windows\SysWOW64\cjivdll.exe"

C:\Windows\SysWOW64\padylmj.exe

"C:\Windows\SysWOW64\padylmj.exe"

C:\Windows\SysWOW64\cyybuup.exe

C:\Windows\system32\cyybuup.exe 532 "C:\Windows\SysWOW64\padylmj.exe"

C:\Windows\SysWOW64\cyybuup.exe

"C:\Windows\SysWOW64\cyybuup.exe"

C:\Windows\SysWOW64\mxkymtw.exe

C:\Windows\system32\mxkymtw.exe 528 "C:\Windows\SysWOW64\cyybuup.exe"

C:\Windows\SysWOW64\mxkymtw.exe

"C:\Windows\SysWOW64\mxkymtw.exe"

C:\Windows\SysWOW64\ydtbabh.exe

C:\Windows\system32\ydtbabh.exe 528 "C:\Windows\SysWOW64\mxkymtw.exe"

C:\Windows\SysWOW64\ydtbabh.exe

"C:\Windows\SysWOW64\ydtbabh.exe"

C:\Windows\SysWOW64\lqlrgfg.exe

C:\Windows\system32\lqlrgfg.exe 528 "C:\Windows\SysWOW64\ydtbabh.exe"

C:\Windows\SysWOW64\lqlrgfg.exe

"C:\Windows\SysWOW64\lqlrgfg.exe"

C:\Windows\SysWOW64\ysryssk.exe

C:\Windows\system32\ysryssk.exe 528 "C:\Windows\SysWOW64\lqlrgfg.exe"

C:\Windows\SysWOW64\ysryssk.exe

"C:\Windows\SysWOW64\ysryssk.exe"

C:\Windows\SysWOW64\iugjfvr.exe

C:\Windows\system32\iugjfvr.exe 528 "C:\Windows\SysWOW64\ysryssk.exe"

C:\Windows\SysWOW64\iugjfvr.exe

"C:\Windows\SysWOW64\iugjfvr.exe"

C:\Windows\SysWOW64\vljlnvw.exe

C:\Windows\system32\vljlnvw.exe 536 "C:\Windows\SysWOW64\iugjfvr.exe"

C:\Windows\SysWOW64\vljlnvw.exe

"C:\Windows\SysWOW64\vljlnvw.exe"

C:\Windows\SysWOW64\igsbtzv.exe

C:\Windows\system32\igsbtzv.exe 528 "C:\Windows\SysWOW64\vljlnvw.exe"

C:\Windows\SysWOW64\igsbtzv.exe

"C:\Windows\SysWOW64\igsbtzv.exe"

C:\Windows\SysWOW64\vazrnlz.exe

C:\Windows\system32\vazrnlz.exe 528 "C:\Windows\SysWOW64\igsbtzv.exe"

C:\Windows\SysWOW64\vazrnlz.exe

"C:\Windows\SysWOW64\vazrnlz.exe"

C:\Windows\SysWOW64\iybtvlf.exe

C:\Windows\system32\iybtvlf.exe 536 "C:\Windows\SysWOW64\vazrnlz.exe"

C:\Windows\SysWOW64\iybtvlf.exe

"C:\Windows\SysWOW64\iybtvlf.exe"

C:\Windows\SysWOW64\sbrejpl.exe

C:\Windows\system32\sbrejpl.exe 528 "C:\Windows\SysWOW64\iybtvlf.exe"

C:\Windows\SysWOW64\sbrejpl.exe

"C:\Windows\SysWOW64\sbrejpl.exe"

C:\Windows\SysWOW64\edxtubx.exe

C:\Windows\system32\edxtubx.exe 528 "C:\Windows\SysWOW64\sbrejpl.exe"

C:\Windows\SysWOW64\edxtubx.exe

"C:\Windows\SysWOW64\edxtubx.exe"

C:\Windows\SysWOW64\rqgjafw.exe

C:\Windows\system32\rqgjafw.exe 528 "C:\Windows\SysWOW64\edxtubx.exe"

C:\Windows\SysWOW64\rqgjafw.exe

"C:\Windows\SysWOW64\rqgjafw.exe"

C:\Windows\SysWOW64\behyyej.exe

C:\Windows\system32\behyyej.exe 528 "C:\Windows\SysWOW64\rqgjafw.exe"

C:\Windows\SysWOW64\behyyej.exe

"C:\Windows\SysWOW64\behyyej.exe"

C:\Windows\SysWOW64\ovkbgnh.exe

C:\Windows\system32\ovkbgnh.exe 528 "C:\Windows\SysWOW64\behyyej.exe"

C:\Windows\SysWOW64\ovkbgnh.exe

"C:\Windows\SysWOW64\ovkbgnh.exe"

C:\Windows\SysWOW64\btfepvm.exe

C:\Windows\system32\btfepvm.exe 528 "C:\Windows\SysWOW64\ovkbgnh.exe"

C:\Windows\SysWOW64\btfepvm.exe

"C:\Windows\SysWOW64\btfepvm.exe"

C:\Windows\SysWOW64\lwuocyt.exe

C:\Windows\system32\lwuocyt.exe 528 "C:\Windows\SysWOW64\btfepvm.exe"

C:\Windows\SysWOW64\lwuocyt.exe

"C:\Windows\SysWOW64\lwuocyt.exe"

C:\Windows\SysWOW64\ymprlyy.exe

C:\Windows\system32\ymprlyy.exe 528 "C:\Windows\SysWOW64\lwuocyt.exe"

C:\Windows\SysWOW64\ymprlyy.exe

"C:\Windows\SysWOW64\ymprlyy.exe"

C:\Windows\SysWOW64\ncizspc.exe

C:\Windows\system32\ncizspc.exe 528 "C:\Windows\SysWOW64\ymprlyy.exe"

C:\Windows\SysWOW64\ncizspc.exe

"C:\Windows\SysWOW64\ncizspc.exe"

C:\Windows\SysWOW64\xnyjnti.exe

C:\Windows\system32\xnyjnti.exe 528 "C:\Windows\SysWOW64\ncizspc.exe"

C:\Windows\SysWOW64\xnyjnti.exe

"C:\Windows\SysWOW64\xnyjnti.exe"

C:\Windows\SysWOW64\kahztoh.exe

C:\Windows\system32\kahztoh.exe 528 "C:\Windows\SysWOW64\xnyjnti.exe"

C:\Windows\SysWOW64\kahztoh.exe

"C:\Windows\SysWOW64\kahztoh.exe"

C:\Windows\SysWOW64\xunpebt.exe

C:\Windows\system32\xunpebt.exe 528 "C:\Windows\SysWOW64\kahztoh.exe"

C:\Windows\SysWOW64\xunpebt.exe

"C:\Windows\SysWOW64\xunpebt.exe"

C:\Windows\SysWOW64\hbzmoat.exe

C:\Windows\system32\hbzmoat.exe 528 "C:\Windows\SysWOW64\xunpebt.exe"

C:\Windows\SysWOW64\hbzmoat.exe

"C:\Windows\SysWOW64\hbzmoat.exe"

C:\Windows\SysWOW64\urupxiy.exe

C:\Windows\system32\urupxiy.exe 528 "C:\Windows\SysWOW64\hbzmoat.exe"

C:\Windows\SysWOW64\urupxiy.exe

"C:\Windows\SysWOW64\urupxiy.exe"

C:\Windows\SysWOW64\hixrgie.exe

C:\Windows\system32\hixrgie.exe 528 "C:\Windows\SysWOW64\urupxiy.exe"

C:\Windows\SysWOW64\hixrgie.exe

"C:\Windows\SysWOW64\hixrgie.exe"

C:\Windows\SysWOW64\rpbpyhl.exe

C:\Windows\system32\rpbpyhl.exe 528 "C:\Windows\SysWOW64\hixrgie.exe"

C:\Windows\SysWOW64\rpbpyhl.exe

"C:\Windows\SysWOW64\rpbpyhl.exe"

C:\Windows\SysWOW64\bvceoor.exe

C:\Windows\system32\bvceoor.exe 528 "C:\Windows\SysWOW64\rpbpyhl.exe"

C:\Windows\SysWOW64\bvceoor.exe

"C:\Windows\SysWOW64\bvceoor.exe"

C:\Windows\SysWOW64\oqlcusx.exe

C:\Windows\system32\oqlcusx.exe 528 "C:\Windows\SysWOW64\bvceoor.exe"

C:\Windows\SysWOW64\oqlcusx.exe

"C:\Windows\SysWOW64\oqlcusx.exe"

C:\Windows\SysWOW64\ytjepve.exe

C:\Windows\system32\ytjepve.exe 528 "C:\Windows\SysWOW64\oqlcusx.exe"

C:\Windows\SysWOW64\ytjepve.exe

"C:\Windows\SysWOW64\ytjepve.exe"

C:\Windows\SysWOW64\dgscvrc.exe

C:\Windows\system32\dgscvrc.exe 528 "C:\Windows\SysWOW64\ytjepve.exe"

C:\Windows\SysWOW64\dgscvrc.exe

"C:\Windows\SysWOW64\dgscvrc.exe"

C:\Windows\SysWOW64\nqimiuj.exe

C:\Windows\system32\nqimiuj.exe 528 "C:\Windows\SysWOW64\dgscvrc.exe"

C:\Windows\SysWOW64\nqimiuj.exe

"C:\Windows\SysWOW64\nqimiuj.exe"

C:\Windows\SysWOW64\akouuhv.exe

C:\Windows\system32\akouuhv.exe 528 "C:\Windows\SysWOW64\nqimiuj.exe"

C:\Windows\SysWOW64\akouuhv.exe

"C:\Windows\SysWOW64\akouuhv.exe"

C:\Windows\SysWOW64\njqxcht.exe

C:\Windows\system32\njqxcht.exe 528 "C:\Windows\SysWOW64\akouuhv.exe"

C:\Windows\SysWOW64\njqxcht.exe

"C:\Windows\SysWOW64\njqxcht.exe"

C:\Windows\SysWOW64\wlghxkh.exe

C:\Windows\system32\wlghxkh.exe 528 "C:\Windows\SysWOW64\njqxcht.exe"

C:\Windows\SysWOW64\wlghxkh.exe

"C:\Windows\SysWOW64\wlghxkh.exe"

C:\Windows\SysWOW64\jkbkgsf.exe

C:\Windows\system32\jkbkgsf.exe 528 "C:\Windows\SysWOW64\wlghxkh.exe"

C:\Windows\SysWOW64\jkbkgsf.exe

"C:\Windows\SysWOW64\jkbkgsf.exe"

C:\Windows\SysWOW64\xxsamwl.exe

C:\Windows\system32\xxsamwl.exe 528 "C:\Windows\SysWOW64\jkbkgsf.exe"

C:\Windows\SysWOW64\xxsamwl.exe

"C:\Windows\SysWOW64\xxsamwl.exe"

C:\Windows\SysWOW64\jckcafo.exe

C:\Windows\system32\jckcafo.exe 536 "C:\Windows\SysWOW64\xxsamwl.exe"

C:\Windows\SysWOW64\jckcafo.exe

"C:\Windows\SysWOW64\jckcafo.exe"

C:\Windows\SysWOW64\tboakew.exe

C:\Windows\system32\tboakew.exe 528 "C:\Windows\SysWOW64\jckcafo.exe"

C:\Windows\SysWOW64\tboakew.exe

"C:\Windows\SysWOW64\tboakew.exe"

C:\Windows\SysWOW64\gsictmc.exe

C:\Windows\system32\gsictmc.exe 528 "C:\Windows\SysWOW64\tboakew.exe"

C:\Windows\SysWOW64\gsictmc.exe

"C:\Windows\SysWOW64\gsictmc.exe"

C:\Windows\SysWOW64\tqlfcuz.exe

C:\Windows\system32\tqlfcuz.exe 528 "C:\Windows\SysWOW64\gsictmc.exe"

C:\Windows\SysWOW64\tqlfcuz.exe

"C:\Windows\SysWOW64\tqlfcuz.exe"

C:\Windows\SysWOW64\ghgisuf.exe

C:\Windows\system32\ghgisuf.exe 528 "C:\Windows\SysWOW64\tqlfcuz.exe"

C:\Windows\SysWOW64\ghgisuf.exe

"C:\Windows\SysWOW64\ghgisuf.exe"

C:\Windows\SysWOW64\pvhxibs.exe

C:\Windows\system32\pvhxibs.exe 528 "C:\Windows\SysWOW64\ghgisuf.exe"

C:\Windows\SysWOW64\pvhxibs.exe

"C:\Windows\SysWOW64\pvhxibs.exe"

C:\Windows\SysWOW64\fzhsmpp.exe

C:\Windows\system32\fzhsmpp.exe 528 "C:\Windows\SysWOW64\pvhxibs.exe"

C:\Windows\SysWOW64\fzhsmpp.exe

"C:\Windows\SysWOW64\fzhsmpp.exe"

C:\Windows\SysWOW64\pnipcoc.exe

C:\Windows\system32\pnipcoc.exe 528 "C:\Windows\SysWOW64\fzhsmpp.exe"

C:\Windows\SysWOW64\pnipcoc.exe

"C:\Windows\SysWOW64\pnipcoc.exe"

C:\Windows\SysWOW64\cmkslwh.exe

C:\Windows\system32\cmkslwh.exe 528 "C:\Windows\SysWOW64\pnipcoc.exe"

C:\Windows\SysWOW64\cmkslwh.exe

"C:\Windows\SysWOW64\cmkslwh.exe"

C:\Windows\SysWOW64\pzuirag.exe

C:\Windows\system32\pzuirag.exe 528 "C:\Windows\SysWOW64\cmkslwh.exe"

C:\Windows\SysWOW64\pzuirag.exe

"C:\Windows\SysWOW64\pzuirag.exe"

C:\Windows\SysWOW64\zfvfpit.exe

C:\Windows\system32\zfvfpit.exe 528 "C:\Windows\SysWOW64\pzuirag.exe"

C:\Windows\SysWOW64\zfvfpit.exe

"C:\Windows\SysWOW64\zfvfpit.exe"

C:\Windows\SysWOW64\mdpixir.exe

C:\Windows\system32\mdpixir.exe 532 "C:\Windows\SysWOW64\zfvfpit.exe"

C:\Windows\SysWOW64\mdpixir.exe

"C:\Windows\SysWOW64\mdpixir.exe"

C:\Windows\SysWOW64\zusdgqw.exe

C:\Windows\system32\zusdgqw.exe 528 "C:\Windows\SysWOW64\mdpixir.exe"

C:\Windows\SysWOW64\zusdgqw.exe

"C:\Windows\SysWOW64\zusdgqw.exe"

C:\Windows\SysWOW64\msnfpyc.exe

C:\Windows\system32\msnfpyc.exe 528 "C:\Windows\SysWOW64\zusdgqw.exe"

C:\Windows\SysWOW64\msnfpyc.exe

"C:\Windows\SysWOW64\msnfpyc.exe"

C:\Windows\SysWOW64\yjiixyh.exe

C:\Windows\system32\yjiixyh.exe 528 "C:\Windows\SysWOW64\msnfpyc.exe"

C:\Windows\SysWOW64\yjiixyh.exe

"C:\Windows\SysWOW64\yjiixyh.exe"

C:\Windows\SysWOW64\iufssbo.exe

C:\Windows\system32\iufssbo.exe 528 "C:\Windows\SysWOW64\yjiixyh.exe"

C:\Windows\SysWOW64\iufssbo.exe

"C:\Windows\SysWOW64\iufssbo.exe"

C:\Windows\SysWOW64\vkavbkt.exe

C:\Windows\system32\vkavbkt.exe 528 "C:\Windows\SysWOW64\iufssbo.exe"

C:\Windows\SysWOW64\vkavbkt.exe

"C:\Windows\SysWOW64\vkavbkt.exe"

C:\Windows\SysWOW64\fnpfonz.exe

C:\Windows\system32\fnpfonz.exe 540 "C:\Windows\SysWOW64\vkavbkt.exe"

C:\Windows\SysWOW64\fnpfonz.exe

"C:\Windows\SysWOW64\fnpfonz.exe"

C:\Windows\SysWOW64\putdzlh.exe

C:\Windows\system32\putdzlh.exe 528 "C:\Windows\SysWOW64\fnpfonz.exe"

C:\Windows\SysWOW64\putdzlh.exe

"C:\Windows\SysWOW64\putdzlh.exe"

C:\Windows\SysWOW64\chltehg.exe

C:\Windows\system32\chltehg.exe 528 "C:\Windows\SysWOW64\putdzlh.exe"

C:\Windows\SysWOW64\chltehg.exe

"C:\Windows\SysWOW64\chltehg.exe"

C:\Windows\SysWOW64\mvmqcpt.exe

C:\Windows\system32\mvmqcpt.exe 528 "C:\Windows\SysWOW64\chltehg.exe"

C:\Windows\SysWOW64\mvmqcpt.exe

"C:\Windows\SysWOW64\mvmqcpt.exe"

C:\Windows\SysWOW64\zidgits.exe

C:\Windows\system32\zidgits.exe 528 "C:\Windows\SysWOW64\mvmqcpt.exe"

C:\Windows\SysWOW64\zidgits.exe

"C:\Windows\SysWOW64\zidgits.exe"

C:\Windows\SysWOW64\jhhdtrz.exe

C:\Windows\system32\jhhdtrz.exe 536 "C:\Windows\SysWOW64\zidgits.exe"

C:\Windows\SysWOW64\jhhdtrz.exe

"C:\Windows\SysWOW64\jhhdtrz.exe"

C:\Windows\SysWOW64\wjntewe.exe

C:\Windows\system32\wjntewe.exe 528 "C:\Windows\SysWOW64\jhhdtrz.exe"

C:\Windows\SysWOW64\wjntewe.exe

"C:\Windows\SysWOW64\wjntewe.exe"

C:\Windows\SysWOW64\geoduye.exe

C:\Windows\system32\geoduye.exe 528 "C:\Windows\SysWOW64\wjntewe.exe"

C:\Windows\SysWOW64\geoduye.exe

"C:\Windows\SysWOW64\geoduye.exe"

C:\Windows\SysWOW64\qlpbkyr.exe

C:\Windows\system32\qlpbkyr.exe 528 "C:\Windows\SysWOW64\geoduye.exe"

C:\Windows\SysWOW64\qlpbkyr.exe

"C:\Windows\SysWOW64\qlpbkyr.exe"

C:\Windows\SysWOW64\gxpwolo.exe

C:\Windows\system32\gxpwolo.exe 536 "C:\Windows\SysWOW64\qlpbkyr.exe"

C:\Windows\SysWOW64\gxpwolo.exe

"C:\Windows\SysWOW64\gxpwolo.exe"

C:\Windows\SysWOW64\qdqtesb.exe

C:\Windows\system32\qdqtesb.exe 528 "C:\Windows\SysWOW64\gxpwolo.exe"

C:\Windows\SysWOW64\qdqtesb.exe

"C:\Windows\SysWOW64\qdqtesb.exe"

C:\Windows\SysWOW64\dyhjkoa.exe

C:\Windows\system32\dyhjkoa.exe 528 "C:\Windows\SysWOW64\qdqtesb.exe"

C:\Windows\SysWOW64\dyhjkoa.exe

"C:\Windows\SysWOW64\dyhjkoa.exe"

C:\Windows\SysWOW64\psnydbe.exe

C:\Windows\system32\psnydbe.exe 528 "C:\Windows\SysWOW64\dyhjkoa.exe"

C:\Windows\SysWOW64\psnydbe.exe

"C:\Windows\SysWOW64\psnydbe.exe"

C:\Windows\SysWOW64\zddbqet.exe

C:\Windows\system32\zddbqet.exe 528 "C:\Windows\SysWOW64\psnydbe.exe"

C:\Windows\SysWOW64\zddbqet.exe

"C:\Windows\SysWOW64\zddbqet.exe"

C:\Windows\SysWOW64\phdwujp.exe

C:\Windows\system32\phdwujp.exe 528 "C:\Windows\SysWOW64\zddbqet.exe"

C:\Windows\SysWOW64\phdwujp.exe

"C:\Windows\SysWOW64\phdwujp.exe"

C:\Windows\SysWOW64\cjjlgwu.exe

C:\Windows\system32\cjjlgwu.exe 528 "C:\Windows\SysWOW64\phdwujp.exe"

C:\Windows\SysWOW64\cjjlgwu.exe

"C:\Windows\SysWOW64\cjjlgwu.exe"

C:\Windows\SysWOW64\mivjqub.exe

C:\Windows\system32\mivjqub.exe 528 "C:\Windows\SysWOW64\cjjlgwu.exe"

C:\Windows\SysWOW64\mivjqub.exe

"C:\Windows\SysWOW64\mivjqub.exe"

C:\Windows\SysWOW64\zkbybzg.exe

C:\Windows\system32\zkbybzg.exe 528 "C:\Windows\SysWOW64\mivjqub.exe"

C:\Windows\SysWOW64\zkbybzg.exe

"C:\Windows\SysWOW64\zkbybzg.exe"

C:\Windows\SysWOW64\mbwbshl.exe

C:\Windows\system32\mbwbshl.exe 528 "C:\Windows\SysWOW64\zkbybzg.exe"

C:\Windows\SysWOW64\mbwbshl.exe

"C:\Windows\SysWOW64\mbwbshl.exe"

C:\Windows\SysWOW64\ydcrdtq.exe

C:\Windows\system32\ydcrdtq.exe 528 "C:\Windows\SysWOW64\mbwbshl.exe"

C:\Windows\SysWOW64\ydcrdtq.exe

"C:\Windows\SysWOW64\ydcrdtq.exe"

C:\Windows\SysWOW64\ifstrxw.exe

C:\Windows\system32\ifstrxw.exe 528 "C:\Windows\SysWOW64\ydcrdtq.exe"

C:\Windows\SysWOW64\ifstrxw.exe

"C:\Windows\SysWOW64\ifstrxw.exe"

C:\Windows\SysWOW64\veuwzxb.exe

C:\Windows\system32\veuwzxb.exe 528 "C:\Windows\SysWOW64\ifstrxw.exe"

C:\Windows\SysWOW64\veuwzxb.exe

"C:\Windows\SysWOW64\veuwzxb.exe"

C:\Windows\SysWOW64\ireufba.exe

C:\Windows\system32\ireufba.exe 528 "C:\Windows\SysWOW64\veuwzxb.exe"

C:\Windows\SysWOW64\ireufba.exe

"C:\Windows\SysWOW64\ireufba.exe"

C:\Windows\SysWOW64\sfejdin.exe

C:\Windows\system32\sfejdin.exe 528 "C:\Windows\SysWOW64\ireufba.exe"

C:\Windows\SysWOW64\sfejdin.exe

"C:\Windows\SysWOW64\sfejdin.exe"

C:\Windows\SysWOW64\anqrcsr.exe

C:\Windows\system32\anqrcsr.exe 528 "C:\Windows\SysWOW64\sfejdin.exe"

C:\Windows\SysWOW64\anqrcsr.exe

"C:\Windows\SysWOW64\anqrcsr.exe"

C:\Windows\SysWOW64\kxnbxvx.exe

C:\Windows\system32\kxnbxvx.exe 528 "C:\Windows\SysWOW64\anqrcsr.exe"

C:\Windows\SysWOW64\kxnbxvx.exe

"C:\Windows\SysWOW64\kxnbxvx.exe"

C:\Windows\SysWOW64\woiegdd.exe

C:\Windows\system32\woiegdd.exe 528 "C:\Windows\SysWOW64\kxnbxvx.exe"

C:\Windows\SysWOW64\woiegdd.exe

"C:\Windows\SysWOW64\woiegdd.exe"

C:\Windows\SysWOW64\hnmbqcc.exe

C:\Windows\system32\hnmbqcc.exe 528 "C:\Windows\SysWOW64\woiegdd.exe"

C:\Windows\SysWOW64\hnmbqcc.exe

"C:\Windows\SysWOW64\hnmbqcc.exe"

C:\Windows\SysWOW64\tpsrcgp.exe

C:\Windows\system32\tpsrcgp.exe 528 "C:\Windows\SysWOW64\hnmbqcc.exe"

C:\Windows\SysWOW64\tpsrcgp.exe

"C:\Windows\SysWOW64\tpsrcgp.exe"

C:\Windows\SysWOW64\jtbmgtl.exe

C:\Windows\system32\jtbmgtl.exe 528 "C:\Windows\SysWOW64\tpsrcgp.exe"

C:\Windows\SysWOW64\jtbmgtl.exe

"C:\Windows\SysWOW64\jtbmgtl.exe"

C:\Windows\SysWOW64\teqobws.exe

C:\Windows\system32\teqobws.exe 528 "C:\Windows\SysWOW64\jtbmgtl.exe"

C:\Windows\SysWOW64\teqobws.exe

"C:\Windows\SysWOW64\teqobws.exe"

C:\Windows\SysWOW64\gywembw.exe

C:\Windows\system32\gywembw.exe 528 "C:\Windows\SysWOW64\teqobws.exe"

C:\Windows\SysWOW64\gywembw.exe

"C:\Windows\SysWOW64\gywembw.exe"

C:\Windows\SysWOW64\ttousfd.exe

C:\Windows\system32\ttousfd.exe 528 "C:\Windows\SysWOW64\gywembw.exe"

C:\Windows\SysWOW64\ttousfd.exe

"C:\Windows\SysWOW64\ttousfd.exe"

C:\Windows\SysWOW64\dzorimi.exe

C:\Windows\system32\dzorimi.exe 528 "C:\Windows\SysWOW64\ttousfd.exe"

C:\Windows\SysWOW64\dzorimi.exe

"C:\Windows\SysWOW64\dzorimi.exe"

C:\Windows\SysWOW64\quyhoqp.exe

C:\Windows\system32\quyhoqp.exe 536 "C:\Windows\SysWOW64\dzorimi.exe"

C:\Windows\SysWOW64\quyhoqp.exe

"C:\Windows\SysWOW64\quyhoqp.exe"

C:\Windows\SysWOW64\coexzut.exe

C:\Windows\system32\coexzut.exe 528 "C:\Windows\SysWOW64\quyhoqp.exe"

C:\Windows\SysWOW64\coexzut.exe

"C:\Windows\SysWOW64\coexzut.exe"

C:\Windows\SysWOW64\pmhzqdz.exe

C:\Windows\system32\pmhzqdz.exe 528 "C:\Windows\SysWOW64\coexzut.exe"

C:\Windows\SysWOW64\pmhzqdz.exe

"C:\Windows\SysWOW64\pmhzqdz.exe"

C:\Windows\SysWOW64\zpwkdgf.exe

C:\Windows\system32\zpwkdgf.exe 528 "C:\Windows\SysWOW64\pmhzqdz.exe"

C:\Windows\SysWOW64\zpwkdgf.exe

"C:\Windows\SysWOW64\zpwkdgf.exe"

C:\Windows\SysWOW64\mormmgk.exe

C:\Windows\system32\mormmgk.exe 528 "C:\Windows\SysWOW64\zpwkdgf.exe"

C:\Windows\SysWOW64\mormmgk.exe

"C:\Windows\SysWOW64\mormmgk.exe"

C:\Windows\SysWOW64\zixuxsp.exe

C:\Windows\system32\zixuxsp.exe 528 "C:\Windows\SysWOW64\mormmgk.exe"

C:\Windows\SysWOW64\zixuxsp.exe

"C:\Windows\SysWOW64\zixuxsp.exe"

C:\Windows\SysWOW64\jhjrqrw.exe

C:\Windows\system32\jhjrqrw.exe 528 "C:\Windows\SysWOW64\zixuxsp.exe"

C:\Windows\SysWOW64\jhjrqrw.exe

"C:\Windows\SysWOW64\jhjrqrw.exe"

C:\Windows\SysWOW64\wjphbwb.exe

C:\Windows\system32\wjphbwb.exe 528 "C:\Windows\SysWOW64\jhjrqrw.exe"

C:\Windows\SysWOW64\wjphbwb.exe

"C:\Windows\SysWOW64\wjphbwb.exe"

C:\Windows\SysWOW64\jwzxhaz.exe

C:\Windows\system32\jwzxhaz.exe 536 "C:\Windows\SysWOW64\wjphbwb.exe"

C:\Windows\SysWOW64\jwzxhaz.exe

"C:\Windows\SysWOW64\jwzxhaz.exe"

C:\Windows\SysWOW64\vyfmsme.exe

C:\Windows\system32\vyfmsme.exe 528 "C:\Windows\SysWOW64\jwzxhaz.exe"

C:\Windows\SysWOW64\vyfmsme.exe

"C:\Windows\SysWOW64\vyfmsme.exe"

C:\Windows\SysWOW64\iohpbmj.exe

C:\Windows\system32\iohpbmj.exe 528 "C:\Windows\SysWOW64\vyfmsme.exe"

C:\Windows\SysWOW64\iohpbmj.exe

"C:\Windows\SysWOW64\iohpbmj.exe"

C:\Windows\SysWOW64\szxaopq.exe

C:\Windows\system32\szxaopq.exe 536 "C:\Windows\SysWOW64\iohpbmj.exe"

C:\Windows\SysWOW64\szxaopq.exe

"C:\Windows\SysWOW64\szxaopq.exe"

C:\Windows\SysWOW64\fmgputo.exe

C:\Windows\system32\fmgputo.exe 528 "C:\Windows\SysWOW64\szxaopq.exe"

C:\Windows\SysWOW64\fmgputo.exe

"C:\Windows\SysWOW64\fmgputo.exe"

C:\Windows\SysWOW64\srykqka.exe

C:\Windows\system32\srykqka.exe 528 "C:\Windows\SysWOW64\fmgputo.exe"

C:\Windows\SysWOW64\srykqka.exe

"C:\Windows\SysWOW64\srykqka.exe"

C:\Windows\SysWOW64\fepiwgy.exe

C:\Windows\system32\fepiwgy.exe 536 "C:\Windows\SysWOW64\srykqka.exe"

C:\Windows\SysWOW64\fepiwgy.exe

"C:\Windows\SysWOW64\fepiwgy.exe"

C:\Windows\SysWOW64\psqxmnl.exe

C:\Windows\system32\psqxmnl.exe 528 "C:\Windows\SysWOW64\fepiwgy.exe"

C:\Windows\SysWOW64\psqxmnl.exe

"C:\Windows\SysWOW64\psqxmnl.exe"

C:\Windows\SysWOW64\cjlauvr.exe

C:\Windows\system32\cjlauvr.exe 528 "C:\Windows\SysWOW64\psqxmnl.exe"

C:\Windows\SysWOW64\cjlauvr.exe

"C:\Windows\SysWOW64\cjlauvr.exe"

C:\Windows\SysWOW64\ohgcdex.exe

C:\Windows\system32\ohgcdex.exe 528 "C:\Windows\SysWOW64\cjlauvr.exe"

C:\Windows\SysWOW64\ohgcdex.exe

"C:\Windows\SysWOW64\ohgcdex.exe"

C:\Windows\SysWOW64\bbmsoib.exe

C:\Windows\system32\bbmsoib.exe 528 "C:\Windows\SysWOW64\ohgcdex.exe"

C:\Windows\SysWOW64\bbmsoib.exe

"C:\Windows\SysWOW64\bbmsoib.exe"

C:\Windows\SysWOW64\liyphhi.exe

C:\Windows\system32\liyphhi.exe 528 "C:\Windows\SysWOW64\bbmsoib.exe"

C:\Windows\SysWOW64\liyphhi.exe

"C:\Windows\SysWOW64\liyphhi.exe"

C:\Windows\SysWOW64\ycefstn.exe

C:\Windows\system32\ycefstn.exe 528 "C:\Windows\SysWOW64\liyphhi.exe"

C:\Windows\SysWOW64\ycefstn.exe

"C:\Windows\SysWOW64\ycefstn.exe"

C:\Windows\SysWOW64\lpnvypm.exe

C:\Windows\system32\lpnvypm.exe 528 "C:\Windows\SysWOW64\ycefstn.exe"

C:\Windows\SysWOW64\lpnvypm.exe

"C:\Windows\SysWOW64\lpnvypm.exe"

C:\Windows\SysWOW64\yrtdjcq.exe

C:\Windows\system32\yrtdjcq.exe 528 "C:\Windows\SysWOW64\lpnvypm.exe"

C:\Windows\SysWOW64\yrtdjcq.exe

"C:\Windows\SysWOW64\yrtdjcq.exe"

C:\Windows\SysWOW64\liwfskv.exe

C:\Windows\system32\liwfskv.exe 528 "C:\Windows\SysWOW64\yrtdjcq.exe"

C:\Windows\SysWOW64\liwfskv.exe

"C:\Windows\SysWOW64\liwfskv.exe"

C:\Windows\SysWOW64\ygribkb.exe

C:\Windows\system32\ygribkb.exe 532 "C:\Windows\SysWOW64\liwfskv.exe"

C:\Windows\SysWOW64\ygribkb.exe

"C:\Windows\SysWOW64\ygribkb.exe"

C:\Windows\SysWOW64\husfzro.exe

C:\Windows\system32\husfzro.exe 528 "C:\Windows\SysWOW64\ygribkb.exe"

C:\Windows\SysWOW64\husfzro.exe

"C:\Windows\SysWOW64\husfzro.exe"

C:\Windows\SysWOW64\ulmiham.exe

C:\Windows\system32\ulmiham.exe 528 "C:\Windows\SysWOW64\husfzro.exe"

C:\Windows\SysWOW64\ulmiham.exe

"C:\Windows\SysWOW64\ulmiham.exe"

C:\Windows\SysWOW64\ekzfsyt.exe

C:\Windows\system32\ekzfsyt.exe 536 "C:\Windows\SysWOW64\ulmiham.exe"

C:\Windows\SysWOW64\ekzfsyt.exe

"C:\Windows\SysWOW64\ekzfsyt.exe"

C:\Windows\SysWOW64\uaknzix.exe

C:\Windows\system32\uaknzix.exe 528 "C:\Windows\SysWOW64\ekzfsyt.exe"

C:\Windows\SysWOW64\uaknzix.exe

"C:\Windows\SysWOW64\uaknzix.exe"

C:\Windows\SysWOW64\hqfqhqu.exe

C:\Windows\system32\hqfqhqu.exe 528 "C:\Windows\SysWOW64\uaknzix.exe"

C:\Windows\SysWOW64\hqfqhqu.exe

"C:\Windows\SysWOW64\hqfqhqu.exe"

C:\Windows\SysWOW64\rbcautj.exe

C:\Windows\system32\rbcautj.exe 536 "C:\Windows\SysWOW64\hqfqhqu.exe"

C:\Windows\SysWOW64\rbcautj.exe

"C:\Windows\SysWOW64\rbcautj.exe"

C:\Windows\SysWOW64\dviioyn.exe

C:\Windows\system32\dviioyn.exe 528 "C:\Windows\SysWOW64\rbcautj.exe"

C:\Windows\SysWOW64\dviioyn.exe

"C:\Windows\SysWOW64\dviioyn.exe"

C:\Windows\SysWOW64\rqsyucm.exe

C:\Windows\system32\rqsyucm.exe 528 "C:\Windows\SysWOW64\dviioyn.exe"

C:\Windows\SysWOW64\rqsyucm.exe

"C:\Windows\SysWOW64\rqsyucm.exe"

C:\Windows\SysWOW64\dkynfoq.exe

C:\Windows\system32\dkynfoq.exe 528 "C:\Windows\SysWOW64\rqsyucm.exe"

C:\Windows\SysWOW64\dkynfoq.exe

"C:\Windows\SysWOW64\dkynfoq.exe"

C:\Windows\SysWOW64\qjbqoow.exe

C:\Windows\system32\qjbqoow.exe 528 "C:\Windows\SysWOW64\dkynfoq.exe"

C:\Windows\SysWOW64\qjbqoow.exe

"C:\Windows\SysWOW64\qjbqoow.exe"

C:\Windows\SysWOW64\aptoewj.exe

C:\Windows\system32\aptoewj.exe 528 "C:\Windows\SysWOW64\qjbqoow.exe"

C:\Windows\SysWOW64\aptoewj.exe

"C:\Windows\SysWOW64\aptoewj.exe"

C:\Windows\SysWOW64\nnwqmeo.exe

C:\Windows\system32\nnwqmeo.exe 528 "C:\Windows\SysWOW64\aptoewj.exe"

C:\Windows\SysWOW64\nnwqmeo.exe

"C:\Windows\SysWOW64\nnwqmeo.exe"

C:\Windows\SysWOW64\aertdem.exe

C:\Windows\system32\aertdem.exe 528 "C:\Windows\SysWOW64\nnwqmeo.exe"

C:\Windows\SysWOW64\aertdem.exe

"C:\Windows\SysWOW64\aertdem.exe"

C:\Windows\SysWOW64\mgxboqy.exe

C:\Windows\system32\mgxboqy.exe 528 "C:\Windows\SysWOW64\aertdem.exe"

C:\Windows\SysWOW64\mgxboqy.exe

"C:\Windows\SysWOW64\mgxboqy.exe"

C:\Windows\SysWOW64\ofjyzpy.exe

C:\Windows\system32\ofjyzpy.exe 528 "C:\Windows\SysWOW64\mgxboqy.exe"

C:\Windows\SysWOW64\ofjyzpy.exe

"C:\Windows\SysWOW64\ofjyzpy.exe"

C:\Windows\SysWOW64\bhpokck.exe

C:\Windows\system32\bhpokck.exe 528 "C:\Windows\SysWOW64\ofjyzpy.exe"

C:\Windows\SysWOW64\bhpokck.exe

"C:\Windows\SysWOW64\bhpokck.exe"

C:\Windows\SysWOW64\oxkqtci.exe

C:\Windows\system32\oxkqtci.exe 528 "C:\Windows\SysWOW64\bhpokck.exe"

C:\Windows\SysWOW64\oxkqtci.exe

"C:\Windows\SysWOW64\oxkqtci.exe"

C:\Windows\SysWOW64\bwftbkn.exe

C:\Windows\system32\bwftbkn.exe 528 "C:\Windows\SysWOW64\oxkqtci.exe"

C:\Windows\SysWOW64\bwftbkn.exe

"C:\Windows\SysWOW64\bwftbkn.exe"

C:\Windows\SysWOW64\lyudxnt.exe

C:\Windows\system32\lyudxnt.exe 528 "C:\Windows\SysWOW64\bwftbkn.exe"

C:\Windows\SysWOW64\lyudxnt.exe

"C:\Windows\SysWOW64\lyudxnt.exe"

C:\Windows\SysWOW64\ypxgfvz.exe

C:\Windows\system32\ypxgfvz.exe 528 "C:\Windows\SysWOW64\lyudxnt.exe"

C:\Windows\SysWOW64\ypxgfvz.exe

"C:\Windows\SysWOW64\ypxgfvz.exe"

C:\Windows\SysWOW64\krdorad.exe

C:\Windows\system32\krdorad.exe 528 "C:\Windows\SysWOW64\ypxgfvz.exe"

C:\Windows\SysWOW64\krdorad.exe

"C:\Windows\SysWOW64\krdorad.exe"

C:\Windows\SysWOW64\yenlwec.exe

C:\Windows\system32\yenlwec.exe 528 "C:\Windows\SysWOW64\krdorad.exe"

C:\Windows\SysWOW64\yenlwec.exe

"C:\Windows\SysWOW64\yenlwec.exe"

C:\Windows\SysWOW64\kgttiio.exe

C:\Windows\system32\kgttiio.exe 528 "C:\Windows\SysWOW64\yenlwec.exe"

C:\Windows\SysWOW64\kgttiio.exe

"C:\Windows\SysWOW64\kgttiio.exe"

C:\Windows\SysWOW64\xwwwqqm.exe

C:\Windows\system32\xwwwqqm.exe 528 "C:\Windows\SysWOW64\kgttiio.exe"

C:\Windows\SysWOW64\xwwwqqm.exe

"C:\Windows\SysWOW64\xwwwqqm.exe"

C:\Windows\SysWOW64\kvqzzys.exe

C:\Windows\system32\kvqzzys.exe 528 "C:\Windows\SysWOW64\xwwwqqm.exe"

C:\Windows\SysWOW64\kvqzzys.exe

"C:\Windows\SysWOW64\kvqzzys.exe"

C:\Windows\SysWOW64\ujrwxgf.exe

C:\Windows\system32\ujrwxgf.exe 528 "C:\Windows\SysWOW64\kvqzzys.exe"

C:\Windows\SysWOW64\ujrwxgf.exe

"C:\Windows\SysWOW64\ujrwxgf.exe"

C:\Windows\SysWOW64\hwjmdcd.exe

C:\Windows\system32\hwjmdcd.exe 528 "C:\Windows\SysWOW64\ujrwxgf.exe"

C:\Windows\SysWOW64\hwjmdcd.exe

"C:\Windows\SysWOW64\hwjmdcd.exe"

C:\Windows\SysWOW64\uqpbooi.exe

C:\Windows\system32\uqpbooi.exe 528 "C:\Windows\SysWOW64\hwjmdcd.exe"

C:\Windows\SysWOW64\uqpbooi.exe

"C:\Windows\SysWOW64\uqpbooi.exe"

C:\Windows\SysWOW64\daembrw.exe

C:\Windows\system32\daembrw.exe 528 "C:\Windows\SysWOW64\uqpbooi.exe"

C:\Windows\SysWOW64\daembrw.exe

"C:\Windows\SysWOW64\daembrw.exe"

C:\Windows\SysWOW64\qrzgkru.exe

C:\Windows\system32\qrzgkru.exe 536 "C:\Windows\SysWOW64\daembrw.exe"

C:\Windows\SysWOW64\qrzgkru.exe

"C:\Windows\SysWOW64\qrzgkru.exe"

C:\Windows\SysWOW64\dpujbaz.exe

C:\Windows\system32\dpujbaz.exe 536 "C:\Windows\SysWOW64\qrzgkru.exe"

C:\Windows\SysWOW64\dpujbaz.exe

"C:\Windows\SysWOW64\dpujbaz.exe"

C:\Windows\SysWOW64\qjizmme.exe

C:\Windows\system32\qjizmme.exe 528 "C:\Windows\SysWOW64\dpujbaz.exe"

C:\Windows\SysWOW64\qjizmme.exe

"C:\Windows\SysWOW64\qjizmme.exe"

C:\Windows\SysWOW64\dicbvmj.exe

C:\Windows\system32\dicbvmj.exe 528 "C:\Windows\SysWOW64\qjizmme.exe"

C:\Windows\SysWOW64\dicbvmj.exe

"C:\Windows\SysWOW64\dicbvmj.exe"

C:\Windows\SysWOW64\qyxedup.exe

C:\Windows\system32\qyxedup.exe 528 "C:\Windows\SysWOW64\dicbvmj.exe"

C:\Windows\SysWOW64\qyxedup.exe

"C:\Windows\SysWOW64\qyxedup.exe"

C:\Windows\SysWOW64\dxahmdu.exe

C:\Windows\system32\dxahmdu.exe 536 "C:\Windows\SysWOW64\qyxedup.exe"

C:\Windows\SysWOW64\dxahmdu.exe

"C:\Windows\SysWOW64\dxahmdu.exe"

C:\Windows\SysWOW64\mdtwckz.exe

C:\Windows\system32\mdtwckz.exe 528 "C:\Windows\SysWOW64\dxahmdu.exe"

C:\Windows\SysWOW64\mdtwckz.exe

"C:\Windows\SysWOW64\mdtwckz.exe"

C:\Windows\SysWOW64\zbwztkf.exe

C:\Windows\system32\zbwztkf.exe 528 "C:\Windows\SysWOW64\mdtwckz.exe"

C:\Windows\SysWOW64\zbwztkf.exe

"C:\Windows\SysWOW64\zbwztkf.exe"

C:\Windows\SysWOW64\mofxyoe.exe

C:\Windows\system32\mofxyoe.exe 528 "C:\Windows\SysWOW64\zbwztkf.exe"

C:\Windows\SysWOW64\mofxyoe.exe

"C:\Windows\SysWOW64\mofxyoe.exe"

C:\Windows\SysWOW64\wdgmowr.exe

C:\Windows\system32\wdgmowr.exe 528 "C:\Windows\SysWOW64\mofxyoe.exe"

C:\Windows\SysWOW64\wdgmowr.exe

"C:\Windows\SysWOW64\wdgmowr.exe"

C:\Windows\SysWOW64\jtjpxww.exe

C:\Windows\system32\jtjpxww.exe 528 "C:\Windows\SysWOW64\wdgmowr.exe"

C:\Windows\SysWOW64\jtjpxww.exe

"C:\Windows\SysWOW64\jtjpxww.exe"

C:\Windows\SysWOW64\wvpeiib.exe

C:\Windows\system32\wvpeiib.exe 528 "C:\Windows\SysWOW64\jtjpxww.exe"

C:\Windows\SysWOW64\wvpeiib.exe

"C:\Windows\SysWOW64\wvpeiib.exe"

C:\Windows\SysWOW64\gutcbhi.exe

C:\Windows\system32\gutcbhi.exe 528 "C:\Windows\SysWOW64\wvpeiib.exe"

C:\Windows\SysWOW64\gutcbhi.exe

"C:\Windows\SysWOW64\gutcbhi.exe"

C:\Windows\SysWOW64\wzbxxmf.exe

C:\Windows\system32\wzbxxmf.exe 528 "C:\Windows\SysWOW64\gutcbhi.exe"

C:\Windows\SysWOW64\wzbxxmf.exe

"C:\Windows\SysWOW64\wzbxxmf.exe"

C:\Windows\SysWOW64\ibhmqzj.exe

C:\Windows\system32\ibhmqzj.exe 528 "C:\Windows\SysWOW64\wzbxxmf.exe"

C:\Windows\SysWOW64\ibhmqzj.exe

"C:\Windows\SysWOW64\ibhmqzj.exe"

C:\Windows\SysWOW64\vrcpzhp.exe

C:\Windows\system32\vrcpzhp.exe 528 "C:\Windows\SysWOW64\ibhmqzj.exe"

C:\Windows\SysWOW64\vrcpzhp.exe

"C:\Windows\SysWOW64\vrcpzhp.exe"

C:\Windows\SysWOW64\fcrrmkv.exe

C:\Windows\system32\fcrrmkv.exe 528 "C:\Windows\SysWOW64\vrcpzhp.exe"

C:\Windows\SysWOW64\fcrrmkv.exe

"C:\Windows\SysWOW64\fcrrmkv.exe"

C:\Windows\SysWOW64\sexhxoz.exe

C:\Windows\system32\sexhxoz.exe 528 "C:\Windows\SysWOW64\fcrrmkv.exe"

C:\Windows\SysWOW64\sexhxoz.exe

"C:\Windows\SysWOW64\sexhxoz.exe"

C:\Windows\SysWOW64\fuskgxf.exe

C:\Windows\system32\fuskgxf.exe 528 "C:\Windows\SysWOW64\sexhxoz.exe"

C:\Windows\SysWOW64\fuskgxf.exe

"C:\Windows\SysWOW64\fuskgxf.exe"

C:\Windows\SysWOW64\pxpubal.exe

C:\Windows\system32\pxpubal.exe 536 "C:\Windows\SysWOW64\fuskgxf.exe"

C:\Windows\SysWOW64\pxpubal.exe

"C:\Windows\SysWOW64\pxpubal.exe"

C:\Windows\SysWOW64\enbcajp.exe

C:\Windows\system32\enbcajp.exe 528 "C:\Windows\SysWOW64\pxpubal.exe"

C:\Windows\SysWOW64\enbcajp.exe

"C:\Windows\SysWOW64\enbcajp.exe"

C:\Windows\SysWOW64\omfatiw.exe

C:\Windows\system32\omfatiw.exe 536 "C:\Windows\SysWOW64\enbcajp.exe"

C:\Windows\SysWOW64\omfatiw.exe

"C:\Windows\SysWOW64\omfatiw.exe"

C:\Windows\SysWOW64\bolhevb.exe

C:\Windows\system32\bolhevb.exe 528 "C:\Windows\SysWOW64\omfatiw.exe"

C:\Windows\SysWOW64\bolhevb.exe

"C:\Windows\SysWOW64\bolhevb.exe"

C:\Windows\SysWOW64\oeoknvg.exe

C:\Windows\system32\oeoknvg.exe 528 "C:\Windows\SysWOW64\bolhevb.exe"

C:\Windows\SysWOW64\oeoknvg.exe

"C:\Windows\SysWOW64\oeoknvg.exe"

C:\Windows\SysWOW64\bdjnvdm.exe

C:\Windows\system32\bdjnvdm.exe 536 "C:\Windows\SysWOW64\oeoknvg.exe"

C:\Windows\SysWOW64\bdjnvdm.exe

"C:\Windows\SysWOW64\bdjnvdm.exe"

C:\Windows\SysWOW64\otepelj.exe

C:\Windows\system32\otepelj.exe 536 "C:\Windows\SysWOW64\bdjnvdm.exe"

C:\Windows\SysWOW64\otepelj.exe

"C:\Windows\SysWOW64\otepelj.exe"

C:\Windows\SysWOW64\yetazoy.exe

C:\Windows\system32\yetazoy.exe 532 "C:\Windows\SysWOW64\otepelj.exe"

C:\Windows\SysWOW64\yetazoy.exe

"C:\Windows\SysWOW64\yetazoy.exe"

C:\Windows\SysWOW64\luwciov.exe

C:\Windows\system32\luwciov.exe 528 "C:\Windows\SysWOW64\yetazoy.exe"

C:\Windows\SysWOW64\luwciov.exe

"C:\Windows\SysWOW64\luwciov.exe"

C:\Windows\SysWOW64\vflnvrk.exe

C:\Windows\system32\vflnvrk.exe 536 "C:\Windows\SysWOW64\luwciov.exe"

C:\Windows\SysWOW64\vflnvrk.exe

"C:\Windows\SysWOW64\vflnvrk.exe"

C:\Windows\SysWOW64\knxvcjf.exe

C:\Windows\system32\knxvcjf.exe 536 "C:\Windows\SysWOW64\vflnvrk.exe"

C:\Windows\SysWOW64\knxvcjf.exe

"C:\Windows\SysWOW64\knxvcjf.exe"

C:\Windows\SysWOW64\uxmfpeu.exe

C:\Windows\system32\uxmfpeu.exe 528 "C:\Windows\SysWOW64\knxvcjf.exe"

C:\Windows\SysWOW64\uxmfpeu.exe

"C:\Windows\SysWOW64\uxmfpeu.exe"

C:\Windows\SysWOW64\hrsniry.exe

C:\Windows\system32\hrsniry.exe 528 "C:\Windows\SysWOW64\uxmfpeu.exe"

C:\Windows\SysWOW64\hrsniry.exe

"C:\Windows\SysWOW64\hrsniry.exe"

C:\Windows\SysWOW64\uekdoux.exe

C:\Windows\system32\uekdoux.exe 536 "C:\Windows\SysWOW64\hrsniry.exe"

C:\Windows\SysWOW64\uekdoux.exe

"C:\Windows\SysWOW64\uekdoux.exe"

C:\Windows\SysWOW64\hdefxvc.exe

C:\Windows\system32\hdefxvc.exe 536 "C:\Windows\SysWOW64\uekdoux.exe"

C:\Windows\SysWOW64\hdefxvc.exe

"C:\Windows\SysWOW64\hdefxvc.exe"

C:\Windows\SysWOW64\ufkvihh.exe

C:\Windows\system32\ufkvihh.exe 528 "C:\Windows\SysWOW64\hdefxvc.exe"

C:\Windows\SysWOW64\ufkvihh.exe

"C:\Windows\SysWOW64\ufkvihh.exe"

C:\Windows\SysWOW64\yvnyrpm.exe

C:\Windows\system32\yvnyrpm.exe 528 "C:\Windows\SysWOW64\ufkvihh.exe"

C:\Windows\SysWOW64\yvnyrpm.exe

"C:\Windows\SysWOW64\yvnyrpm.exe"

C:\Windows\SysWOW64\iydiess.exe

C:\Windows\system32\iydiess.exe 528 "C:\Windows\SysWOW64\yvnyrpm.exe"

C:\Windows\SysWOW64\iydiess.exe

"C:\Windows\SysWOW64\iydiess.exe"

C:\Windows\SysWOW64\vwxlnsy.exe

C:\Windows\system32\vwxlnsy.exe 528 "C:\Windows\SysWOW64\iydiess.exe"

C:\Windows\SysWOW64\vwxlnsy.exe

"C:\Windows\SysWOW64\vwxlnsy.exe"

C:\Windows\SysWOW64\inanvbw.exe

C:\Windows\system32\inanvbw.exe 528 "C:\Windows\SysWOW64\vwxlnsy.exe"

C:\Windows\SysWOW64\inanvbw.exe

"C:\Windows\SysWOW64\inanvbw.exe"

C:\Windows\SysWOW64\vskirjh.exe

C:\Windows\system32\vskirjh.exe 528 "C:\Windows\SysWOW64\inanvbw.exe"

C:\Windows\SysWOW64\vskirjh.exe

"C:\Windows\SysWOW64\vskirjh.exe"

C:\Windows\SysWOW64\fswfcio.exe

C:\Windows\system32\fswfcio.exe 532 "C:\Windows\SysWOW64\vskirjh.exe"

C:\Windows\SysWOW64\fswfcio.exe

"C:\Windows\SysWOW64\fswfcio.exe"

C:\Windows\SysWOW64\sqqikqu.exe

C:\Windows\system32\sqqikqu.exe 528 "C:\Windows\SysWOW64\fswfcio.exe"

C:\Windows\SysWOW64\sqqikqu.exe

"C:\Windows\SysWOW64\sqqikqu.exe"

C:\Windows\SysWOW64\fhlltzr.exe

C:\Windows\system32\fhlltzr.exe 528 "C:\Windows\SysWOW64\sqqikqu.exe"

C:\Windows\SysWOW64\fhlltzr.exe

"C:\Windows\SysWOW64\fhlltzr.exe"

C:\Windows\SysWOW64\rjraede.exe

C:\Windows\system32\rjraede.exe 528 "C:\Windows\SysWOW64\fhlltzr.exe"

C:\Windows\SysWOW64\rjraede.exe

"C:\Windows\SysWOW64\rjraede.exe"

C:\Windows\SysWOW64\ewjqkhc.exe

C:\Windows\system32\ewjqkhc.exe 528 "C:\Windows\SysWOW64\rjraede.exe"

C:\Windows\SysWOW64\ewjqkhc.exe

"C:\Windows\SysWOW64\ewjqkhc.exe"

C:\Windows\SysWOW64\okkoioq.exe

C:\Windows\system32\okkoioq.exe 528 "C:\Windows\SysWOW64\ewjqkhc.exe"

C:\Windows\SysWOW64\okkoioq.exe

"C:\Windows\SysWOW64\okkoioq.exe"

C:\Windows\SysWOW64\baeqrwn.exe

C:\Windows\system32\baeqrwn.exe 528 "C:\Windows\SysWOW64\okkoioq.exe"

C:\Windows\SysWOW64\baeqrwn.exe

"C:\Windows\SysWOW64\baeqrwn.exe"

C:\Windows\SysWOW64\ozhtzxt.exe

C:\Windows\system32\ozhtzxt.exe 528 "C:\Windows\SysWOW64\baeqrwn.exe"

C:\Windows\SysWOW64\ozhtzxt.exe

"C:\Windows\SysWOW64\ozhtzxt.exe"

C:\Windows\SysWOW64\bpcwify.exe

C:\Windows\system32\bpcwify.exe 528 "C:\Windows\SysWOW64\ozhtzxt.exe"

C:\Windows\SysWOW64\bpcwify.exe

"C:\Windows\SysWOW64\bpcwify.exe"

C:\Windows\SysWOW64\ogxqrnw.exe

C:\Windows\system32\ogxqrnw.exe 528 "C:\Windows\SysWOW64\bpcwify.exe"

C:\Windows\SysWOW64\ogxqrnw.exe

"C:\Windows\SysWOW64\ogxqrnw.exe"

C:\Windows\SysWOW64\yqmbmik.exe

C:\Windows\system32\yqmbmik.exe 528 "C:\Windows\SysWOW64\ogxqrnw.exe"

C:\Windows\SysWOW64\yqmbmik.exe

"C:\Windows\SysWOW64\yqmbmik.exe"

C:\Windows\SysWOW64\kssqxvo.exe

C:\Windows\system32\kssqxvo.exe 528 "C:\Windows\SysWOW64\yqmbmik.exe"

C:\Windows\SysWOW64\kssqxvo.exe

"C:\Windows\SysWOW64\kssqxvo.exe"

C:\Windows\SysWOW64\xjvtgdu.exe

C:\Windows\system32\xjvtgdu.exe 528 "C:\Windows\SysWOW64\kssqxvo.exe"

C:\Windows\SysWOW64\xjvtgdu.exe

"C:\Windows\SysWOW64\xjvtgdu.exe"

C:\Windows\SysWOW64\kzqwodr.exe

C:\Windows\system32\kzqwodr.exe 528 "C:\Windows\SysWOW64\xjvtgdu.exe"

C:\Windows\SysWOW64\kzqwodr.exe

"C:\Windows\SysWOW64\kzqwodr.exe"

C:\Windows\SysWOW64\ukfgcgg.exe

C:\Windows\system32\ukfgcgg.exe 528 "C:\Windows\SysWOW64\kzqwodr.exe"

C:\Windows\SysWOW64\ukfgcgg.exe

"C:\Windows\SysWOW64\ukfgcgg.exe"

C:\Windows\SysWOW64\hmlonsk.exe

C:\Windows\system32\hmlonsk.exe 528 "C:\Windows\SysWOW64\ukfgcgg.exe"

C:\Windows\SysWOW64\hmlonsk.exe

"C:\Windows\SysWOW64\hmlonsk.exe"

C:\Windows\SysWOW64\ucoqebq.exe

C:\Windows\system32\ucoqebq.exe 528 "C:\Windows\SysWOW64\hmlonsk.exe"

C:\Windows\SysWOW64\ucoqebq.exe

"C:\Windows\SysWOW64\ucoqebq.exe"

C:\Windows\SysWOW64\gtjtmbn.exe

C:\Windows\system32\gtjtmbn.exe 528 "C:\Windows\SysWOW64\ucoqebq.exe"

C:\Windows\SysWOW64\gtjtmbn.exe

"C:\Windows\SysWOW64\gtjtmbn.exe"

C:\Windows\SysWOW64\trewvjt.exe

C:\Windows\system32\trewvjt.exe 528 "C:\Windows\SysWOW64\gtjtmbn.exe"

C:\Windows\SysWOW64\trewvjt.exe

"C:\Windows\SysWOW64\trewvjt.exe"

C:\Windows\SysWOW64\gihzery.exe

C:\Windows\system32\gihzery.exe 528 "C:\Windows\SysWOW64\trewvjt.exe"

C:\Windows\SysWOW64\gihzery.exe

"C:\Windows\SysWOW64\gihzery.exe"

C:\Windows\SysWOW64\qhlwoqg.exe

C:\Windows\system32\qhlwoqg.exe 528 "C:\Windows\SysWOW64\gihzery.exe"

C:\Windows\SysWOW64\qhlwoqg.exe

"C:\Windows\SysWOW64\qhlwoqg.exe"

C:\Windows\SysWOW64\avltmpl.exe

C:\Windows\system32\avltmpl.exe 528 "C:\Windows\SysWOW64\qhlwoqg.exe"

C:\Windows\SysWOW64\avltmpl.exe

"C:\Windows\SysWOW64\avltmpl.exe"

C:\Windows\SysWOW64\qhloidq.exe

C:\Windows\system32\qhloidq.exe 528 "C:\Windows\SysWOW64\avltmpl.exe"

C:\Windows\SysWOW64\qhloidq.exe

"C:\Windows\SysWOW64\qhloidq.exe"

C:\Windows\SysWOW64\akjzdgw.exe

C:\Windows\system32\akjzdgw.exe 528 "C:\Windows\SysWOW64\qhloidq.exe"

C:\Windows\SysWOW64\akjzdgw.exe

"C:\Windows\SysWOW64\akjzdgw.exe"

C:\Windows\SysWOW64\naebmgc.exe

C:\Windows\system32\naebmgc.exe 528 "C:\Windows\SysWOW64\akjzdgw.exe"

C:\Windows\SysWOW64\naebmgc.exe

"C:\Windows\SysWOW64\naebmgc.exe"

C:\Windows\SysWOW64\azyeuoz.exe

C:\Windows\system32\azyeuoz.exe 528 "C:\Windows\SysWOW64\naebmgc.exe"

C:\Windows\SysWOW64\azyeuoz.exe

"C:\Windows\SysWOW64\azyeuoz.exe"

C:\Windows\SysWOW64\kcooiro.exe

C:\Windows\system32\kcooiro.exe 528 "C:\Windows\SysWOW64\azyeuoz.exe"

C:\Windows\SysWOW64\kcooiro.exe

"C:\Windows\SysWOW64\kcooiro.exe"

C:\Windows\SysWOW64\weuwbws.exe

C:\Windows\system32\weuwbws.exe 528 "C:\Windows\SysWOW64\kcooiro.exe"

C:\Windows\SysWOW64\weuwbws.exe

"C:\Windows\SysWOW64\weuwbws.exe"

C:\Windows\SysWOW64\jrlmhzr.exe

C:\Windows\system32\jrlmhzr.exe 528 "C:\Windows\SysWOW64\weuwbws.exe"

C:\Windows\SysWOW64\jrlmhzr.exe

"C:\Windows\SysWOW64\jrlmhzr.exe"

C:\Windows\SysWOW64\tfmjxhe.exe

C:\Windows\system32\tfmjxhe.exe 528 "C:\Windows\SysWOW64\jrlmhzr.exe"

C:\Windows\SysWOW64\tfmjxhe.exe

"C:\Windows\SysWOW64\tfmjxhe.exe"

C:\Windows\SysWOW64\deqhhgl.exe

C:\Windows\system32\deqhhgl.exe 520 "C:\Windows\SysWOW64\tfmjxhe.exe"

C:\Windows\SysWOW64\deqhhgl.exe

"C:\Windows\SysWOW64\deqhhgl.exe"

C:\Windows\SysWOW64\qctjqoj.exe

C:\Windows\system32\qctjqoj.exe 528 "C:\Windows\SysWOW64\deqhhgl.exe"

C:\Windows\SysWOW64\qctjqoj.exe

"C:\Windows\SysWOW64\qctjqoj.exe"

C:\Windows\SysWOW64\dtomhoo.exe

C:\Windows\system32\dtomhoo.exe 528 "C:\Windows\SysWOW64\qctjqoj.exe"

C:\Windows\SysWOW64\dtomhoo.exe

"C:\Windows\SysWOW64\dtomhoo.exe"

C:\Windows\SysWOW64\qjjppwu.exe

C:\Windows\system32\qjjppwu.exe 528 "C:\Windows\SysWOW64\dtomhoo.exe"

C:\Windows\SysWOW64\qjjppwu.exe

"C:\Windows\SysWOW64\qjjppwu.exe"

C:\Windows\SysWOW64\dilryer.exe

C:\Windows\system32\dilryer.exe 528 "C:\Windows\SysWOW64\qjjppwu.exe"

C:\Windows\SysWOW64\dilryer.exe

"C:\Windows\SysWOW64\dilryer.exe"

C:\Windows\SysWOW64\qkshjje.exe

C:\Windows\system32\qkshjje.exe 528 "C:\Windows\SysWOW64\dilryer.exe"

C:\Windows\SysWOW64\qkshjje.exe

"C:\Windows\SysWOW64\qkshjje.exe"

C:\Windows\SysWOW64\ajweuil.exe

C:\Windows\system32\ajweuil.exe 528 "C:\Windows\SysWOW64\qkshjje.exe"

C:\Windows\SysWOW64\ajweuil.exe

"C:\Windows\SysWOW64\ajweuil.exe"

C:\Windows\SysWOW64\nzyhcqj.exe

C:\Windows\system32\nzyhcqj.exe 528 "C:\Windows\SysWOW64\ajweuil.exe"

C:\Windows\SysWOW64\nzyhcqj.exe

"C:\Windows\SysWOW64\nzyhcqj.exe"

C:\Windows\SysWOW64\zbfpoun.exe

C:\Windows\system32\zbfpoun.exe 528 "C:\Windows\SysWOW64\nzyhcqj.exe"

C:\Windows\SysWOW64\zbfpoun.exe

"C:\Windows\SysWOW64\zbfpoun.exe"

C:\Windows\SysWOW64\mszsect.exe

C:\Windows\system32\mszsect.exe 536 "C:\Windows\SysWOW64\zbfpoun.exe"

C:\Windows\SysWOW64\mszsect.exe

"C:\Windows\SysWOW64\mszsect.exe"

C:\Windows\SysWOW64\wcpcrgz.exe

C:\Windows\system32\wcpcrgz.exe 528 "C:\Windows\SysWOW64\mszsect.exe"

C:\Windows\SysWOW64\wcpcrgz.exe

"C:\Windows\SysWOW64\wcpcrgz.exe"

C:\Windows\SysWOW64\jwvsdsl.exe

C:\Windows\system32\jwvsdsl.exe 536 "C:\Windows\SysWOW64\wcpcrgz.exe"

C:\Windows\SysWOW64\jwvsdsl.exe

"C:\Windows\SysWOW64\jwvsdsl.exe"

C:\Windows\SysWOW64\wvqulsj.exe

C:\Windows\system32\wvqulsj.exe 528 "C:\Windows\SysWOW64\jwvsdsl.exe"

C:\Windows\SysWOW64\wvqulsj.exe

"C:\Windows\SysWOW64\wvqulsj.exe"

C:\Windows\SysWOW64\jlsxuap.exe

C:\Windows\system32\jlsxuap.exe 528 "C:\Windows\SysWOW64\wvqulsj.exe"

C:\Windows\SysWOW64\jlsxuap.exe

"C:\Windows\SysWOW64\jlsxuap.exe"

C:\Windows\SysWOW64\nknadju.exe

C:\Windows\system32\nknadju.exe 528 "C:\Windows\SysWOW64\jlsxuap.exe"

C:\Windows\SysWOW64\nknadju.exe

"C:\Windows\SysWOW64\nknadju.exe"

C:\Windows\SysWOW64\xmdkyma.exe

C:\Windows\system32\xmdkyma.exe 528 "C:\Windows\SysWOW64\nknadju.exe"

C:\Windows\SysWOW64\xmdkyma.exe

"C:\Windows\SysWOW64\xmdkyma.exe"

C:\Windows\SysWOW64\hmphici.exe

C:\Windows\system32\hmphici.exe 528 "C:\Windows\SysWOW64\xmdkyma.exe"

C:\Windows\SysWOW64\hmphici.exe

"C:\Windows\SysWOW64\hmphici.exe"

C:\Windows\SysWOW64\rweswgo.exe

C:\Windows\system32\rweswgo.exe 528 "C:\Windows\SysWOW64\hmphici.exe"

C:\Windows\SysWOW64\rweswgo.exe

"C:\Windows\SysWOW64\rweswgo.exe"

C:\Windows\SysWOW64\fjoijjn.exe

C:\Windows\system32\fjoijjn.exe 528 "C:\Windows\SysWOW64\rweswgo.exe"

C:\Windows\SysWOW64\fjoijjn.exe

"C:\Windows\SysWOW64\fjoijjn.exe"

C:\Windows\SysWOW64\raqksst.exe

C:\Windows\system32\raqksst.exe 528 "C:\Windows\SysWOW64\fjoijjn.exe"

C:\Windows\SysWOW64\raqksst.exe

"C:\Windows\SysWOW64\raqksst.exe"

C:\Windows\SysWOW64\boraizg.exe

C:\Windows\system32\boraizg.exe 528 "C:\Windows\SysWOW64\raqksst.exe"

C:\Windows\SysWOW64\boraizg.exe

"C:\Windows\SysWOW64\boraizg.exe"

C:\Windows\SysWOW64\mjksqtg.exe

C:\Windows\system32\mjksqtg.exe 520 "C:\Windows\SysWOW64\boraizg.exe"

C:\Windows\SysWOW64\mjksqtg.exe

"C:\Windows\SysWOW64\mjksqtg.exe"

C:\Windows\SysWOW64\vuhclxv.exe

C:\Windows\system32\vuhclxv.exe 528 "C:\Windows\SysWOW64\mjksqtg.exe"

C:\Windows\SysWOW64\vuhclxv.exe

"C:\Windows\SysWOW64\vuhclxv.exe"

C:\Windows\SysWOW64\lyixpcs.exe

C:\Windows\system32\lyixpcs.exe 528 "C:\Windows\SysWOW64\vuhclxv.exe"

C:\Windows\SysWOW64\lyixpcs.exe

"C:\Windows\SysWOW64\lyixpcs.exe"

C:\Windows\SysWOW64\vbxicfy.exe

C:\Windows\system32\vbxicfy.exe 528 "C:\Windows\SysWOW64\lyixpcs.exe"

C:\Windows\SysWOW64\vbxicfy.exe

"C:\Windows\SysWOW64\vbxicfy.exe"

C:\Windows\SysWOW64\iddpnjc.exe

C:\Windows\system32\iddpnjc.exe 536 "C:\Windows\SysWOW64\vbxicfy.exe"

C:\Windows\SysWOW64\iddpnjc.exe

"C:\Windows\SysWOW64\iddpnjc.exe"

C:\Windows\SysWOW64\vqvftnb.exe

C:\Windows\system32\vqvftnb.exe 528 "C:\Windows\SysWOW64\iddpnjc.exe"

C:\Windows\SysWOW64\vqvftnb.exe

"C:\Windows\SysWOW64\vqvftnb.exe"

C:\Windows\SysWOW64\fevdrvo.exe

C:\Windows\system32\fevdrvo.exe 528 "C:\Windows\SysWOW64\vqvftnb.exe"

C:\Windows\SysWOW64\fevdrvo.exe

"C:\Windows\SysWOW64\fevdrvo.exe"

C:\Windows\SysWOW64\suqfadu.exe

C:\Windows\system32\suqfadu.exe 520 "C:\Windows\SysWOW64\fevdrvo.exe"

C:\Windows\SysWOW64\suqfadu.exe

"C:\Windows\SysWOW64\suqfadu.exe"

C:\Windows\SysWOW64\fpivgzs.exe

C:\Windows\system32\fpivgzs.exe 528 "C:\Windows\SysWOW64\suqfadu.exe"

C:\Windows\SysWOW64\fpivgzs.exe

"C:\Windows\SysWOW64\fpivgzs.exe"

C:\Windows\SysWOW64\owiswgg.exe

C:\Windows\system32\owiswgg.exe 528 "C:\Windows\SysWOW64\fpivgzs.exe"

C:\Windows\SysWOW64\owiswgg.exe

"C:\Windows\SysWOW64\owiswgg.exe"

C:\Windows\SysWOW64\budveol.exe

C:\Windows\system32\budveol.exe 528 "C:\Windows\SysWOW64\owiswgg.exe"

C:\Windows\SysWOW64\budveol.exe

"C:\Windows\SysWOW64\budveol.exe"

C:\Windows\SysWOW64\rcodlyh.exe

C:\Windows\system32\rcodlyh.exe 528 "C:\Windows\SysWOW64\budveol.exe"

C:\Windows\SysWOW64\rcodlyh.exe

"C:\Windows\SysWOW64\rcodlyh.exe"

C:\Windows\SysWOW64\bjbavxo.exe

C:\Windows\system32\bjbavxo.exe 528 "C:\Windows\SysWOW64\rcodlyh.exe"

C:\Windows\SysWOW64\bjbavxo.exe

"C:\Windows\SysWOW64\bjbavxo.exe"

C:\Windows\SysWOW64\lmqlrav.exe

C:\Windows\system32\lmqlrav.exe 528 "C:\Windows\SysWOW64\bjbavxo.exe"

C:\Windows\SysWOW64\lmqlrav.exe

"C:\Windows\SysWOW64\lmqlrav.exe"

C:\Windows\SysWOW64\yzabxeb.exe

C:\Windows\system32\yzabxeb.exe 528 "C:\Windows\SysWOW64\lmqlrav.exe"

C:\Windows\SysWOW64\yzabxeb.exe

"C:\Windows\SysWOW64\yzabxeb.exe"

C:\Windows\SysWOW64\lbgiiig.exe

C:\Windows\system32\lbgiiig.exe 528 "C:\Windows\SysWOW64\yzabxeb.exe"

C:\Windows\SysWOW64\lbgiiig.exe

"C:\Windows\SysWOW64\lbgiiig.exe"

C:\Windows\SysWOW64\vasoshn.exe

C:\Windows\system32\vasoshn.exe 528 "C:\Windows\SysWOW64\lbgiiig.exe"

C:\Windows\SysWOW64\vasoshn.exe

"C:\Windows\SysWOW64\vasoshn.exe"

C:\Windows\SysWOW64\icyvmtr.exe

C:\Windows\system32\icyvmtr.exe 528 "C:\Windows\SysWOW64\vasoshn.exe"

C:\Windows\SysWOW64\icyvmtr.exe

"C:\Windows\SysWOW64\icyvmtr.exe"

C:\Windows\SysWOW64\vstyubx.exe

C:\Windows\system32\vstyubx.exe 528 "C:\Windows\SysWOW64\icyvmtr.exe"

C:\Windows\SysWOW64\vstyubx.exe

"C:\Windows\SysWOW64\vstyubx.exe"

C:\Windows\SysWOW64\fdiiifd.exe

C:\Windows\system32\fdiiifd.exe 528 "C:\Windows\SysWOW64\vstyubx.exe"

C:\Windows\SysWOW64\fdiiifd.exe

"C:\Windows\SysWOW64\fdiiifd.exe"

C:\Windows\SysWOW64\pcugsdl.exe

C:\Windows\system32\pcugsdl.exe 528 "C:\Windows\SysWOW64\fdiiifd.exe"

C:\Windows\SysWOW64\pcugsdl.exe

"C:\Windows\SysWOW64\pcugsdl.exe"

C:\Windows\SysWOW64\cpevyzk.exe

C:\Windows\system32\cpevyzk.exe 528 "C:\Windows\SysWOW64\pcugsdl.exe"

C:\Windows\SysWOW64\cpevyzk.exe

"C:\Windows\SysWOW64\cpevyzk.exe"

C:\Windows\SysWOW64\ldetwhx.exe

C:\Windows\system32\ldetwhx.exe 528 "C:\Windows\SysWOW64\cpevyzk.exe"

C:\Windows\SysWOW64\ldetwhx.exe

"C:\Windows\SysWOW64\ldetwhx.exe"

C:\Windows\SysWOW64\wcqqgfw.exe

C:\Windows\system32\wcqqgfw.exe 528 "C:\Windows\SysWOW64\ldetwhx.exe"

C:\Windows\SysWOW64\wcqqgfw.exe

"C:\Windows\SysWOW64\wcqqgfw.exe"

C:\Windows\SysWOW64\jpagmjd.exe

C:\Windows\system32\jpagmjd.exe 528 "C:\Windows\SysWOW64\wcqqgfw.exe"

C:\Windows\SysWOW64\jpagmjd.exe

"C:\Windows\SysWOW64\jpagmjd.exe"

C:\Windows\SysWOW64\wodjvjb.exe

C:\Windows\system32\wodjvjb.exe 528 "C:\Windows\SysWOW64\jpagmjd.exe"

C:\Windows\SysWOW64\wodjvjb.exe

"C:\Windows\SysWOW64\wodjvjb.exe"

C:\Windows\SysWOW64\gqstqnp.exe

C:\Windows\system32\gqstqnp.exe 528 "C:\Windows\SysWOW64\wodjvjb.exe"

C:\Windows\SysWOW64\gqstqnp.exe

"C:\Windows\SysWOW64\gqstqnp.exe"

C:\Windows\SysWOW64\spnwyvn.exe

C:\Windows\system32\spnwyvn.exe 536 "C:\Windows\SysWOW64\gqstqnp.exe"

C:\Windows\SysWOW64\spnwyvn.exe

"C:\Windows\SysWOW64\spnwyvn.exe"

C:\Windows\SysWOW64\crcgmyb.exe

C:\Windows\system32\crcgmyb.exe 528 "C:\Windows\SysWOW64\spnwyvn.exe"

C:\Windows\SysWOW64\crcgmyb.exe

"C:\Windows\SysWOW64\crcgmyb.exe"

C:\Windows\SysWOW64\qeuwsca.exe

C:\Windows\system32\qeuwsca.exe 528 "C:\Windows\SysWOW64\crcgmyb.exe"

C:\Windows\SysWOW64\qeuwsca.exe

"C:\Windows\SysWOW64\qeuwsca.exe"

C:\Windows\SysWOW64\zsutqbn.exe

C:\Windows\system32\zsutqbn.exe 528 "C:\Windows\SysWOW64\qeuwsca.exe"

C:\Windows\SysWOW64\zsutqbn.exe

"C:\Windows\SysWOW64\zsutqbn.exe"

C:\Windows\SysWOW64\jrzraam.exe

C:\Windows\system32\jrzraam.exe 528 "C:\Windows\SysWOW64\zsutqbn.exe"

C:\Windows\SysWOW64\jrzraam.exe

"C:\Windows\SysWOW64\jrzraam.exe"

C:\Windows\SysWOW64\zehmenr.exe

C:\Windows\system32\zehmenr.exe 528 "C:\Windows\SysWOW64\jrzraam.exe"

C:\Windows\SysWOW64\zehmenr.exe

"C:\Windows\SysWOW64\zehmenr.exe"

C:\Windows\SysWOW64\jkzjuvw.exe

C:\Windows\system32\jkzjuvw.exe 528 "C:\Windows\SysWOW64\zehmenr.exe"

C:\Windows\SysWOW64\jkzjuvw.exe

"C:\Windows\SysWOW64\jkzjuvw.exe"

C:\Windows\SysWOW64\zwieyat.exe

C:\Windows\system32\zwieyat.exe 536 "C:\Windows\SysWOW64\jkzjuvw.exe"

C:\Windows\SysWOW64\zwieyat.exe

"C:\Windows\SysWOW64\zwieyat.exe"

C:\Windows\SysWOW64\jzxoldh.exe

C:\Windows\system32\jzxoldh.exe 536 "C:\Windows\SysWOW64\zwieyat.exe"

C:\Windows\SysWOW64\jzxoldh.exe

"C:\Windows\SysWOW64\jzxoldh.exe"

C:\Windows\SysWOW64\wxsrcln.exe

C:\Windows\system32\wxsrcln.exe 528 "C:\Windows\SysWOW64\jzxoldh.exe"

C:\Windows\SysWOW64\wxsrcln.exe

"C:\Windows\SysWOW64\wxsrcln.exe"

C:\Windows\SysWOW64\gaptpot.exe

C:\Windows\system32\gaptpot.exe 536 "C:\Windows\SysWOW64\wxsrcln.exe"

C:\Windows\SysWOW64\gaptpot.exe

"C:\Windows\SysWOW64\gaptpot.exe"

C:\Windows\SysWOW64\tnzrvks.exe

C:\Windows\system32\tnzrvks.exe 528 "C:\Windows\SysWOW64\gaptpot.exe"

C:\Windows\SysWOW64\tnzrvks.exe

"C:\Windows\SysWOW64\tnzrvks.exe"

C:\Windows\SysWOW64\cbzhlrf.exe

C:\Windows\system32\cbzhlrf.exe 528 "C:\Windows\SysWOW64\tnzrvks.exe"

C:\Windows\SysWOW64\cbzhlrf.exe

"C:\Windows\SysWOW64\cbzhlrf.exe"

C:\Windows\SysWOW64\famedqn.exe

C:\Windows\system32\famedqn.exe 528 "C:\Windows\SysWOW64\cbzhlrf.exe"

C:\Windows\SysWOW64\famedqn.exe

"C:\Windows\SysWOW64\famedqn.exe"

C:\Windows\SysWOW64\rzghmyk.exe

C:\Windows\system32\rzghmyk.exe 536 "C:\Windows\SysWOW64\famedqn.exe"

C:\Windows\SysWOW64\rzghmyk.exe

"C:\Windows\SysWOW64\rzghmyk.exe"

C:\Windows\SysWOW64\fmqesuj.exe

C:\Windows\system32\fmqesuj.exe 528 "C:\Windows\SysWOW64\rzghmyk.exe"

C:\Windows\SysWOW64\fmqesuj.exe

"C:\Windows\SysWOW64\fmqesuj.exe"

C:\Windows\SysWOW64\oonhfxx.exe

C:\Windows\system32\oonhfxx.exe 540 "C:\Windows\SysWOW64\fmqesuj.exe"

C:\Windows\SysWOW64\oonhfxx.exe

"C:\Windows\SysWOW64\oonhfxx.exe"

C:\Windows\SysWOW64\bnijngd.exe

C:\Windows\system32\bnijngd.exe 528 "C:\Windows\SysWOW64\oonhfxx.exe"

C:\Windows\SysWOW64\bnijngd.exe

"C:\Windows\SysWOW64\bnijngd.exe"

C:\Windows\SysWOW64\mmmpgec.exe

C:\Windows\system32\mmmpgec.exe 536 "C:\Windows\SysWOW64\bnijngd.exe"

C:\Windows\SysWOW64\mmmpgec.exe

"C:\Windows\SysWOW64\mmmpgec.exe"

C:\Windows\SysWOW64\vokrthr.exe

C:\Windows\system32\vokrthr.exe 520 "C:\Windows\SysWOW64\mmmpgec.exe"

C:\Windows\SysWOW64\vokrthr.exe

"C:\Windows\SysWOW64\vokrthr.exe"

C:\Windows\SysWOW64\ineucqo.exe

C:\Windows\system32\ineucqo.exe 528 "C:\Windows\SysWOW64\vokrthr.exe"

C:\Windows\SysWOW64\ineucqo.exe

"C:\Windows\SysWOW64\ineucqo.exe"

C:\Windows\SysWOW64\vdzxkqu.exe

C:\Windows\system32\vdzxkqu.exe 536 "C:\Windows\SysWOW64\ineucqo.exe"

C:\Windows\SysWOW64\vdzxkqu.exe

"C:\Windows\SysWOW64\vdzxkqu.exe"

C:\Windows\SysWOW64\iccztyz.exe

C:\Windows\system32\iccztyz.exe 536 "C:\Windows\SysWOW64\vdzxkqu.exe"

C:\Windows\SysWOW64\iccztyz.exe

"C:\Windows\SysWOW64\iccztyz.exe"

C:\Windows\SysWOW64\sivxrfm.exe

C:\Windows\system32\sivxrfm.exe 536 "C:\Windows\SysWOW64\iccztyz.exe"

C:\Windows\SysWOW64\sivxrfm.exe

"C:\Windows\SysWOW64\sivxrfm.exe"

C:\Windows\SysWOW64\fdmmxbl.exe

C:\Windows\system32\fdmmxbl.exe 528 "C:\Windows\SysWOW64\sivxrfm.exe"

C:\Windows\SysWOW64\fdmmxbl.exe

"C:\Windows\SysWOW64\fdmmxbl.exe"

C:\Windows\SysWOW64\sxsciop.exe

C:\Windows\system32\sxsciop.exe 528 "C:\Windows\SysWOW64\fdmmxbl.exe"

C:\Windows\SysWOW64\sxsciop.exe

"C:\Windows\SysWOW64\sxsciop.exe"

C:\Windows\SysWOW64\fwnfrwv.exe

C:\Windows\system32\fwnfrwv.exe 520 "C:\Windows\SysWOW64\sxsciop.exe"

C:\Windows\SysWOW64\fwnfrwv.exe

"C:\Windows\SysWOW64\fwnfrwv.exe"

C:\Windows\SysWOW64\oykpmzb.exe

C:\Windows\system32\oykpmzb.exe 528 "C:\Windows\SysWOW64\fwnfrwv.exe"

C:\Windows\SysWOW64\oykpmzb.exe

"C:\Windows\SysWOW64\oykpmzb.exe"

C:\Windows\SysWOW64\bxfkvzh.exe

C:\Windows\system32\bxfkvzh.exe 528 "C:\Windows\SysWOW64\oykpmzb.exe"

C:\Windows\SysWOW64\bxfkvzh.exe

"C:\Windows\SysWOW64\bxfkvzh.exe"

C:\Windows\SysWOW64\orlzgml.exe

C:\Windows\system32\orlzgml.exe 528 "C:\Windows\SysWOW64\bxfkvzh.exe"

C:\Windows\SysWOW64\orlzgml.exe

"C:\Windows\SysWOW64\orlzgml.exe"

C:\Windows\SysWOW64\bedpmpk.exe

C:\Windows\system32\bedpmpk.exe 528 "C:\Windows\SysWOW64\orlzgml.exe"

C:\Windows\SysWOW64\bedpmpk.exe

"C:\Windows\SysWOW64\bedpmpk.exe"

C:\Windows\SysWOW64\ogjfxuo.exe

C:\Windows\system32\ogjfxuo.exe 528 "C:\Windows\SysWOW64\bedpmpk.exe"

C:\Windows\SysWOW64\ogjfxuo.exe

"C:\Windows\SysWOW64\ogjfxuo.exe"

C:\Windows\SysWOW64\yqypkxd.exe

C:\Windows\system32\yqypkxd.exe 536 "C:\Windows\SysWOW64\ogjfxuo.exe"

C:\Windows\SysWOW64\yqypkxd.exe

"C:\Windows\SysWOW64\yqypkxd.exe"

C:\Windows\SysWOW64\kkefwkh.exe

C:\Windows\system32\kkefwkh.exe 528 "C:\Windows\SysWOW64\yqypkxd.exe"

C:\Windows\SysWOW64\kkefwkh.exe

"C:\Windows\SysWOW64\kkefwkh.exe"

C:\Windows\SysWOW64\xjzinkn.exe

C:\Windows\system32\xjzinkn.exe 528 "C:\Windows\SysWOW64\kkefwkh.exe"

C:\Windows\SysWOW64\xjzinkn.exe

"C:\Windows\SysWOW64\xjzinkn.exe"

C:\Windows\SysWOW64\hilfxim.exe

C:\Windows\system32\hilfxim.exe 528 "C:\Windows\SysWOW64\xjzinkn.exe"

C:\Windows\SysWOW64\hilfxim.exe

"C:\Windows\SysWOW64\hilfxim.exe"

C:\Windows\SysWOW64\ukrnivy.exe

C:\Windows\system32\ukrnivy.exe 528 "C:\Windows\SysWOW64\hilfxim.exe"

C:\Windows\SysWOW64\ukrnivy.exe

"C:\Windows\SysWOW64\ukrnivy.exe"

C:\Windows\SysWOW64\hxbkozx.exe

C:\Windows\system32\hxbkozx.exe 528 "C:\Windows\SysWOW64\ukrnivy.exe"

C:\Windows\SysWOW64\hxbkozx.exe

"C:\Windows\SysWOW64\hxbkozx.exe"

C:\Windows\SysWOW64\urhsadc.exe

C:\Windows\system32\urhsadc.exe 528 "C:\Windows\SysWOW64\hxbkozx.exe"

C:\Windows\SysWOW64\urhsadc.exe

"C:\Windows\SysWOW64\urhsadc.exe"

C:\Windows\SysWOW64\hpkvilh.exe

C:\Windows\system32\hpkvilh.exe 536 "C:\Windows\SysWOW64\urhsadc.exe"

C:\Windows\SysWOW64\hpkvilh.exe

"C:\Windows\SysWOW64\hpkvilh.exe"

C:\Windows\SysWOW64\ugfxrun.exe

C:\Windows\system32\ugfxrun.exe 528 "C:\Windows\SysWOW64\hpkvilh.exe"

C:\Windows\SysWOW64\ugfxrun.exe

"C:\Windows\SysWOW64\ugfxrun.exe"

C:\Windows\SysWOW64\equimpt.exe

C:\Windows\system32\equimpt.exe 536 "C:\Windows\SysWOW64\ugfxrun.exe"

C:\Windows\SysWOW64\equimpt.exe

"C:\Windows\SysWOW64\equimpt.exe"

C:\Windows\SysWOW64\rhplvxy.exe

C:\Windows\system32\rhplvxy.exe 532 "C:\Windows\SysWOW64\equimpt.exe"

C:\Windows\SysWOW64\rhplvxy.exe

"C:\Windows\SysWOW64\rhplvxy.exe"

C:\Windows\SysWOW64\djvagjd.exe

C:\Windows\system32\djvagjd.exe 528 "C:\Windows\SysWOW64\rhplvxy.exe"

C:\Windows\SysWOW64\djvagjd.exe

"C:\Windows\SysWOW64\djvagjd.exe"

C:\Windows\SysWOW64\qzyvpka.exe

C:\Windows\system32\qzyvpka.exe 528 "C:\Windows\SysWOW64\djvagjd.exe"

C:\Windows\SysWOW64\qzyvpka.exe

"C:\Windows\SysWOW64\qzyvpka.exe"

C:\Windows\SysWOW64\dytyxsg.exe

C:\Windows\system32\dytyxsg.exe 528 "C:\Windows\SysWOW64\qzyvpka.exe"

C:\Windows\SysWOW64\dytyxsg.exe

"C:\Windows\SysWOW64\dytyxsg.exe"

C:\Windows\SysWOW64\naiisvm.exe

C:\Windows\system32\naiisvm.exe 528 "C:\Windows\SysWOW64\dytyxsg.exe"

C:\Windows\SysWOW64\naiisvm.exe

"C:\Windows\SysWOW64\naiisvm.exe"

C:\Windows\SysWOW64\arllbds.exe

C:\Windows\system32\arllbds.exe 528 "C:\Windows\SysWOW64\naiisvm.exe"

C:\Windows\SysWOW64\arllbds.exe

"C:\Windows\SysWOW64\arllbds.exe"

C:\Windows\SysWOW64\npgnkdx.exe

C:\Windows\system32\npgnkdx.exe 528 "C:\Windows\SysWOW64\arllbds.exe"

C:\Windows\SysWOW64\npgnkdx.exe

"C:\Windows\SysWOW64\npgnkdx.exe"

C:\Windows\SysWOW64\weglalk.exe

C:\Windows\system32\weglalk.exe 528 "C:\Windows\SysWOW64\npgnkdx.exe"

C:\Windows\SysWOW64\weglalk.exe

"C:\Windows\SysWOW64\weglalk.exe"

C:\Windows\SysWOW64\miggeyh.exe

C:\Windows\system32\miggeyh.exe 528 "C:\Windows\SysWOW64\weglalk.exe"

C:\Windows\SysWOW64\miggeyh.exe

"C:\Windows\SysWOW64\miggeyh.exe"

C:\Windows\SysWOW64\wlwqrto.exe

C:\Windows\system32\wlwqrto.exe 536 "C:\Windows\SysWOW64\miggeyh.exe"

C:\Windows\SysWOW64\wlwqrto.exe

"C:\Windows\SysWOW64\wlwqrto.exe"

C:\Windows\SysWOW64\mapqykr.exe

C:\Windows\system32\mapqykr.exe 528 "C:\Windows\SysWOW64\wlwqrto.exe"

C:\Windows\SysWOW64\mapqykr.exe

"C:\Windows\SysWOW64\mapqykr.exe"

C:\Windows\SysWOW64\wlfatox.exe

C:\Windows\system32\wlfatox.exe 528 "C:\Windows\SysWOW64\mapqykr.exe"

C:\Windows\SysWOW64\wlfatox.exe

"C:\Windows\SysWOW64\wlfatox.exe"

C:\Windows\SysWOW64\jczdcod.exe

C:\Windows\system32\jczdcod.exe 528 "C:\Windows\SysWOW64\wlfatox.exe"

C:\Windows\SysWOW64\jczdcod.exe

"C:\Windows\SysWOW64\jczdcod.exe"

C:\Windows\SysWOW64\wscgkwj.exe

C:\Windows\system32\wscgkwj.exe 528 "C:\Windows\SysWOW64\jczdcod.exe"

C:\Windows\SysWOW64\wscgkwj.exe

"C:\Windows\SysWOW64\wscgkwj.exe"

C:\Windows\SysWOW64\fgvdado.exe

C:\Windows\system32\fgvdado.exe 528 "C:\Windows\SysWOW64\wscgkwj.exe"

C:\Windows\SysWOW64\fgvdado.exe

"C:\Windows\SysWOW64\fgvdado.exe"

C:\Windows\SysWOW64\sfygjmt.exe

C:\Windows\system32\sfygjmt.exe 536 "C:\Windows\SysWOW64\fgvdado.exe"

C:\Windows\SysWOW64\sfygjmt.exe

"C:\Windows\SysWOW64\sfygjmt.exe"

C:\Windows\SysWOW64\fzeocqy.exe

C:\Windows\system32\fzeocqy.exe 528 "C:\Windows\SysWOW64\sfygjmt.exe"

C:\Windows\SysWOW64\fzeocqy.exe

"C:\Windows\SysWOW64\fzeocqy.exe"

C:\Windows\SysWOW64\smnliue.exe

C:\Windows\system32\smnliue.exe 528 "C:\Windows\SysWOW64\fzeocqy.exe"

C:\Windows\SysWOW64\smnliue.exe

"C:\Windows\SysWOW64\smnliue.exe"

C:\Windows\SysWOW64\fkqorcc.exe

C:\Windows\system32\fkqorcc.exe 528 "C:\Windows\SysWOW64\smnliue.exe"

C:\Windows\SysWOW64\fkqorcc.exe

"C:\Windows\SysWOW64\fkqorcc.exe"

C:\Windows\SysWOW64\pqrdhbp.exe

C:\Windows\system32\pqrdhbp.exe 528 "C:\Windows\SysWOW64\fkqorcc.exe"

C:\Windows\SysWOW64\pqrdhbp.exe

"C:\Windows\SysWOW64\pqrdhbp.exe"

C:\Windows\SysWOW64\upmgpkv.exe

C:\Windows\system32\upmgpkv.exe 528 "C:\Windows\SysWOW64\pqrdhbp.exe"

C:\Windows\SysWOW64\upmgpkv.exe

"C:\Windows\SysWOW64\upmgpkv.exe"

C:\Windows\SysWOW64\hcdwvnt.exe

C:\Windows\system32\hcdwvnt.exe 528 "C:\Windows\SysWOW64\upmgpkv.exe"

C:\Windows\SysWOW64\hcdwvnt.exe

"C:\Windows\SysWOW64\hcdwvnt.exe"

C:\Windows\SysWOW64\tejlgsy.exe

C:\Windows\system32\tejlgsy.exe 528 "C:\Windows\SysWOW64\hcdwvnt.exe"

C:\Windows\SysWOW64\tejlgsy.exe

"C:\Windows\SysWOW64\tejlgsy.exe"

C:\Windows\SysWOW64\gueoxad.exe

C:\Windows\system32\gueoxad.exe 528 "C:\Windows\SysWOW64\tejlgsy.exe"

C:\Windows\SysWOW64\gueoxad.exe

"C:\Windows\SysWOW64\gueoxad.exe"

C:\Windows\SysWOW64\qiflniq.exe

C:\Windows\system32\qiflniq.exe 528 "C:\Windows\SysWOW64\gueoxad.exe"

C:\Windows\SysWOW64\qiflniq.exe

"C:\Windows\SysWOW64\qiflniq.exe"

C:\Windows\SysWOW64\dvobtlp.exe

C:\Windows\system32\dvobtlp.exe 528 "C:\Windows\SysWOW64\qiflniq.exe"

C:\Windows\SysWOW64\dvobtlp.exe

"C:\Windows\SysWOW64\dvobtlp.exe"

C:\Windows\SysWOW64\qxujeqt.exe

C:\Windows\system32\qxujeqt.exe 528 "C:\Windows\SysWOW64\dvobtlp.exe"

C:\Windows\SysWOW64\qxujeqt.exe

"C:\Windows\SysWOW64\qxujeqt.exe"

C:\Windows\SysWOW64\dkmhkus.exe

C:\Windows\system32\dkmhkus.exe 528 "C:\Windows\SysWOW64\qxujeqt.exe"

C:\Windows\SysWOW64\dkmhkus.exe

"C:\Windows\SysWOW64\dkmhkus.exe"

C:\Windows\SysWOW64\qmsowgf.exe

C:\Windows\system32\qmsowgf.exe 528 "C:\Windows\SysWOW64\dkmhkus.exe"

C:\Windows\SysWOW64\qmsowgf.exe

"C:\Windows\SysWOW64\qmsowgf.exe"

C:\Windows\SysWOW64\zphzrbl.exe

C:\Windows\system32\zphzrbl.exe 528 "C:\Windows\SysWOW64\qmsowgf.exe"

C:\Windows\SysWOW64\zphzrbl.exe

"C:\Windows\SysWOW64\zphzrbl.exe"

C:\Windows\SysWOW64\mrnocop.exe

C:\Windows\system32\mrnocop.exe 528 "C:\Windows\SysWOW64\zphzrbl.exe"

C:\Windows\SysWOW64\mrnocop.exe

"C:\Windows\SysWOW64\mrnocop.exe"

C:\Windows\SysWOW64\zhqrlwv.exe

C:\Windows\system32\zhqrlwv.exe 528 "C:\Windows\SysWOW64\mrnocop.exe"

C:\Windows\SysWOW64\zhqrlwv.exe

"C:\Windows\SysWOW64\zhqrlwv.exe"

C:\Windows\SysWOW64\muahrst.exe

C:\Windows\system32\muahrst.exe 536 "C:\Windows\SysWOW64\zhqrlwv.exe"

C:\Windows\SysWOW64\muahrst.exe

"C:\Windows\SysWOW64\muahrst.exe"

C:\Windows\SysWOW64\wiaehzh.exe

C:\Windows\system32\wiaehzh.exe 528 "C:\Windows\SysWOW64\muahrst.exe"

C:\Windows\SysWOW64\wiaehzh.exe

"C:\Windows\SysWOW64\wiaehzh.exe"

C:\Windows\SysWOW64\mnizlmd.exe

C:\Windows\system32\mnizlmd.exe 528 "C:\Windows\SysWOW64\wiaehzh.exe"

C:\Windows\SysWOW64\mnizlmd.exe

"C:\Windows\SysWOW64\mnizlmd.exe"

C:\Windows\SysWOW64\vbjojmq.exe

C:\Windows\system32\vbjojmq.exe 528 "C:\Windows\SysWOW64\mnizlmd.exe"

C:\Windows\SysWOW64\vbjojmq.exe

"C:\Windows\SysWOW64\vbjojmq.exe"

C:\Windows\SysWOW64\irerruw.exe

C:\Windows\system32\irerruw.exe 528 "C:\Windows\SysWOW64\vbjojmq.exe"

C:\Windows\SysWOW64\irerruw.exe

"C:\Windows\SysWOW64\irerruw.exe"

C:\Windows\SysWOW64\vqzuacu.exe

C:\Windows\system32\vqzuacu.exe 528 "C:\Windows\SysWOW64\irerruw.exe"

C:\Windows\SysWOW64\vqzuacu.exe

"C:\Windows\SysWOW64\vqzuacu.exe"

C:\Windows\SysWOW64\fsoenfi.exe

C:\Windows\system32\fsoenfi.exe 528 "C:\Windows\SysWOW64\vqzuacu.exe"

C:\Windows\SysWOW64\fsoenfi.exe

"C:\Windows\SysWOW64\fsoenfi.exe"

C:\Windows\SysWOW64\srrhwff.exe

C:\Windows\system32\srrhwff.exe 528 "C:\Windows\SysWOW64\fsoenfi.exe"

C:\Windows\SysWOW64\srrhwff.exe

"C:\Windows\SysWOW64\srrhwff.exe"

C:\Windows\SysWOW64\fhmkeol.exe

C:\Windows\system32\fhmkeol.exe 528 "C:\Windows\SysWOW64\srrhwff.exe"

C:\Windows\SysWOW64\fhmkeol.exe

"C:\Windows\SysWOW64\fhmkeol.exe"

C:\Windows\SysWOW64\sghmvwr.exe

C:\Windows\system32\sghmvwr.exe 528 "C:\Windows\SysWOW64\fhmkeol.exe"

C:\Windows\SysWOW64\sghmvwr.exe

"C:\Windows\SysWOW64\sghmvwr.exe"

C:\Windows\SysWOW64\fwjpdwo.exe

C:\Windows\system32\fwjpdwo.exe 528 "C:\Windows\SysWOW64\sghmvwr.exe"

C:\Windows\SysWOW64\fwjpdwo.exe

"C:\Windows\SysWOW64\fwjpdwo.exe"

C:\Windows\SysWOW64\rypxpia.exe

C:\Windows\system32\rypxpia.exe 528 "C:\Windows\SysWOW64\fwjpdwo.exe"

C:\Windows\SysWOW64\rypxpia.exe

"C:\Windows\SysWOW64\rypxpia.exe"

C:\Windows\SysWOW64\bbfhcmh.exe

C:\Windows\system32\bbfhcmh.exe 536 "C:\Windows\SysWOW64\rypxpia.exe"

C:\Windows\SysWOW64\bbfhcmh.exe

"C:\Windows\SysWOW64\bbfhcmh.exe"

C:\Windows\SysWOW64\oaaklum.exe

C:\Windows\system32\oaaklum.exe 528 "C:\Windows\SysWOW64\bbfhcmh.exe"

C:\Windows\SysWOW64\oaaklum.exe

"C:\Windows\SysWOW64\oaaklum.exe"

C:\Windows\SysWOW64\bqcmtuk.exe

C:\Windows\system32\bqcmtuk.exe 528 "C:\Windows\SysWOW64\oaaklum.exe"

C:\Windows\SysWOW64\bqcmtuk.exe

"C:\Windows\SysWOW64\bqcmtuk.exe"

C:\Windows\SysWOW64\osicngw.exe

C:\Windows\system32\osicngw.exe 528 "C:\Windows\SysWOW64\bqcmtuk.exe"

C:\Windows\SysWOW64\osicngw.exe

"C:\Windows\SysWOW64\osicngw.exe"

C:\Windows\SysWOW64\bjdfvhu.exe

C:\Windows\system32\bjdfvhu.exe 528 "C:\Windows\SysWOW64\osicngw.exe"

C:\Windows\SysWOW64\bjdfvhu.exe

"C:\Windows\SysWOW64\bjdfvhu.exe"

C:\Windows\SysWOW64\lttpjki.exe

C:\Windows\system32\lttpjki.exe 528 "C:\Windows\SysWOW64\bjdfvhu.exe"

C:\Windows\SysWOW64\lttpjki.exe

"C:\Windows\SysWOW64\lttpjki.exe"

C:\Windows\SysWOW64\xnzxuwm.exe

C:\Windows\system32\xnzxuwm.exe 528 "C:\Windows\SysWOW64\lttpjki.exe"

C:\Windows\SysWOW64\xnzxuwm.exe

"C:\Windows\SysWOW64\xnzxuwm.exe"

C:\Windows\SysWOW64\kaqnaal.exe

C:\Windows\system32\kaqnaal.exe 528 "C:\Windows\SysWOW64\xnzxuwm.exe"

C:\Windows\SysWOW64\kaqnaal.exe

"C:\Windows\SysWOW64\kaqnaal.exe"

C:\Windows\SysWOW64\xcwcleq.exe

C:\Windows\system32\xcwcleq.exe 528 "C:\Windows\SysWOW64\kaqnaal.exe"

C:\Windows\SysWOW64\xcwcleq.exe

"C:\Windows\SysWOW64\xcwcleq.exe"

C:\Windows\SysWOW64\hnmngie.exe

C:\Windows\system32\hnmngie.exe 528 "C:\Windows\SysWOW64\xcwcleq.exe"

C:\Windows\SysWOW64\hnmngie.exe

"C:\Windows\SysWOW64\hnmngie.exe"

C:\Windows\SysWOW64\xrmikvb.exe

C:\Windows\system32\xrmikvb.exe 528 "C:\Windows\SysWOW64\hnmngie.exe"

C:\Windows\SysWOW64\xrmikvb.exe

"C:\Windows\SysWOW64\xrmikvb.exe"

C:\Windows\SysWOW64\hfnfauo.exe

C:\Windows\system32\hfnfauo.exe 528 "C:\Windows\SysWOW64\xrmikvb.exe"

C:\Windows\SysWOW64\hfnfauo.exe

"C:\Windows\SysWOW64\hfnfauo.exe"

C:\Windows\SysWOW64\usevgyn.exe

C:\Windows\system32\usevgyn.exe 528 "C:\Windows\SysWOW64\hfnfauo.exe"

C:\Windows\SysWOW64\usevgyn.exe

"C:\Windows\SysWOW64\usevgyn.exe"

C:\Windows\SysWOW64\hjzxpgs.exe

C:\Windows\system32\hjzxpgs.exe 536 "C:\Windows\SysWOW64\usevgyn.exe"

C:\Windows\SysWOW64\hjzxpgs.exe

"C:\Windows\SysWOW64\hjzxpgs.exe"

C:\Windows\SysWOW64\tlffalw.exe

C:\Windows\system32\tlffalw.exe 528 "C:\Windows\SysWOW64\hjzxpgs.exe"

C:\Windows\SysWOW64\tlffalw.exe

"C:\Windows\SysWOW64\tlffalw.exe"

C:\Windows\SysWOW64\dkrktke.exe

C:\Windows\system32\dkrktke.exe 528 "C:\Windows\SysWOW64\tlffalw.exe"

C:\Windows\SysWOW64\dkrktke.exe

"C:\Windows\SysWOW64\dkrktke.exe"

C:\Windows\SysWOW64\qpifhah.exe

C:\Windows\system32\qpifhah.exe 528 "C:\Windows\SysWOW64\dkrktke.exe"

C:\Windows\SysWOW64\qpifhah.exe

"C:\Windows\SysWOW64\qpifhah.exe"

C:\Windows\SysWOW64\dcsvneg.exe

C:\Windows\system32\dcsvneg.exe 528 "C:\Windows\SysWOW64\qpifhah.exe"

C:\Windows\SysWOW64\dcsvneg.exe

"C:\Windows\SysWOW64\dcsvneg.exe"

C:\Windows\SysWOW64\qbnxvel.exe

C:\Windows\system32\qbnxvel.exe 528 "C:\Windows\SysWOW64\dcsvneg.exe"

C:\Windows\SysWOW64\qbnxvel.exe

"C:\Windows\SysWOW64\qbnxvel.exe"

C:\Windows\SysWOW64\dvbnhrq.exe

C:\Windows\system32\dvbnhrq.exe 528 "C:\Windows\SysWOW64\qbnxvel.exe"

C:\Windows\SysWOW64\dvbnhrq.exe

"C:\Windows\SysWOW64\dvbnhrq.exe"

C:\Windows\SysWOW64\qtwqpzv.exe

C:\Windows\system32\qtwqpzv.exe 528 "C:\Windows\SysWOW64\dvbnhrq.exe"

C:\Windows\SysWOW64\qtwqpzv.exe

"C:\Windows\SysWOW64\qtwqpzv.exe"

C:\Windows\SysWOW64\zzwfnyi.exe

C:\Windows\system32\zzwfnyi.exe 536 "C:\Windows\SysWOW64\qtwqpzv.exe"

C:\Windows\SysWOW64\zzwfnyi.exe

"C:\Windows\SysWOW64\zzwfnyi.exe"

C:\Windows\SysWOW64\mugdtch.exe

C:\Windows\system32\mugdtch.exe 536 "C:\Windows\SysWOW64\zzwfnyi.exe"

C:\Windows\SysWOW64\mugdtch.exe

"C:\Windows\SysWOW64\mugdtch.exe"

C:\Windows\SysWOW64\zomlfpm.exe

C:\Windows\system32\zomlfpm.exe 528 "C:\Windows\SysWOW64\mugdtch.exe"

C:\Windows\SysWOW64\zomlfpm.exe

"C:\Windows\SysWOW64\zomlfpm.exe"

C:\Windows\SysWOW64\mnpnnpr.exe

C:\Windows\system32\mnpnnpr.exe 528 "C:\Windows\SysWOW64\zomlfpm.exe"

C:\Windows\SysWOW64\mnpnnpr.exe

"C:\Windows\SysWOW64\mnpnnpr.exe"

C:\Windows\SysWOW64\zdkqwxx.exe

C:\Windows\system32\zdkqwxx.exe 528 "C:\Windows\SysWOW64\mnpnnpr.exe"

C:\Windows\SysWOW64\zdkqwxx.exe

"C:\Windows\SysWOW64\zdkqwxx.exe"

C:\Windows\SysWOW64\bozajad.exe

C:\Windows\system32\bozajad.exe 528 "C:\Windows\SysWOW64\zdkqwxx.exe"

C:\Windows\SysWOW64\bozajad.exe

"C:\Windows\SysWOW64\bozajad.exe"

C:\Windows\SysWOW64\oecdsii.exe

C:\Windows\system32\oecdsii.exe 536 "C:\Windows\SysWOW64\bozajad.exe"

C:\Windows\SysWOW64\oecdsii.exe

"C:\Windows\SysWOW64\oecdsii.exe"

C:\Windows\SysWOW64\aklyoru.exe

C:\Windows\system32\aklyoru.exe 528 "C:\Windows\SysWOW64\oecdsii.exe"

C:\Windows\SysWOW64\aklyoru.exe

"C:\Windows\SysWOW64\aklyoru.exe"

C:\Windows\SysWOW64\nxdvuvs.exe

C:\Windows\system32\nxdvuvs.exe 528 "C:\Windows\SysWOW64\aklyoru.exe"

C:\Windows\SysWOW64\nxdvuvs.exe

"C:\Windows\SysWOW64\nxdvuvs.exe"

C:\Windows\SysWOW64\anxqcdy.exe

C:\Windows\system32\anxqcdy.exe 528 "C:\Windows\SysWOW64\nxdvuvs.exe"

C:\Windows\SysWOW64\anxqcdy.exe

"C:\Windows\SysWOW64\anxqcdy.exe"

C:\Windows\SysWOW64\kcynsdd.exe

C:\Windows\system32\kcynsdd.exe 528 "C:\Windows\SysWOW64\anxqcdy.exe"

C:\Windows\SysWOW64\kcynsdd.exe

"C:\Windows\SysWOW64\kcynsdd.exe"

C:\Windows\SysWOW64\xpqdygk.exe

C:\Windows\system32\xpqdygk.exe 528 "C:\Windows\SysWOW64\kcynsdd.exe"

C:\Windows\SysWOW64\xpqdygk.exe

"C:\Windows\SysWOW64\xpqdygk.exe"

C:\Windows\SysWOW64\knkghph.exe

C:\Windows\system32\knkghph.exe 528 "C:\Windows\SysWOW64\xpqdygk.exe"

C:\Windows\SysWOW64\knkghph.exe

"C:\Windows\SysWOW64\knkghph.exe"

C:\Windows\SysWOW64\wscidxs.exe

C:\Windows\system32\wscidxs.exe 528 "C:\Windows\SysWOW64\knkghph.exe"

C:\Windows\SysWOW64\wscidxs.exe

"C:\Windows\SysWOW64\wscidxs.exe"

C:\Windows\SysWOW64\gsggnwa.exe

C:\Windows\system32\gsggnwa.exe 528 "C:\Windows\SysWOW64\wscidxs.exe"

C:\Windows\SysWOW64\gsggnwa.exe

"C:\Windows\SysWOW64\gsggnwa.exe"

C:\Windows\SysWOW64\tumozje.exe

C:\Windows\system32\tumozje.exe 528 "C:\Windows\SysWOW64\gsggnwa.exe"

C:\Windows\SysWOW64\tumozje.exe

"C:\Windows\SysWOW64\tumozje.exe"

C:\Windows\SysWOW64\gkpqhrk.exe

C:\Windows\system32\gkpqhrk.exe 528 "C:\Windows\SysWOW64\tumozje.exe"

C:\Windows\SysWOW64\gkpqhrk.exe

"C:\Windows\SysWOW64\gkpqhrk.exe"

C:\Windows\SysWOW64\tbktqrh.exe

C:\Windows\system32\tbktqrh.exe 528 "C:\Windows\SysWOW64\gkpqhrk.exe"

C:\Windows\SysWOW64\tbktqrh.exe

"C:\Windows\SysWOW64\tbktqrh.exe"

C:\Windows\SysWOW64\dlzdluw.exe

C:\Windows\system32\dlzdluw.exe 528 "C:\Windows\SysWOW64\tbktqrh.exe"

C:\Windows\SysWOW64\dlzdluw.exe

"C:\Windows\SysWOW64\dlzdluw.exe"

C:\Windows\SysWOW64\qcuguct.exe

C:\Windows\system32\qcuguct.exe 528 "C:\Windows\SysWOW64\dlzdluw.exe"

C:\Windows\SysWOW64\qcuguct.exe

"C:\Windows\SysWOW64\qcuguct.exe"

C:\Windows\SysWOW64\daxjccz.exe

C:\Windows\system32\daxjccz.exe 528 "C:\Windows\SysWOW64\qcuguct.exe"

C:\Windows\SysWOW64\daxjccz.exe

"C:\Windows\SysWOW64\daxjccz.exe"

C:\Windows\SysWOW64\qrrllle.exe

C:\Windows\system32\qrrllle.exe 528 "C:\Windows\SysWOW64\daxjccz.exe"

C:\Windows\SysWOW64\qrrllle.exe

"C:\Windows\SysWOW64\qrrllle.exe"

C:\Windows\SysWOW64\ctxbwxj.exe

C:\Windows\system32\ctxbwxj.exe 528 "C:\Windows\SysWOW64\qrrllle.exe"

C:\Windows\SysWOW64\ctxbwxj.exe

"C:\Windows\SysWOW64\ctxbwxj.exe"

C:\Windows\SysWOW64\mvnlkap.exe

C:\Windows\system32\mvnlkap.exe 528 "C:\Windows\SysWOW64\ctxbwxj.exe"

C:\Windows\SysWOW64\mvnlkap.exe

"C:\Windows\SysWOW64\mvnlkap.exe"

C:\Windows\SysWOW64\zuqoaav.exe

C:\Windows\system32\zuqoaav.exe 528 "C:\Windows\SysWOW64\mvnlkap.exe"

C:\Windows\SysWOW64\zuqoaav.exe

"C:\Windows\SysWOW64\zuqoaav.exe"

C:\Windows\SysWOW64\mowwmnz.exe

C:\Windows\system32\mowwmnz.exe 528 "C:\Windows\SysWOW64\zuqoaav.exe"

C:\Windows\SysWOW64\mowwmnz.exe

"C:\Windows\SysWOW64\mowwmnz.exe"

C:\Windows\SysWOW64\zmqzuvf.exe

C:\Windows\system32\zmqzuvf.exe 528 "C:\Windows\SysWOW64\mowwmnz.exe"

C:\Windows\SysWOW64\zmqzuvf.exe

"C:\Windows\SysWOW64\zmqzuvf.exe"

C:\Windows\SysWOW64\mdlbdvk.exe

C:\Windows\system32\mdlbdvk.exe 528 "C:\Windows\SysWOW64\zmqzuvf.exe"

C:\Windows\SysWOW64\mdlbdvk.exe

"C:\Windows\SysWOW64\mdlbdvk.exe"

C:\Windows\SysWOW64\yboeldq.exe

C:\Windows\system32\yboeldq.exe 528 "C:\Windows\SysWOW64\mdlbdvk.exe"

C:\Windows\SysWOW64\yboeldq.exe

"C:\Windows\SysWOW64\yboeldq.exe"

C:\Windows\SysWOW64\lsjhumn.exe

C:\Windows\system32\lsjhumn.exe 528 "C:\Windows\SysWOW64\yboeldq.exe"

C:\Windows\SysWOW64\lsjhumn.exe

"C:\Windows\SysWOW64\lsjhumn.exe"

C:\Windows\SysWOW64\vgjekla.exe

C:\Windows\system32\vgjekla.exe 528 "C:\Windows\SysWOW64\lsjhumn.exe"

C:\Windows\SysWOW64\vgjekla.exe

"C:\Windows\SysWOW64\vgjekla.exe"

C:\Windows\SysWOW64\iwehbtg.exe

C:\Windows\system32\iwehbtg.exe 536 "C:\Windows\SysWOW64\vgjekla.exe"

C:\Windows\SysWOW64\iwehbtg.exe

"C:\Windows\SysWOW64\iwehbtg.exe"

C:\Windows\SysWOW64\vjwwhxf.exe

C:\Windows\system32\vjwwhxf.exe 528 "C:\Windows\SysWOW64\iwehbtg.exe"

C:\Windows\SysWOW64\vjwwhxf.exe

"C:\Windows\SysWOW64\vjwwhxf.exe"

C:\Windows\SysWOW64\fulhual.exe

C:\Windows\system32\fulhual.exe 528 "C:\Windows\SysWOW64\vjwwhxf.exe"

C:\Windows\SysWOW64\fulhual.exe

"C:\Windows\SysWOW64\fulhual.exe"

C:\Windows\SysWOW64\vcxhbkp.exe

C:\Windows\system32\vcxhbkp.exe 528 "C:\Windows\SysWOW64\fulhual.exe"

C:\Windows\SysWOW64\vcxhbkp.exe

"C:\Windows\SysWOW64\vcxhbkp.exe"

C:\Windows\SysWOW64\fjjeliw.exe

C:\Windows\system32\fjjeliw.exe 528 "C:\Windows\SysWOW64\vcxhbkp.exe"

C:\Windows\SysWOW64\fjjeliw.exe

"C:\Windows\SysWOW64\fjjeliw.exe"

C:\Windows\SysWOW64\opjbjqj.exe

C:\Windows\system32\opjbjqj.exe 528 "C:\Windows\SysWOW64\fjjeliw.exe"

C:\Windows\SysWOW64\opjbjqj.exe

"C:\Windows\SysWOW64\opjbjqj.exe"

C:\Windows\SysWOW64\ebkwfvg.exe

C:\Windows\system32\ebkwfvg.exe 528 "C:\Windows\SysWOW64\opjbjqj.exe"

C:\Windows\SysWOW64\ebkwfvg.exe

"C:\Windows\SysWOW64\ebkwfvg.exe"

C:\Windows\SysWOW64\ohkuddl.exe

C:\Windows\system32\ohkuddl.exe 528 "C:\Windows\SysWOW64\ebkwfvg.exe"

C:\Windows\SysWOW64\ohkuddl.exe

"C:\Windows\SysWOW64\ohkuddl.exe"

C:\Windows\SysWOW64\bgfxmlr.exe

C:\Windows\system32\bgfxmlr.exe 528 "C:\Windows\SysWOW64\ohkuddl.exe"

C:\Windows\SysWOW64\bgfxmlr.exe

"C:\Windows\SysWOW64\bgfxmlr.exe"

C:\Windows\SysWOW64\otxmrhp.exe

C:\Windows\system32\otxmrhp.exe 528 "C:\Windows\SysWOW64\bgfxmlr.exe"

C:\Windows\SysWOW64\otxmrhp.exe

"C:\Windows\SysWOW64\otxmrhp.exe"

C:\Windows\SysWOW64\yhxchoc.exe

C:\Windows\system32\yhxchoc.exe 528 "C:\Windows\SysWOW64\otxmrhp.exe"

C:\Windows\SysWOW64\yhxchoc.exe

"C:\Windows\SysWOW64\yhxchoc.exe"

C:\Windows\SysWOW64\lyseywi.exe

C:\Windows\system32\lyseywi.exe 528 "C:\Windows\SysWOW64\yhxchoc.exe"

C:\Windows\SysWOW64\lyseywi.exe

"C:\Windows\SysWOW64\lyseywi.exe"

C:\Windows\SysWOW64\ywnhheo.exe

C:\Windows\system32\ywnhheo.exe 536 "C:\Windows\SysWOW64\lyseywi.exe"

C:\Windows\SysWOW64\ywnhheo.exe

"C:\Windows\SysWOW64\ywnhheo.exe"

C:\Windows\SysWOW64\kqtxsjs.exe

C:\Windows\system32\kqtxsjs.exe 528 "C:\Windows\SysWOW64\ywnhheo.exe"

C:\Windows\SysWOW64\kqtxsjs.exe

"C:\Windows\SysWOW64\kqtxsjs.exe"

C:\Windows\SysWOW64\uxfuciz.exe

C:\Windows\system32\uxfuciz.exe 528 "C:\Windows\SysWOW64\kqtxsjs.exe"

C:\Windows\SysWOW64\uxfuciz.exe

"C:\Windows\SysWOW64\uxfuciz.exe"

C:\Windows\SysWOW64\hoaxlqx.exe

C:\Windows\system32\hoaxlqx.exe 528 "C:\Windows\SysWOW64\uxfuciz.exe"

C:\Windows\SysWOW64\hoaxlqx.exe

"C:\Windows\SysWOW64\hoaxlqx.exe"

C:\Windows\SysWOW64\uqgmxuj.exe

C:\Windows\system32\uqgmxuj.exe 528 "C:\Windows\SysWOW64\hoaxlqx.exe"

C:\Windows\SysWOW64\uqgmxuj.exe

"C:\Windows\SysWOW64\uqgmxuj.exe"

C:\Windows\SysWOW64\hgjpfch.exe

C:\Windows\system32\hgjpfch.exe 528 "C:\Windows\SysWOW64\uqgmxuj.exe"

C:\Windows\SysWOW64\hgjpfch.exe

"C:\Windows\SysWOW64\hgjpfch.exe"

C:\Windows\SysWOW64\rryaafv.exe

C:\Windows\system32\rryaafv.exe 528 "C:\Windows\SysWOW64\hgjpfch.exe"

C:\Windows\SysWOW64\rryaafv.exe

"C:\Windows\SysWOW64\rryaafv.exe"

C:\Windows\SysWOW64\hvyvels.exe

C:\Windows\system32\hvyvels.exe 528 "C:\Windows\SysWOW64\rryaafv.exe"

C:\Windows\SysWOW64\hvyvels.exe

"C:\Windows\SysWOW64\hvyvels.exe"

C:\Windows\SysWOW64\qjzkusf.exe

C:\Windows\system32\qjzkusf.exe 528 "C:\Windows\SysWOW64\hvyvels.exe"

C:\Windows\SysWOW64\qjzkusf.exe

"C:\Windows\SysWOW64\qjzkusf.exe"

C:\Windows\SysWOW64\daundad.exe

C:\Windows\system32\daundad.exe 528 "C:\Windows\SysWOW64\qjzkusf.exe"

C:\Windows\SysWOW64\daundad.exe

"C:\Windows\SysWOW64\daundad.exe"

C:\Windows\SysWOW64\qnlcjej.exe

C:\Windows\system32\qnlcjej.exe 528 "C:\Windows\SysWOW64\daundad.exe"

C:\Windows\SysWOW64\qnlcjej.exe

"C:\Windows\SysWOW64\qnlcjej.exe"

C:\Windows\SysWOW64\sbmahep.exe

C:\Windows\system32\sbmahep.exe 528 "C:\Windows\SysWOW64\qnlcjej.exe"

C:\Windows\SysWOW64\sbmahep.exe

"C:\Windows\SysWOW64\sbmahep.exe"

C:\Windows\SysWOW64\frhcpmu.exe

C:\Windows\system32\frhcpmu.exe 528 "C:\Windows\SysWOW64\sbmahep.exe"

C:\Windows\SysWOW64\frhcpmu.exe

"C:\Windows\SysWOW64\frhcpmu.exe"

C:\Windows\SysWOW64\stnsbyy.exe

C:\Windows\system32\stnsbyy.exe 528 "C:\Windows\SysWOW64\frhcpmu.exe"

C:\Windows\SysWOW64\stnsbyy.exe

"C:\Windows\SysWOW64\stnsbyy.exe"

C:\Windows\SysWOW64\fgeihux.exe

C:\Windows\system32\fgeihux.exe 528 "C:\Windows\SysWOW64\stnsbyy.exe"

C:\Windows\SysWOW64\fgeihux.exe

"C:\Windows\SysWOW64\fgeihux.exe"

C:\Windows\SysWOW64\rilpshk.exe

C:\Windows\system32\rilpshk.exe 540 "C:\Windows\SysWOW64\fgeihux.exe"

C:\Windows\SysWOW64\rilpshk.exe

"C:\Windows\SysWOW64\rilpshk.exe"

C:\Windows\SysWOW64\ezfsbph.exe

C:\Windows\system32\ezfsbph.exe 528 "C:\Windows\SysWOW64\rilpshk.exe"

C:\Windows\SysWOW64\ezfsbph.exe

"C:\Windows\SysWOW64\ezfsbph.exe"

C:\Windows\SysWOW64\rxivjpn.exe

C:\Windows\system32\rxivjpn.exe 528 "C:\Windows\SysWOW64\ezfsbph.exe"

C:\Windows\SysWOW64\rxivjpn.exe

"C:\Windows\SysWOW64\rxivjpn.exe"

C:\Windows\SysWOW64\bdbshwa.exe

C:\Windows\system32\bdbshwa.exe 520 "C:\Windows\SysWOW64\rxivjpn.exe"

C:\Windows\SysWOW64\bdbshwa.exe

"C:\Windows\SysWOW64\bdbshwa.exe"

C:\Windows\SysWOW64\ocevqef.exe

C:\Windows\system32\ocevqef.exe 528 "C:\Windows\SysWOW64\bdbshwa.exe"

C:\Windows\SysWOW64\ocevqef.exe

"C:\Windows\SysWOW64\ocevqef.exe"

C:\Windows\SysWOW64\bsyyynd.exe

C:\Windows\system32\bsyyynd.exe 528 "C:\Windows\SysWOW64\ocevqef.exe"

C:\Windows\SysWOW64\bsyyynd.exe

"C:\Windows\SysWOW64\bsyyynd.exe"

C:\Windows\SysWOW64\ortahni.exe

C:\Windows\system32\ortahni.exe 528 "C:\Windows\SysWOW64\bsyyynd.exe"

C:\Windows\SysWOW64\ortahni.exe

"C:\Windows\SysWOW64\ortahni.exe"

C:\Windows\SysWOW64\bhwdqvo.exe

C:\Windows\system32\bhwdqvo.exe 528 "C:\Windows\SysWOW64\ortahni.exe"

C:\Windows\SysWOW64\bhwdqvo.exe

"C:\Windows\SysWOW64\bhwdqvo.exe"

C:\Windows\SysWOW64\kslnlyu.exe

C:\Windows\system32\kslnlyu.exe 528 "C:\Windows\SysWOW64\bhwdqvo.exe"

C:\Windows\SysWOW64\kslnlyu.exe

"C:\Windows\SysWOW64\kslnlyu.exe"

C:\Windows\SysWOW64\xmrvwdz.exe

C:\Windows\system32\xmrvwdz.exe 528 "C:\Windows\SysWOW64\kslnlyu.exe"

C:\Windows\SysWOW64\xmrvwdz.exe

"C:\Windows\SysWOW64\xmrvwdz.exe"

C:\Windows\SysWOW64\kkmyfle.exe

C:\Windows\system32\kkmyfle.exe 528 "C:\Windows\SysWOW64\xmrvwdz.exe"

C:\Windows\SysWOW64\kkmyfle.exe

"C:\Windows\SysWOW64\kkmyfle.exe"

C:\Windows\SysWOW64\xbpaotk.exe

C:\Windows\system32\xbpaotk.exe 528 "C:\Windows\SysWOW64\kkmyfle.exe"

C:\Windows\SysWOW64\xbpaotk.exe

"C:\Windows\SysWOW64\xbpaotk.exe"

C:\Windows\SysWOW64\hmelbwq.exe

C:\Windows\system32\hmelbwq.exe 528 "C:\Windows\SysWOW64\xbpaotk.exe"

C:\Windows\SysWOW64\hmelbwq.exe

"C:\Windows\SysWOW64\hmelbwq.exe"

C:\Windows\SysWOW64\uglambu.exe

C:\Windows\system32\uglambu.exe 532 "C:\Windows\SysWOW64\hmelbwq.exe"

C:\Windows\SysWOW64\uglambu.exe

"C:\Windows\SysWOW64\uglambu.exe"

Network

N/A

Files

memory/2300-0-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2300-1-0x0000000000250000-0x0000000000280000-memory.dmp

memory/2300-2-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2300-3-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2656-6-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2656-27-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2300-26-0x0000000004500000-0x0000000004654000-memory.dmp

memory/2300-25-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2300-24-0x0000000000250000-0x0000000000280000-memory.dmp

memory/2656-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2656-16-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2656-13-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2656-8-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2300-5-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2300-4-0x0000000000401000-0x000000000040B000-memory.dmp

memory/2656-19-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2656-10-0x0000000000400000-0x00000000004DE000-memory.dmp

\Windows\SysWOW64\laeczsr.exe

MD5 05ee9d93fd7b953589fb0799b595bf76
SHA1 c378f451018644f431bc68856aa1a8bcaffb740b
SHA256 1c8462b0fb2d3b88c83148687171098da5d40e2dc1c1f688b0127b44dc6995f1
SHA512 8a4f21d3eeb96c89147b2b3c8ddf0a0b5ec40ef8d2d6dee722b74c9fed01c590d77a555c240fb10d5d5914dfe33c1075484f19b57ed09ddbb9ea02530a4a2458

memory/2656-32-0x00000000027C0000-0x0000000002914000-memory.dmp

memory/2948-40-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-39-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2656-42-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2948-44-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-45-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-66-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-70-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1820-77-0x00000000027F0000-0x0000000002944000-memory.dmp

memory/1820-79-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/2800-82-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2800-98-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2340-108-0x0000000002990000-0x0000000002AE4000-memory.dmp

memory/1536-109-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2340-111-0x0000000000400000-0x00000000004DE000-memory.dmp

memory/1536-113-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1536-129-0x0000000000400000-0x0000000000554000-memory.dmp

memory/824-140-0x0000000000400000-0x0000000000554000-memory.dmp

memory/480-139-0x00000000029D0000-0x0000000002B24000-memory.dmp

memory/824-159-0x0000000000400000-0x0000000000554000-memory.dmp

memory/920-172-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-171-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1044-169-0x0000000002540000-0x0000000002694000-memory.dmp

memory/1044-168-0x0000000002540000-0x0000000002694000-memory.dmp

memory/920-191-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1528-201-0x0000000002640000-0x0000000002794000-memory.dmp

memory/3056-202-0x0000000000400000-0x0000000000554000-memory.dmp

memory/3056-220-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2576-231-0x00000000028D0000-0x0000000002A24000-memory.dmp

memory/2576-230-0x00000000028D0000-0x0000000002A24000-memory.dmp

memory/2572-251-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2560-260-0x00000000028A0000-0x00000000029F4000-memory.dmp

memory/2008-280-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1592-290-0x0000000002930000-0x0000000002A84000-memory.dmp

memory/2232-309-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1760-319-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1760-338-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1048-348-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1048-367-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2096-395-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2884-403-0x00000000026F0000-0x0000000002844000-memory.dmp

memory/1968-420-0x0000000000400000-0x0000000000554000-memory.dmp

memory/308-429-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2964-428-0x0000000002910000-0x0000000002A64000-memory.dmp

memory/2964-427-0x0000000002910000-0x0000000002A64000-memory.dmp

memory/308-446-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1884-455-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2792-454-0x00000000027F0000-0x0000000002944000-memory.dmp

memory/2792-453-0x00000000027F0000-0x0000000002944000-memory.dmp

memory/1128-479-0x0000000002580000-0x00000000026D4000-memory.dmp

memory/1884-472-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1128-480-0x0000000002580000-0x00000000026D4000-memory.dmp

memory/404-497-0x0000000000400000-0x0000000000554000-memory.dmp

memory/824-518-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1048-527-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1048-542-0x0000000000400000-0x0000000000554000-memory.dmp

memory/3064-564-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2632-574-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2632-589-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1744-598-0x0000000002890000-0x00000000029E4000-memory.dmp

memory/1744-599-0x0000000002890000-0x00000000029E4000-memory.dmp

memory/1200-624-0x0000000002610000-0x0000000002764000-memory.dmp

memory/2528-614-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1200-623-0x0000000002610000-0x0000000002764000-memory.dmp

memory/1288-625-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1508-649-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1288-642-0x0000000000400000-0x0000000000554000-memory.dmp

memory/1508-665-0x0000000000400000-0x0000000000554000-memory.dmp

memory/2948-1043-0x0000000000400000-0x00000000004DE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 12:20

Reported

2024-06-20 12:23

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

Signatures

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\05ee9d93fd7b953589fb0799b595bf76_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/4036-0-0x0000000000400000-0x0000000000554000-memory.dmp

memory/4036-1-0x00000000021D0000-0x0000000002200000-memory.dmp

memory/4036-2-0x0000000002190000-0x0000000002191000-memory.dmp

memory/4036-3-0x0000000000400000-0x0000000000554000-memory.dmp

memory/4036-5-0x00000000021D0000-0x0000000002200000-memory.dmp