Windows Analysis Report
jQ3NFDayJm

Overview

General Information

Sample name: jQ3NFDayJm
renamed because original name is a hash value
Original sample name: a74ddcc99ea8382cf4f6cf0105546bf50fa27db19402206754c6301cd4aa510b
Analysis ID: 1592456
MD5: 6bd5d3470d8877f487bab64ed5f7515d
SHA1: 3469af4a981fb037796bc5a04c7ff3fd82d0eda3
SHA256: a74ddcc99ea8382cf4f6cf0105546bf50fa27db19402206754c6301cd4aa510b
Infos:

Detection

Berbew
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Berbew
AI detected suspicious sample
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Contains functionality to call native functions
Creates files inside the system directory
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
PE file contains sections with non-standard names
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: jQ3NFDayJm Avira: detected
Antivirus detection for dropped file
Source: C:\Windows\SysWOW64\Beqfpgmi.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Bmgikj32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Ameiifeg.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Ajojhp32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Baanabom.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Aefbqf32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Amcldf32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Akcokgql.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Aabldk32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Aljbfgpf.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Bhiabhja.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Bmhofc32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Alghniec.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Apbpjhji.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Ajjjec32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Afkgdh32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Ailjng32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Bccbfjkm.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Apgieg32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Aidobh32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Bhfgjioo.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Bdkabo32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Bajhpc32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Amkiol32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Baphfiel.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Source: C:\Windows\SysWOW64\Aelink32.dll Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Windows\SysWOW64\Badaah32.exe Avira: detection malicious, Label: TR/Spy.Qukart.NB
Multi AV Scanner detection for dropped file
Source: C:\Windows\SysWOW64\Aefbqf32.dll ReversingLabs: Detection: 91%
Source: C:\Windows\SysWOW64\Aelink32.dll ReversingLabs: Detection: 96%
Source: C:\Windows\SysWOW64\Aelink32.dll Virustotal: Detection: 82% Perma Link
Source: C:\Windows\SysWOW64\Afkgdh32.dll ReversingLabs: Detection: 90%
Source: C:\Windows\SysWOW64\Aidobh32.dll ReversingLabs: Detection: 96%
Source: C:\Windows\SysWOW64\Aidobh32.dll Virustotal: Detection: 83% Perma Link
Source: C:\Windows\SysWOW64\Ajjjec32.dll ReversingLabs: Detection: 91%
Source: C:\Windows\SysWOW64\Akcokgql.dll ReversingLabs: Detection: 96%
Source: C:\Windows\SysWOW64\Akcokgql.dll Virustotal: Detection: 83% Perma Link
Source: C:\Windows\SysWOW64\Alghniec.dll ReversingLabs: Detection: 96%
Source: C:\Windows\SysWOW64\Alghniec.dll Virustotal: Detection: 83% Perma Link
Source: C:\Windows\SysWOW64\Aljbfgpf.dll ReversingLabs: Detection: 100%
Source: C:\Windows\SysWOW64\Aljbfgpf.dll Virustotal: Detection: 82% Perma Link
Source: C:\Windows\SysWOW64\Bccbfjkm.dll ReversingLabs: Detection: 91%
Multi AV Scanner detection for submitted file
Source: jQ3NFDayJm Virustotal: Detection: 88% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Windows\SysWOW64\Beqfpgmi.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bmgikj32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ameiifeg.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ajojhp32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Baanabom.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Aefbqf32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Amcldf32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Akcokgql.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Aabldk32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Aljbfgpf.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bhiabhja.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bmhofc32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Alghniec.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Apbpjhji.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ajjjec32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Afkgdh32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Ailjng32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bccbfjkm.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Apgieg32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Aidobh32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bhfgjioo.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bdkabo32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Bajhpc32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Amkiol32.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Baphfiel.exe Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Aelink32.dll Joe Sandbox ML: detected
Source: C:\Windows\SysWOW64\Badaah32.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: jQ3NFDayJm Joe Sandbox ML: detected
Uses 32bit PE files
Source: jQ3NFDayJm Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then mov ecx, dword ptr [eax+04h] 0_2_00403A6B
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then add ebx, 04h 0_2_00403A6B
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then jl 00403A8Fh 0_2_00403A6B
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then add eax, 0Ch 0_2_00403A6B
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then popad 0_2_00403A6B
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then pop edi 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then mov ebx, 00407EF8h 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then sub ecx, eax 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xor edx, edx 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then push eax 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then div edi 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xchg eax, ecx 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then add eax, edi 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then loop 00403B3Eh 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then mov eax, 0042A000h 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then mov ebx, 0042CD70h 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then sub ecx, eax 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xor edx, edx 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then push eax 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then div edi 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xchg eax, ecx 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then add eax, edi 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then loop 00403B9Eh 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then popad 0_2_00403AC7
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then je 00403A1Ch 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xor dword ptr [eax], ecx 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then inc eax 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then jne 004039F2h 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then mov eax, 0042A000h 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then je 00403A52h 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then xor dword ptr [eax], ecx 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then add eax, 04h 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then jne 00403A3Ah 0_2_004039CE
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 4x nop then popad 0_2_004039CE
Source: jQ3NFDayJm.exe, 00000000.00000002.1470739378.000000000042A000.00000004.00000001.01000000.00000003.sdmp, Enmknk32.exe, 00000001.00000002.1471644690.000000000042A000.00000004.00000001.01000000.00000004.sdmp, Fnohck32.exe, 00000002.00000002.1472452269.000000000042A000.00000004.00000001.01000000.00000005.sdmp, Fkchmojh.exe, 00000003.00000002.1473368979.000000000042A000.00000004.00000001.01000000.00000006.sdmp, Fekmfd32.exe, 00000005.00000002.1474183172.000000000042A000.00000004.00000001.01000000.00000007.sdmp, Foaacm32.exe, 00000006.00000002.1474948269.000000000042A000.00000004.00000001.01000000.00000008.sdmp, Fmeamaph.exe, 00000007.00000002.1476045755.000000000042A000.00000004.00000001.01000000.00000009.sdmp, Ffmfeg32.exe, 00000008.00000002.1477156948.000000000042A000.00000004.00000001.01000000.0000000A.sdmp, Febcfckp.exe, 00000009.00000002.1478417107.000000000042A000.00000004.00000001.01000000.0000000B.sdmp, Gbfcph32.exe, 0000000A.00000002.1479423300.000000000042A000.00000004.00000001.01000000.0000000C.sdmp, Gbipeg32.exe, 0000000B.00000002.1480045068.000000000042A000.00000004.00000001.01000000.0000000D.sdmp, Gpmqolfa.exe, 0000000C.00000002.1480873068.000000000042A000.00000004.00000001.01000000.0000000E.sdmp, Geiigbeh.exe, 0000000D.00000002.1481733667.000000000042A000.00000004.00000001.01000000.0000000F.sdmp, Gnbnph32.exe, 0000000E.00000002.1482343235.000000000042A000.00000004.00000001.01000000.00000010.sdmp, Gpajjk32.exe, 0000000F.00000002.1483379730.000000000042A000.00000004.00000001.01000000.00000011.sdmp, Genbbb32.exe, 00000010.00000002.1484294341.000000000042A000.00000004.00000001.01000000.00000012.sdmp, Hbbclf32.exe, 00000011.00000002.1485425782.000000000042A000.00000004.00000001.01000000.00000013.sdmp, Hpfcejof.exe, 00000012.00000002.1486750331.000000000042A000.00000004.00000001.01000000.00000014.sdmp, Hphpkjlc.exe, 00000013.00000002.1488083524.000000000042A000.00000004.00000001.01000000.00000015.sdmp, Hloapk32.exe, 00000014.00000002.1490631205.000000000042A000.00000004.00000001.01000000.00000016.sdmp, Iejbnp32.exe, 00000015.00000002.1492067196.000000000042A000.00000004.00000001.01000000.00000017.sdmp String found in binary or memory: http://tat-neftbank.ru/kkq.php
Source: jQ3NFDayJm.exe, 00000000.00000002.1470739378.000000000042A000.00000004.00000001.01000000.00000003.sdmp, Enmknk32.exe, 00000001.00000002.1471644690.000000000042A000.00000004.00000001.01000000.00000004.sdmp, Fnohck32.exe, 00000002.00000002.1472452269.000000000042A000.00000004.00000001.01000000.00000005.sdmp, Fkchmojh.exe, 00000003.00000002.1473368979.000000000042A000.00000004.00000001.01000000.00000006.sdmp, Fekmfd32.exe, 00000005.00000002.1474183172.000000000042A000.00000004.00000001.01000000.00000007.sdmp, Foaacm32.exe, 00000006.00000002.1474948269.000000000042A000.00000004.00000001.01000000.00000008.sdmp, Fmeamaph.exe, 00000007.00000002.1476045755.000000000042A000.00000004.00000001.01000000.00000009.sdmp, Ffmfeg32.exe, 00000008.00000002.1477156948.000000000042A000.00000004.00000001.01000000.0000000A.sdmp, Febcfckp.exe, 00000009.00000002.1478417107.000000000042A000.00000004.00000001.01000000.0000000B.sdmp, Gbfcph32.exe, 0000000A.00000002.1479423300.000000000042A000.00000004.00000001.01000000.0000000C.sdmp, Gbipeg32.exe, 0000000B.00000002.1480045068.000000000042A000.00000004.00000001.01000000.0000000D.sdmp, Gpmqolfa.exe, 0000000C.00000002.1480873068.000000000042A000.00000004.00000001.01000000.0000000E.sdmp, Geiigbeh.exe, 0000000D.00000002.1481733667.000000000042A000.00000004.00000001.01000000.0000000F.sdmp, Gnbnph32.exe, 0000000E.00000002.1482343235.000000000042A000.00000004.00000001.01000000.00000010.sdmp, Gpajjk32.exe, 0000000F.00000002.1483379730.000000000042A000.00000004.00000001.01000000.00000011.sdmp, Genbbb32.exe, 00000010.00000002.1484294341.000000000042A000.00000004.00000001.01000000.00000012.sdmp, Hbbclf32.exe, 00000011.00000002.1485425782.000000000042A000.00000004.00000001.01000000.00000013.sdmp, Hpfcejof.exe, 00000012.00000002.1486750331.000000000042A000.00000004.00000001.01000000.00000014.sdmp, Hphpkjlc.exe, 00000013.00000002.1488083524.000000000042A000.00000004.00000001.01000000.00000015.sdmp, Hloapk32.exe, 00000014.00000002.1490631205.000000000042A000.00000004.00000001.01000000.00000016.sdmp, Iejbnp32.exe, 00000015.00000002.1492067196.000000000042A000.00000004.00000001.01000000.00000017.sdmp String found in binary or memory: http://tat-neftbank.ru/kkq.phphttp://tat-neftbank.ru/wcmd.htmSoftware
Source: jQ3NFDayJm.exe, 00000000.00000002.1470739378.000000000042A000.00000004.00000001.01000000.00000003.sdmp, Enmknk32.exe, 00000001.00000002.1471644690.000000000042A000.00000004.00000001.01000000.00000004.sdmp, Fnohck32.exe, 00000002.00000002.1472452269.000000000042A000.00000004.00000001.01000000.00000005.sdmp, Fkchmojh.exe, 00000003.00000002.1473368979.000000000042A000.00000004.00000001.01000000.00000006.sdmp, Fekmfd32.exe, 00000005.00000002.1474183172.000000000042A000.00000004.00000001.01000000.00000007.sdmp, Foaacm32.exe, 00000006.00000002.1474948269.000000000042A000.00000004.00000001.01000000.00000008.sdmp, Fmeamaph.exe, 00000007.00000002.1476045755.000000000042A000.00000004.00000001.01000000.00000009.sdmp, Ffmfeg32.exe, 00000008.00000002.1477156948.000000000042A000.00000004.00000001.01000000.0000000A.sdmp, Febcfckp.exe, 00000009.00000002.1478417107.000000000042A000.00000004.00000001.01000000.0000000B.sdmp, Gbfcph32.exe, 0000000A.00000002.1479423300.000000000042A000.00000004.00000001.01000000.0000000C.sdmp, Gbipeg32.exe, 0000000B.00000002.1480045068.000000000042A000.00000004.00000001.01000000.0000000D.sdmp, Gpmqolfa.exe, 0000000C.00000002.1480873068.000000000042A000.00000004.00000001.01000000.0000000E.sdmp, Geiigbeh.exe, 0000000D.00000002.1481733667.000000000042A000.00000004.00000001.01000000.0000000F.sdmp, Gnbnph32.exe, 0000000E.00000002.1482343235.000000000042A000.00000004.00000001.01000000.00000010.sdmp, Gpajjk32.exe, 0000000F.00000002.1483379730.000000000042A000.00000004.00000001.01000000.00000011.sdmp, Genbbb32.exe, 00000010.00000002.1484294341.000000000042A000.00000004.00000001.01000000.00000012.sdmp, Hbbclf32.exe, 00000011.00000002.1485425782.000000000042A000.00000004.00000001.01000000.00000013.sdmp, Hpfcejof.exe, 00000012.00000002.1486750331.000000000042A000.00000004.00000001.01000000.00000014.sdmp, Hphpkjlc.exe, 00000013.00000002.1488083524.000000000042A000.00000004.00000001.01000000.00000015.sdmp, Hloapk32.exe, 00000014.00000002.1490631205.000000000042A000.00000004.00000001.01000000.00000016.sdmp, Iejbnp32.exe, 00000015.00000002.1492067196.000000000042A000.00000004.00000001.01000000.00000017.sdmp String found in binary or memory: http://tat-neftbank.ru/wcmd.htm

System Summary
barindex
PE file has a writeable .text section
Source: jQ3NFDayJm Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Enmknk32.exe.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Fnohck32.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Fkchmojh.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Fekmfd32.exe.3.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Foaacm32.exe.5.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Fmeamaph.exe.6.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ffmfeg32.exe.7.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Febcfckp.exe.8.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Gbfcph32.exe.9.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Gbipeg32.exe.10.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Gpmqolfa.exe.11.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Geiigbeh.exe.12.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Gnbnph32.exe.13.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Gpajjk32.exe.14.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Genbbb32.exe.15.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Hbbclf32.exe.16.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Hpfcejof.exe.17.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Hphpkjlc.exe.18.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Hloapk32.exe.19.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Iejbnp32.exe.20.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Iflknc32.exe.21.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ipdpfhbf.exe.22.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ilkpkihj.exe.23.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Imjmel32.exe.24.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ifcanaen.exe.25.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jfenda32.exe.26.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jopbhd32.exe.27.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jppobf32.exe.28.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jlfpghnm.exe.29.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Jlimmg32.exe.30.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kmhigjcm.exe.31.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kiojlk32.exe.32.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kefjql32.exe.33.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kgegkoeh.exe.34.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kpnkcdli.exe.35.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Kjfplj32.exe.36.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ljimbj32.exe.38.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Leomgk32.exe.39.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lgojanmn.exe.40.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Lgaffm32.exe.41.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Llnood32.exe.42.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ljbphh32.exe.43.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mjdlnhfi.exe.44.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mjgichdg.exe.45.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mjieig32.exe.46.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mgmfbl32.exe.47.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mohkfn32.exe.48.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Mnikde32.exe.49.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Njplifll.exe.50.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nchpbl32.exe.51.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nooagm32.exe.52.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nqomappc.exe.53.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Nmenfa32.exe.54.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Oqcglo32.exe.55.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ophcmlpf.exe.56.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Oqhpgogi.exe.57.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Omoalp32.exe.58.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Onnmfb32.exe.59.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Onqjlb32.exe.60.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pjgkac32.exe.61.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pfnkfdne.exe.62.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pfqhkdkc.exe.63.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pfceac32.exe.64.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Pfeafc32.exe.65.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Qjcjma32.exe.66.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Qhgkff32.exe.67.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Apbpjhji.exe.68.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Aabldk32.exe.69.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ajjqmqgl.exe.70.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Apgieg32.exe.71.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Amkiol32.exe.72.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ajojhp32.exe.73.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Bombon32.exe.74.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Bmbppkoe.exe.75.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Baphfiel.exe.76.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Bmgikj32.exe.77.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Badaah32.exe.78.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Cohbjm32.exe.79.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Cokoplnm.exe.80.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Cgfcdokh.exe.81.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Ckdljm32.exe.82.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Chhmdaph.exe.83.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Dhjiianf.exe.84.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Contains functionality to call native functions
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 0_2_00406FF6 GetWindowRect,GetWindowRect,MoveWindow,SetTextColor,SetTextColor,SetBkColor,CreateBrushIndirect,GetWindowTextA,MessageBoxA,SetFocus,GetWindowTextA,MessageBoxA,SetFocus,MessageBoxA,SetFocus,MessageBoxA,SetFocus,GetWindowTextA,MessageBoxA,SetFocus,GetWindowTextA,MessageBoxA,SetFocus,GetWindowTextA,MessageBoxA,SetFocus,MessageBoxA,SetFocus,MessageBoxA,SetFocus,GetWindowTextA,MessageBoxA,SetFocus,MessageBoxA,SetFocus,CreateFileA,SetFilePointer,WriteFile,WriteFile,WriteFile,WriteFile,CloseHandle,CreateFileA,SetFilePointer,WriteFile,WriteFile,CloseHandle,ShowWindow,NtdllDefWindowProc_A, 0_2_00406FF6
Creates files inside the system directory
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Enmknk32.exe Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Enmknk32.exe:Zone.Identifier:$DATA Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Gopkbc32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Fnohck32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Jjhmem32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Fkchmojh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Kiolqecl.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Fekmfd32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Kjkggl32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Foaacm32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Fkoqiobi.dll Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Fmeamaph.exe Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Njlgcl32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Ffmfeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Iamocmjl.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Febcfckp.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Gllhcm32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Gbfcph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Alghniec.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Gbipeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Kfkiao32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Gpmqolfa.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Cjojjp32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Geiigbeh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Jeoqiq32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Gnbnph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Dnjcfdoi.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Gpajjk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Giamobql.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Genbbb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Domiglci.dll Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Hbbclf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Mejcahjf.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Hpfcejof.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Dddgooib.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Hphpkjlc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Ncafmodl.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Hloapk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Lecjmhnq.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Iejbnp32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Kcamoc32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Iflknc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Gchqcf32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Ipdpfhbf.exe Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Lpdccbgf.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ilkpkihj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ohblco32.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Imjmel32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Okbebenm.dll Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Ifcanaen.exe Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Nnpajnal.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Jfenda32.exe
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Docmmc32.dll
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Jopbhd32.exe
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Ipoden32.dll
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Jppobf32.exe
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Hcddga32.dll
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Jlfpghnm.exe
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Knggaeba.dll
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Jlimmg32.exe
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Akcokgql.dll
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Kmhigjcm.exe
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Ieiomg32.dll
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Kiojlk32.exe
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Eeapjigc.dll
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Kefjql32.exe
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Dgibhggn.dll
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Kgegkoeh.exe
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Hppahlmk.dll
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Kpnkcdli.exe
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Cpdhdolk.dll
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Kjfplj32.exe
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Chjnlmda.dll
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Ljimbj32.exe
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Heaepkaj.dll
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Leomgk32.exe
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Jiipjfip.dll
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Lgojanmn.exe
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Iciglbko.dll
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Lgaffm32.exe
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Fjpdni32.dll
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Llnood32.exe
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Njmgoh32.dll
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Ljbphh32.exe
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Aljbfgpf.dll
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Mjdlnhfi.exe
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Aelink32.dll
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Mjgichdg.exe
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Cemjaq32.dll
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Mjieig32.exe
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Haiooqfk.dll
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Mgmfbl32.exe
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Impfdpln.dll
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Mohkfn32.exe
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Oqkkln32.dll
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Mnikde32.exe
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Ingcjaio.dll
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Njplifll.exe
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Nhljaibo.dll
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Nchpbl32.exe
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Ajjjec32.dll
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Nooagm32.exe
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Homjaafk.dll
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Nqomappc.exe
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Chbmaj32.dll
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Nmenfa32.exe
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Mfpeda32.dll
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Oqcglo32.exe
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Glgklpcj.dll
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Ophcmlpf.exe
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Dbhphf32.dll
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Oqhpgogi.exe
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Lpkigf32.dll
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Omoalp32.exe
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Glgafh32.dll
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Onnmfb32.exe
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Nnclcm32.dll
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Onqjlb32.exe
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Jmclho32.dll
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Pjgkac32.exe
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Eqacmgol.dll
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Pfnkfdne.exe
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Dodmipcd.dll
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Pfqhkdkc.exe
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Mbpekpdk.dll
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Pfceac32.exe
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Lmaaqi32.dll
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Pfeafc32.exe
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Jmcpkl32.dll
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qjcjma32.exe
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qappag32.dll
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Qhgkff32.exe
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Fnjcoo32.dll
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Apbpjhji.exe
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Inbgmhop.dll
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Aabldk32.exe
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Ekifajpc.dll
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Ajjqmqgl.exe
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Hfplhlei.dll
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Apgieg32.exe
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Magfho32.dll
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Amkiol32.exe
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Mmgiocda.dll
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Ajojhp32.exe
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Pdlope32.dll
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Bombon32.exe
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Hmnmcf32.dll
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Bmbppkoe.exe
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Cccfolfa.dll
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Baphfiel.exe
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Hcliif32.dll
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Bmgikj32.exe
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Oogkej32.dll
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Badaah32.exe
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Galjgp32.dll
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Cohbjm32.exe
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Kpnojmgp.dll
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Cokoplnm.exe
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Iodlcfjb.dll
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Cgfcdokh.exe
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Lhhhfbih.dll
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Ckdljm32.exe
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Qjndnbei.dll
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Chhmdaph.exe
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Hiolkefh.dll
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Dhjiianf.exe
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Bhfgjioo.dll
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Dhmfoq32.exe
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Fcbfja32.dll
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Dhocdp32.exe
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Gljedo32.dll
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Dokhgj32.exe
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Imdckjjd.dll
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Dondlj32.exe
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Jiceolni.dll
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Encamf32.exe
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Clakkf32.dll
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Eaqjcdhf.exe
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Aefbqf32.dll
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Engkhenj.exe
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Hoeiflna.dll
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Eddpko32.exe
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Jofjci32.dll
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Fqjqpp32.exe
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Giommjni.dll
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Fbjmjcpl.exe
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Lmolop32.dll
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Fnanodfp.exe
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Mpahpi32.dll
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Fopjig32.exe
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Nlfojgba.dll
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Fbacjbjc.exe
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Ffchlo32.dll
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Gqfpko32.exe
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Jlnoca32.dll
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Ggbenh32.exe
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Majppnhp.dll
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Gibahklh.exe
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Ejjjedcj.dll
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Gidnmk32.exe
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Khmhlo32.dll
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gekobloj.exe
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gmakid32.dll
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Hglhdg32.exe
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Llbhhh32.dll
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Hkjqjeba.exe
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Ebgacgaj.dll
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Hgqaofhe.exe
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Jfebge32.dll
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hedahkgo.exe
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hikbigjf.dll
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Hbhbbofi.exe
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Gjhongok.dll
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Ibkogn32.exe
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Kdjdhipm.dll
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Inaplpij.exe
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Nlfalpdi.dll
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Iiiqoh32.exe
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Phhqek32.dll
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Ipfeaa32.exe
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Bhiabhja.dll
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Jphbga32.exe
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Hgpoon32.dll
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Jomohnom.exe
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Mhoflbja.dll
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Jpmlbqfp.exe
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Kaigjjqk.dll
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Jlclga32.exe
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Nfghhi32.dll
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Jhjmlb32.exe
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Ecjgjl32.dll
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Jacaehhi.exe
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Fbjocj32.dll
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Khofgbnc.exe
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Mafkbeoj.dll
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Khacmalp.exe
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Lbjkckae.dll
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Konhokaj.exe
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Mdfpjg32.dll
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Kejmae32.exe
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Iibphp32.dll
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Lpbndndh.exe
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Hqcomlbp.dll
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Lcbgfi32.exe
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Dkbmhf32.dll
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Lceckh32.exe
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Efcana32.dll
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Lcgpahmc.exe
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Aidobh32.dll
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Mpkajllm.exe
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Fdldjhaq.dll
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Mhibdn32.exe
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Afkgdh32.dll
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Mhkojn32.exe
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Heblggpd.dll
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Mlihpl32.exe
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Cbjkoi32.dll
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Njoeophq.exe
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Dqamkq32.dll
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Nbkicbfk.exe
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Kgamdcln.dll
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Nqnfgjlh.exe
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Hkkoqdmp.dll
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Ofmldphm.exe
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Qoejampk.dll
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Ojkdkonc.exe
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Pidiop32.dll
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ojmapnlq.exe
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ecllamlh.dll
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Ofdbeobd.exe
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Hdnaik32.dll
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Offokopb.exe
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Oollcpnc.dll
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Pfikpo32.exe
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Lgbpdadc.dll
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Pijdbj32.exe
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Lpgaep32.dll
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Pjiqlm32.exe
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Hfknhcaf.dll
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pbdepo32.exe
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pdhionab.dll
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Pqhbdf32.exe
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Obgbhn32.dll
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Qmocigko.exe
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Golngj32.dll
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Qiecnhac.exe
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Hchcho32.dll
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Amcldf32.exe
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Cmkokg32.dll
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ameiifeg.exe
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ndkkoc32.dll
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Ailjng32.exe
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Knjaiq32.dll
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Ajlfhjbn.exe
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Cbaabn32.dll
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Bpkkfq32.exe
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Ipdpiheo.dll
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Bajhpc32.exe
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Ddnmejkm.dll
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Bdkabo32.exe
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Ikdhblhl.dll
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Bdnngnpc.exe
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Cgbcokgg.dll
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Baanabom.exe
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Kilkncaa.dll
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Bmhofc32.exe
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Beqfpgmi.dll
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Cafglb32.exe
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Pmqiii32.dll
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Cmmhacal.exe
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Ppcqpc32.dll
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Cmoefb32.exe
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Ggjbcdlg.dll
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Cppnhn32.exe
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Epnhmj32.dll
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Dbagjiik.exe
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Foqfph32.dll
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Dmihma32.exe
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Bccbfjkm.dll
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Dafpcpme.exe
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Pihcgoep.dll
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Dkoele32.exe
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Hjfniidf.dll
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Dcjjpgaa.exe
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Fflljpnc.dll
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ecmfegon.exe
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ibphfofn.dll
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Edlcpjfa.exe
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Igiglfjj.dll
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ednpeidn.exe
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ecglja32.dll
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Edqlki32.exe
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Nggkimpl.dll
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Eniqcohl.exe
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Cqeolm32.dll
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fnkmiofi.exe
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fifbonoq.dll
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Fplfki32.exe
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Gdkolaoq.dll
Source: C:\Windows\SysWOW64\Fplfki32.exe File created: C:\Windows\SysWOW64\Fghkmc32.exe
Source: C:\Windows\SysWOW64\Fplfki32.exe File created: C:\Windows\SysWOW64\Pigmmehh.dll
Uses 32bit PE files
Source: jQ3NFDayJm Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal100.troj.evad.win@362/339@0/0
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: jQ3NFDayJm Virustotal: Detection: 88%
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File read: C:\Users\user\Desktop\jQ3NFDayJm.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\jQ3NFDayJm.exe "C:\Users\user\Desktop\jQ3NFDayJm.exe"
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Process created: C:\Windows\SysWOW64\Enmknk32.exe C:\Windows\system32\Enmknk32.exe
Source: C:\Windows\SysWOW64\Enmknk32.exe Process created: C:\Windows\SysWOW64\Fnohck32.exe C:\Windows\system32\Fnohck32.exe
Source: C:\Windows\SysWOW64\Fnohck32.exe Process created: C:\Windows\SysWOW64\Fkchmojh.exe C:\Windows\system32\Fkchmojh.exe
Source: C:\Windows\SysWOW64\Fkchmojh.exe Process created: C:\Windows\SysWOW64\Fekmfd32.exe C:\Windows\system32\Fekmfd32.exe
Source: C:\Windows\SysWOW64\Fekmfd32.exe Process created: C:\Windows\SysWOW64\Foaacm32.exe C:\Windows\system32\Foaacm32.exe
Source: C:\Windows\SysWOW64\Foaacm32.exe Process created: C:\Windows\SysWOW64\Fmeamaph.exe C:\Windows\system32\Fmeamaph.exe
Source: C:\Windows\SysWOW64\Fmeamaph.exe Process created: C:\Windows\SysWOW64\Ffmfeg32.exe C:\Windows\system32\Ffmfeg32.exe
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Process created: C:\Windows\SysWOW64\Febcfckp.exe C:\Windows\system32\Febcfckp.exe
Source: C:\Windows\SysWOW64\Febcfckp.exe Process created: C:\Windows\SysWOW64\Gbfcph32.exe C:\Windows\system32\Gbfcph32.exe
Source: C:\Windows\SysWOW64\Gbfcph32.exe Process created: C:\Windows\SysWOW64\Gbipeg32.exe C:\Windows\system32\Gbipeg32.exe
Source: C:\Windows\SysWOW64\Gbipeg32.exe Process created: C:\Windows\SysWOW64\Gpmqolfa.exe C:\Windows\system32\Gpmqolfa.exe
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Process created: C:\Windows\SysWOW64\Geiigbeh.exe C:\Windows\system32\Geiigbeh.exe
Source: C:\Windows\SysWOW64\Geiigbeh.exe Process created: C:\Windows\SysWOW64\Gnbnph32.exe C:\Windows\system32\Gnbnph32.exe
Source: C:\Windows\SysWOW64\Gnbnph32.exe Process created: C:\Windows\SysWOW64\Gpajjk32.exe C:\Windows\system32\Gpajjk32.exe
Source: C:\Windows\SysWOW64\Gpajjk32.exe Process created: C:\Windows\SysWOW64\Genbbb32.exe C:\Windows\system32\Genbbb32.exe
Source: C:\Windows\SysWOW64\Genbbb32.exe Process created: C:\Windows\SysWOW64\Hbbclf32.exe C:\Windows\system32\Hbbclf32.exe
Source: C:\Windows\SysWOW64\Hbbclf32.exe Process created: C:\Windows\SysWOW64\Hpfcejof.exe C:\Windows\system32\Hpfcejof.exe
Source: C:\Windows\SysWOW64\Hpfcejof.exe Process created: C:\Windows\SysWOW64\Hphpkjlc.exe C:\Windows\system32\Hphpkjlc.exe
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Process created: C:\Windows\SysWOW64\Hloapk32.exe C:\Windows\system32\Hloapk32.exe
Source: C:\Windows\SysWOW64\Hloapk32.exe Process created: C:\Windows\SysWOW64\Iejbnp32.exe C:\Windows\system32\Iejbnp32.exe
Source: C:\Windows\SysWOW64\Iejbnp32.exe Process created: C:\Windows\SysWOW64\Iflknc32.exe C:\Windows\system32\Iflknc32.exe
Source: C:\Windows\SysWOW64\Iflknc32.exe Process created: C:\Windows\SysWOW64\Ipdpfhbf.exe C:\Windows\system32\Ipdpfhbf.exe
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Process created: C:\Windows\SysWOW64\Ilkpkihj.exe C:\Windows\system32\Ilkpkihj.exe
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Process created: C:\Windows\SysWOW64\Imjmel32.exe C:\Windows\system32\Imjmel32.exe
Source: C:\Windows\SysWOW64\Imjmel32.exe Process created: C:\Windows\SysWOW64\Ifcanaen.exe C:\Windows\system32\Ifcanaen.exe
Source: C:\Windows\SysWOW64\Ifcanaen.exe Process created: C:\Windows\SysWOW64\Jfenda32.exe C:\Windows\system32\Jfenda32.exe
Source: C:\Windows\SysWOW64\Jfenda32.exe Process created: C:\Windows\SysWOW64\Jopbhd32.exe C:\Windows\system32\Jopbhd32.exe
Source: C:\Windows\SysWOW64\Jopbhd32.exe Process created: C:\Windows\SysWOW64\Jppobf32.exe C:\Windows\system32\Jppobf32.exe
Source: C:\Windows\SysWOW64\Jppobf32.exe Process created: C:\Windows\SysWOW64\Jlfpghnm.exe C:\Windows\system32\Jlfpghnm.exe
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Process created: C:\Windows\SysWOW64\Jlimmg32.exe C:\Windows\system32\Jlimmg32.exe
Source: C:\Windows\SysWOW64\Jlimmg32.exe Process created: C:\Windows\SysWOW64\Kmhigjcm.exe C:\Windows\system32\Kmhigjcm.exe
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Process created: C:\Windows\SysWOW64\Kiojlk32.exe C:\Windows\system32\Kiojlk32.exe
Source: C:\Windows\SysWOW64\Kiojlk32.exe Process created: C:\Windows\SysWOW64\Kefjql32.exe C:\Windows\system32\Kefjql32.exe
Source: C:\Windows\SysWOW64\Kefjql32.exe Process created: C:\Windows\SysWOW64\Kgegkoeh.exe C:\Windows\system32\Kgegkoeh.exe
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Process created: C:\Windows\SysWOW64\Kpnkcdli.exe C:\Windows\system32\Kpnkcdli.exe
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Process created: C:\Windows\SysWOW64\Kjfplj32.exe C:\Windows\system32\Kjfplj32.exe
Source: C:\Windows\SysWOW64\Kjfplj32.exe Process created: C:\Windows\SysWOW64\Ljimbj32.exe C:\Windows\system32\Ljimbj32.exe
Source: C:\Windows\SysWOW64\Ljimbj32.exe Process created: C:\Windows\SysWOW64\Leomgk32.exe C:\Windows\system32\Leomgk32.exe
Source: C:\Windows\SysWOW64\Leomgk32.exe Process created: C:\Windows\SysWOW64\Lgojanmn.exe C:\Windows\system32\Lgojanmn.exe
Source: C:\Windows\SysWOW64\Lgojanmn.exe Process created: C:\Windows\SysWOW64\Lgaffm32.exe C:\Windows\system32\Lgaffm32.exe
Source: C:\Windows\SysWOW64\Lgaffm32.exe Process created: C:\Windows\SysWOW64\Llnood32.exe C:\Windows\system32\Llnood32.exe
Source: C:\Windows\SysWOW64\Llnood32.exe Process created: C:\Windows\SysWOW64\Ljbphh32.exe C:\Windows\system32\Ljbphh32.exe
Source: C:\Windows\SysWOW64\Ljbphh32.exe Process created: C:\Windows\SysWOW64\Mjdlnhfi.exe C:\Windows\system32\Mjdlnhfi.exe
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Process created: C:\Windows\SysWOW64\Mjgichdg.exe C:\Windows\system32\Mjgichdg.exe
Source: C:\Windows\SysWOW64\Mjgichdg.exe Process created: C:\Windows\SysWOW64\Mjieig32.exe C:\Windows\system32\Mjieig32.exe
Source: C:\Windows\SysWOW64\Mjieig32.exe Process created: C:\Windows\SysWOW64\Mgmfbl32.exe C:\Windows\system32\Mgmfbl32.exe
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Process created: C:\Windows\SysWOW64\Mohkfn32.exe C:\Windows\system32\Mohkfn32.exe
Source: C:\Windows\SysWOW64\Mohkfn32.exe Process created: C:\Windows\SysWOW64\Mnikde32.exe C:\Windows\system32\Mnikde32.exe
Source: C:\Windows\SysWOW64\Mnikde32.exe Process created: C:\Windows\SysWOW64\Njplifll.exe C:\Windows\system32\Njplifll.exe
Source: C:\Windows\SysWOW64\Njplifll.exe Process created: C:\Windows\SysWOW64\Nchpbl32.exe C:\Windows\system32\Nchpbl32.exe
Source: C:\Windows\SysWOW64\Nchpbl32.exe Process created: C:\Windows\SysWOW64\Nooagm32.exe C:\Windows\system32\Nooagm32.exe
Source: C:\Windows\SysWOW64\Nooagm32.exe Process created: C:\Windows\SysWOW64\Nqomappc.exe C:\Windows\system32\Nqomappc.exe
Source: C:\Windows\SysWOW64\Nqomappc.exe Process created: C:\Windows\SysWOW64\Nmenfa32.exe C:\Windows\system32\Nmenfa32.exe
Source: C:\Windows\SysWOW64\Nmenfa32.exe Process created: C:\Windows\SysWOW64\Oqcglo32.exe C:\Windows\system32\Oqcglo32.exe
Source: C:\Windows\SysWOW64\Oqcglo32.exe Process created: C:\Windows\SysWOW64\Ophcmlpf.exe C:\Windows\system32\Ophcmlpf.exe
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Process created: C:\Windows\SysWOW64\Oqhpgogi.exe C:\Windows\system32\Oqhpgogi.exe
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Process created: C:\Windows\SysWOW64\Omoalp32.exe C:\Windows\system32\Omoalp32.exe
Source: C:\Windows\SysWOW64\Omoalp32.exe Process created: C:\Windows\SysWOW64\Onnmfb32.exe C:\Windows\system32\Onnmfb32.exe
Source: C:\Windows\SysWOW64\Onnmfb32.exe Process created: C:\Windows\SysWOW64\Onqjlb32.exe C:\Windows\system32\Onqjlb32.exe
Source: C:\Windows\SysWOW64\Onqjlb32.exe Process created: C:\Windows\SysWOW64\Pjgkac32.exe C:\Windows\system32\Pjgkac32.exe
Source: C:\Windows\SysWOW64\Pjgkac32.exe Process created: C:\Windows\SysWOW64\Pfnkfdne.exe C:\Windows\system32\Pfnkfdne.exe
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Process created: C:\Windows\SysWOW64\Pfqhkdkc.exe C:\Windows\system32\Pfqhkdkc.exe
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Process created: C:\Windows\SysWOW64\Pfceac32.exe C:\Windows\system32\Pfceac32.exe
Source: C:\Windows\SysWOW64\Pfceac32.exe Process created: C:\Windows\SysWOW64\Pfeafc32.exe C:\Windows\system32\Pfeafc32.exe
Source: C:\Windows\SysWOW64\Pfeafc32.exe Process created: C:\Windows\SysWOW64\Qjcjma32.exe C:\Windows\system32\Qjcjma32.exe
Source: C:\Windows\SysWOW64\Qjcjma32.exe Process created: C:\Windows\SysWOW64\Qhgkff32.exe C:\Windows\system32\Qhgkff32.exe
Source: C:\Windows\SysWOW64\Qhgkff32.exe Process created: C:\Windows\SysWOW64\Apbpjhji.exe C:\Windows\system32\Apbpjhji.exe
Source: C:\Windows\SysWOW64\Apbpjhji.exe Process created: C:\Windows\SysWOW64\Aabldk32.exe C:\Windows\system32\Aabldk32.exe
Source: C:\Windows\SysWOW64\Aabldk32.exe Process created: C:\Windows\SysWOW64\Ajjqmqgl.exe C:\Windows\system32\Ajjqmqgl.exe
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Process created: C:\Windows\SysWOW64\Apgieg32.exe C:\Windows\system32\Apgieg32.exe
Source: C:\Windows\SysWOW64\Apgieg32.exe Process created: C:\Windows\SysWOW64\Amkiol32.exe C:\Windows\system32\Amkiol32.exe
Source: C:\Windows\SysWOW64\Amkiol32.exe Process created: C:\Windows\SysWOW64\Ajojhp32.exe C:\Windows\system32\Ajojhp32.exe
Source: C:\Windows\SysWOW64\Ajojhp32.exe Process created: C:\Windows\SysWOW64\Bombon32.exe C:\Windows\system32\Bombon32.exe
Source: C:\Windows\SysWOW64\Bombon32.exe Process created: C:\Windows\SysWOW64\Bmbppkoe.exe C:\Windows\system32\Bmbppkoe.exe
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Process created: C:\Windows\SysWOW64\Baphfiel.exe C:\Windows\system32\Baphfiel.exe
Source: C:\Windows\SysWOW64\Baphfiel.exe Process created: C:\Windows\SysWOW64\Bmgikj32.exe C:\Windows\system32\Bmgikj32.exe
Source: C:\Windows\SysWOW64\Bmgikj32.exe Process created: C:\Windows\SysWOW64\Badaah32.exe C:\Windows\system32\Badaah32.exe
Source: C:\Windows\SysWOW64\Badaah32.exe Process created: C:\Windows\SysWOW64\Cohbjm32.exe C:\Windows\system32\Cohbjm32.exe
Source: C:\Windows\SysWOW64\Cohbjm32.exe Process created: C:\Windows\SysWOW64\Cokoplnm.exe C:\Windows\system32\Cokoplnm.exe
Source: C:\Windows\SysWOW64\Cokoplnm.exe Process created: C:\Windows\SysWOW64\Cgfcdokh.exe C:\Windows\system32\Cgfcdokh.exe
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Process created: C:\Windows\SysWOW64\Ckdljm32.exe C:\Windows\system32\Ckdljm32.exe
Source: C:\Windows\SysWOW64\Ckdljm32.exe Process created: C:\Windows\SysWOW64\Chhmdaph.exe C:\Windows\system32\Chhmdaph.exe
Source: C:\Windows\SysWOW64\Chhmdaph.exe Process created: C:\Windows\SysWOW64\Dhjiianf.exe C:\Windows\system32\Dhjiianf.exe
Source: C:\Windows\SysWOW64\Dhjiianf.exe Process created: C:\Windows\SysWOW64\Dhmfoq32.exe C:\Windows\system32\Dhmfoq32.exe
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Process created: C:\Windows\SysWOW64\Dhocdp32.exe C:\Windows\system32\Dhocdp32.exe
Source: C:\Windows\SysWOW64\Dhocdp32.exe Process created: C:\Windows\SysWOW64\Dokhgj32.exe C:\Windows\system32\Dokhgj32.exe
Source: C:\Windows\SysWOW64\Dokhgj32.exe Process created: C:\Windows\SysWOW64\Dondlj32.exe C:\Windows\system32\Dondlj32.exe
Source: C:\Windows\SysWOW64\Dondlj32.exe Process created: C:\Windows\SysWOW64\Encamf32.exe C:\Windows\system32\Encamf32.exe
Source: C:\Windows\SysWOW64\Encamf32.exe Process created: C:\Windows\SysWOW64\Eaqjcdhf.exe C:\Windows\system32\Eaqjcdhf.exe
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Process created: C:\Windows\SysWOW64\Engkhenj.exe C:\Windows\system32\Engkhenj.exe
Source: C:\Windows\SysWOW64\Engkhenj.exe Process created: C:\Windows\SysWOW64\Eddpko32.exe C:\Windows\system32\Eddpko32.exe
Source: C:\Windows\SysWOW64\Eddpko32.exe Process created: C:\Windows\SysWOW64\Fqjqpp32.exe C:\Windows\system32\Fqjqpp32.exe
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Process created: C:\Windows\SysWOW64\Fbjmjcpl.exe C:\Windows\system32\Fbjmjcpl.exe
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Process created: C:\Windows\SysWOW64\Fnanodfp.exe C:\Windows\system32\Fnanodfp.exe
Source: C:\Windows\SysWOW64\Fnanodfp.exe Process created: C:\Windows\SysWOW64\Fopjig32.exe C:\Windows\system32\Fopjig32.exe
Source: C:\Windows\SysWOW64\Fopjig32.exe Process created: C:\Windows\SysWOW64\Fbacjbjc.exe C:\Windows\system32\Fbacjbjc.exe
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Process created: C:\Windows\SysWOW64\Gqfpko32.exe C:\Windows\system32\Gqfpko32.exe
Source: C:\Windows\SysWOW64\Gqfpko32.exe Process created: C:\Windows\SysWOW64\Ggbenh32.exe C:\Windows\system32\Ggbenh32.exe
Source: C:\Windows\SysWOW64\Ggbenh32.exe Process created: C:\Windows\SysWOW64\Gibahklh.exe C:\Windows\system32\Gibahklh.exe
Source: C:\Windows\SysWOW64\Gibahklh.exe Process created: C:\Windows\SysWOW64\Gidnmk32.exe C:\Windows\system32\Gidnmk32.exe
Source: C:\Windows\SysWOW64\Gidnmk32.exe Process created: C:\Windows\SysWOW64\Gekobloj.exe C:\Windows\system32\Gekobloj.exe
Source: C:\Windows\SysWOW64\Gekobloj.exe Process created: C:\Windows\SysWOW64\Hglhdg32.exe C:\Windows\system32\Hglhdg32.exe
Source: C:\Windows\SysWOW64\Hglhdg32.exe Process created: C:\Windows\SysWOW64\Hkjqjeba.exe C:\Windows\system32\Hkjqjeba.exe
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Process created: C:\Windows\SysWOW64\Hgqaofhe.exe C:\Windows\system32\Hgqaofhe.exe
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Process created: C:\Windows\SysWOW64\Hedahkgo.exe C:\Windows\system32\Hedahkgo.exe
Source: C:\Windows\SysWOW64\Hedahkgo.exe Process created: C:\Windows\SysWOW64\Hbhbbofi.exe C:\Windows\system32\Hbhbbofi.exe
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Process created: C:\Windows\SysWOW64\Ibkogn32.exe C:\Windows\system32\Ibkogn32.exe
Source: C:\Windows\SysWOW64\Ibkogn32.exe Process created: C:\Windows\SysWOW64\Inaplpij.exe C:\Windows\system32\Inaplpij.exe
Source: C:\Windows\SysWOW64\Inaplpij.exe Process created: C:\Windows\SysWOW64\Iiiqoh32.exe C:\Windows\system32\Iiiqoh32.exe
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Process created: C:\Windows\SysWOW64\Ipfeaa32.exe C:\Windows\system32\Ipfeaa32.exe
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Process created: C:\Windows\SysWOW64\Jphbga32.exe C:\Windows\system32\Jphbga32.exe
Source: C:\Windows\SysWOW64\Jphbga32.exe Process created: C:\Windows\SysWOW64\Jomohnom.exe C:\Windows\system32\Jomohnom.exe
Source: C:\Windows\SysWOW64\Jomohnom.exe Process created: C:\Windows\SysWOW64\Jpmlbqfp.exe C:\Windows\system32\Jpmlbqfp.exe
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Process created: C:\Windows\SysWOW64\Jlclga32.exe C:\Windows\system32\Jlclga32.exe
Source: C:\Windows\SysWOW64\Jlclga32.exe Process created: C:\Windows\SysWOW64\Jhjmlb32.exe C:\Windows\system32\Jhjmlb32.exe
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Process created: C:\Windows\SysWOW64\Jacaehhi.exe C:\Windows\system32\Jacaehhi.exe
Source: C:\Windows\SysWOW64\Jacaehhi.exe Process created: C:\Windows\SysWOW64\Khofgbnc.exe C:\Windows\system32\Khofgbnc.exe
Source: C:\Windows\SysWOW64\Khofgbnc.exe Process created: C:\Windows\SysWOW64\Khacmalp.exe C:\Windows\system32\Khacmalp.exe
Source: C:\Windows\SysWOW64\Khacmalp.exe Process created: C:\Windows\SysWOW64\Konhokaj.exe C:\Windows\system32\Konhokaj.exe
Source: C:\Windows\SysWOW64\Konhokaj.exe Process created: C:\Windows\SysWOW64\Kejmae32.exe C:\Windows\system32\Kejmae32.exe
Source: C:\Windows\SysWOW64\Kejmae32.exe Process created: C:\Windows\SysWOW64\Lpbndndh.exe C:\Windows\system32\Lpbndndh.exe
Source: C:\Windows\SysWOW64\Lpbndndh.exe Process created: C:\Windows\SysWOW64\Lcbgfi32.exe C:\Windows\system32\Lcbgfi32.exe
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Process created: C:\Windows\SysWOW64\Lceckh32.exe C:\Windows\system32\Lceckh32.exe
Source: C:\Windows\SysWOW64\Lceckh32.exe Process created: C:\Windows\SysWOW64\Lcgpahmc.exe C:\Windows\system32\Lcgpahmc.exe
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Process created: C:\Windows\SysWOW64\Mpkajllm.exe C:\Windows\system32\Mpkajllm.exe
Source: C:\Windows\SysWOW64\Mpkajllm.exe Process created: C:\Windows\SysWOW64\Mhibdn32.exe C:\Windows\system32\Mhibdn32.exe
Source: C:\Windows\SysWOW64\Mhibdn32.exe Process created: C:\Windows\SysWOW64\Mhkojn32.exe C:\Windows\system32\Mhkojn32.exe
Source: C:\Windows\SysWOW64\Mhkojn32.exe Process created: C:\Windows\SysWOW64\Mlihpl32.exe C:\Windows\system32\Mlihpl32.exe
Source: C:\Windows\SysWOW64\Mlihpl32.exe Process created: C:\Windows\SysWOW64\Njoeophq.exe C:\Windows\system32\Njoeophq.exe
Source: C:\Windows\SysWOW64\Njoeophq.exe Process created: C:\Windows\SysWOW64\Nbkicbfk.exe C:\Windows\system32\Nbkicbfk.exe
Source: C:\Windows\SysWOW64\Nbkicbfk.exe Process created: C:\Windows\SysWOW64\Nqnfgjlh.exe C:\Windows\system32\Nqnfgjlh.exe
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe Process created: C:\Windows\SysWOW64\Ofmldphm.exe C:\Windows\system32\Ofmldphm.exe
Source: C:\Windows\SysWOW64\Ofmldphm.exe Process created: C:\Windows\SysWOW64\Ojkdkonc.exe C:\Windows\system32\Ojkdkonc.exe
Source: C:\Windows\SysWOW64\Ojkdkonc.exe Process created: C:\Windows\SysWOW64\Ojmapnlq.exe C:\Windows\system32\Ojmapnlq.exe
Source: C:\Windows\SysWOW64\Ojmapnlq.exe Process created: C:\Windows\SysWOW64\Ofdbeobd.exe C:\Windows\system32\Ofdbeobd.exe
Source: C:\Windows\SysWOW64\Ofdbeobd.exe Process created: C:\Windows\SysWOW64\Offokopb.exe C:\Windows\system32\Offokopb.exe
Source: C:\Windows\SysWOW64\Offokopb.exe Process created: C:\Windows\SysWOW64\Pfikpo32.exe C:\Windows\system32\Pfikpo32.exe
Source: C:\Windows\SysWOW64\Pfikpo32.exe Process created: C:\Windows\SysWOW64\Pijdbj32.exe C:\Windows\system32\Pijdbj32.exe
Source: C:\Windows\SysWOW64\Pijdbj32.exe Process created: C:\Windows\SysWOW64\Pjiqlm32.exe C:\Windows\system32\Pjiqlm32.exe
Source: C:\Windows\SysWOW64\Pjiqlm32.exe Process created: C:\Windows\SysWOW64\Pbdepo32.exe C:\Windows\system32\Pbdepo32.exe
Source: C:\Windows\SysWOW64\Pbdepo32.exe Process created: C:\Windows\SysWOW64\Pqhbdf32.exe C:\Windows\system32\Pqhbdf32.exe
Source: C:\Windows\SysWOW64\Pqhbdf32.exe Process created: C:\Windows\SysWOW64\Qmocigko.exe C:\Windows\system32\Qmocigko.exe
Source: C:\Windows\SysWOW64\Qmocigko.exe Process created: C:\Windows\SysWOW64\Qiecnhac.exe C:\Windows\system32\Qiecnhac.exe
Source: C:\Windows\SysWOW64\Qiecnhac.exe Process created: C:\Windows\SysWOW64\Amcldf32.exe C:\Windows\system32\Amcldf32.exe
Source: C:\Windows\SysWOW64\Amcldf32.exe Process created: C:\Windows\SysWOW64\Ameiifeg.exe C:\Windows\system32\Ameiifeg.exe
Source: C:\Windows\SysWOW64\Ameiifeg.exe Process created: C:\Windows\SysWOW64\Ailjng32.exe C:\Windows\system32\Ailjng32.exe
Source: C:\Windows\SysWOW64\Ailjng32.exe Process created: C:\Windows\SysWOW64\Ajlfhjbn.exe C:\Windows\system32\Ajlfhjbn.exe
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Process created: C:\Windows\SysWOW64\Bpkkfq32.exe C:\Windows\system32\Bpkkfq32.exe
Source: C:\Windows\SysWOW64\Bpkkfq32.exe Process created: C:\Windows\SysWOW64\Bajhpc32.exe C:\Windows\system32\Bajhpc32.exe
Source: C:\Windows\SysWOW64\Bajhpc32.exe Process created: C:\Windows\SysWOW64\Bdkabo32.exe C:\Windows\system32\Bdkabo32.exe
Source: C:\Windows\SysWOW64\Bdkabo32.exe Process created: C:\Windows\SysWOW64\Bdnngnpc.exe C:\Windows\system32\Bdnngnpc.exe
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Process created: C:\Windows\SysWOW64\Baanabom.exe C:\Windows\system32\Baanabom.exe
Source: C:\Windows\SysWOW64\Baanabom.exe Process created: C:\Windows\SysWOW64\Bmhofc32.exe C:\Windows\system32\Bmhofc32.exe
Source: C:\Windows\SysWOW64\Bmhofc32.exe Process created: C:\Windows\SysWOW64\Cafglb32.exe C:\Windows\system32\Cafglb32.exe
Source: C:\Windows\SysWOW64\Cafglb32.exe Process created: C:\Windows\SysWOW64\Cmmhacal.exe C:\Windows\system32\Cmmhacal.exe
Source: C:\Windows\SysWOW64\Cmmhacal.exe Process created: C:\Windows\SysWOW64\Cmoefb32.exe C:\Windows\system32\Cmoefb32.exe
Source: C:\Windows\SysWOW64\Cmoefb32.exe Process created: C:\Windows\SysWOW64\Cppnhn32.exe C:\Windows\system32\Cppnhn32.exe
Source: C:\Windows\SysWOW64\Cppnhn32.exe Process created: C:\Windows\SysWOW64\Dbagjiik.exe C:\Windows\system32\Dbagjiik.exe
Source: C:\Windows\SysWOW64\Dbagjiik.exe Process created: C:\Windows\SysWOW64\Dmihma32.exe C:\Windows\system32\Dmihma32.exe
Source: C:\Windows\SysWOW64\Dmihma32.exe Process created: C:\Windows\SysWOW64\Dafpcpme.exe C:\Windows\system32\Dafpcpme.exe
Source: C:\Windows\SysWOW64\Dafpcpme.exe Process created: C:\Windows\SysWOW64\Dkoele32.exe C:\Windows\system32\Dkoele32.exe
Source: C:\Windows\SysWOW64\Dkoele32.exe Process created: C:\Windows\SysWOW64\Dcjjpgaa.exe C:\Windows\system32\Dcjjpgaa.exe
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe Process created: C:\Windows\SysWOW64\Ecmfegon.exe C:\Windows\system32\Ecmfegon.exe
Source: C:\Windows\SysWOW64\Ecmfegon.exe Process created: C:\Windows\SysWOW64\Edlcpjfa.exe C:\Windows\system32\Edlcpjfa.exe
Source: C:\Windows\SysWOW64\Edlcpjfa.exe Process created: C:\Windows\SysWOW64\Ednpeidn.exe C:\Windows\system32\Ednpeidn.exe
Source: C:\Windows\SysWOW64\Ednpeidn.exe Process created: C:\Windows\SysWOW64\Edqlki32.exe C:\Windows\system32\Edqlki32.exe
Source: C:\Windows\SysWOW64\Edqlki32.exe Process created: C:\Windows\SysWOW64\Eniqcohl.exe C:\Windows\system32\Eniqcohl.exe
Source: C:\Windows\SysWOW64\Eniqcohl.exe Process created: C:\Windows\SysWOW64\Fnkmiofi.exe C:\Windows\system32\Fnkmiofi.exe
Source: C:\Windows\SysWOW64\Fnkmiofi.exe Process created: C:\Windows\SysWOW64\Fplfki32.exe C:\Windows\system32\Fplfki32.exe
Source: C:\Windows\SysWOW64\Fplfki32.exe Process created: C:\Windows\SysWOW64\Fghkmc32.exe C:\Windows\system32\Fghkmc32.exe
Source: C:\Windows\SysWOW64\Fghkmc32.exe Process created: C:\Windows\SysWOW64\Fjidoo32.exe C:\Windows\system32\Fjidoo32.exe
Source: C:\Windows\SysWOW64\Fjidoo32.exe Process created: C:\Windows\SysWOW64\Gbeekkbb.exe C:\Windows\system32\Gbeekkbb.exe
Source: C:\Windows\SysWOW64\Gbeekkbb.exe Process created: C:\Windows\SysWOW64\Gqjblggj.exe C:\Windows\system32\Gqjblggj.exe
Source: C:\Windows\SysWOW64\Gqjblggj.exe Process created: C:\Windows\SysWOW64\Gbjofj32.exe C:\Windows\system32\Gbjofj32.exe
Source: C:\Windows\SysWOW64\Gbjofj32.exe Process created: C:\Windows\SysWOW64\Gqolgg32.exe C:\Windows\system32\Gqolgg32.exe
Source: C:\Windows\SysWOW64\Gqolgg32.exe Process created: C:\Windows\SysWOW64\Hbohajjh.exe C:\Windows\system32\Hbohajjh.exe
Source: C:\Windows\SysWOW64\Hbohajjh.exe Process created: C:\Windows\SysWOW64\Hneifkpl.exe C:\Windows\system32\Hneifkpl.exe
Source: C:\Windows\SysWOW64\Hneifkpl.exe Process created: C:\Windows\SysWOW64\Hbcbli32.exe C:\Windows\system32\Hbcbli32.exe
Source: C:\Windows\SysWOW64\Hbcbli32.exe Process created: C:\Windows\SysWOW64\Hjnfqk32.exe C:\Windows\system32\Hjnfqk32.exe
Source: C:\Windows\SysWOW64\Hjnfqk32.exe Process created: C:\Windows\SysWOW64\Hnlogj32.exe C:\Windows\system32\Hnlogj32.exe
Source: C:\Windows\SysWOW64\Hnlogj32.exe Process created: C:\Windows\SysWOW64\Iehdic32.exe C:\Windows\system32\Iehdic32.exe
Source: C:\Windows\SysWOW64\Iehdic32.exe Process created: C:\Windows\SysWOW64\Ibmebh32.exe C:\Windows\system32\Ibmebh32.exe
Source: C:\Windows\SysWOW64\Ibmebh32.exe Process created: C:\Windows\SysWOW64\Incegidl.exe C:\Windows\system32\Incegidl.exe
Source: C:\Windows\SysWOW64\Incegidl.exe Process created: C:\Windows\SysWOW64\Ijjfljip.exe C:\Windows\system32\Ijjfljip.exe
Source: C:\Windows\SysWOW64\Ijjfljip.exe Process created: C:\Windows\SysWOW64\Icbkeo32.exe C:\Windows\system32\Icbkeo32.exe
Source: C:\Windows\SysWOW64\Icbkeo32.exe Process created: C:\Windows\SysWOW64\Iafkoc32.exe C:\Windows\system32\Iafkoc32.exe
Source: C:\Windows\SysWOW64\Iafkoc32.exe Process created: C:\Windows\SysWOW64\Jbfgif32.exe C:\Windows\system32\Jbfgif32.exe
Source: C:\Windows\SysWOW64\Jbfgif32.exe Process created: C:\Windows\SysWOW64\Jbhdnf32.exe C:\Windows\system32\Jbhdnf32.exe
Source: C:\Windows\SysWOW64\Jbhdnf32.exe Process created: C:\Windows\SysWOW64\Jamaob32.exe C:\Windows\system32\Jamaob32.exe
Source: C:\Windows\SysWOW64\Jamaob32.exe Process created: C:\Windows\SysWOW64\Jdnjan32.exe C:\Windows\system32\Jdnjan32.exe
Source: C:\Windows\SysWOW64\Jdnjan32.exe Process created: C:\Windows\SysWOW64\Kenfkq32.exe C:\Windows\system32\Kenfkq32.exe
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Process created: C:\Windows\SysWOW64\Enmknk32.exe C:\Windows\system32\Enmknk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe Process created: C:\Windows\SysWOW64\Fnohck32.exe C:\Windows\system32\Fnohck32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe Process created: C:\Windows\SysWOW64\Fkchmojh.exe C:\Windows\system32\Fkchmojh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe Process created: C:\Windows\SysWOW64\Fekmfd32.exe C:\Windows\system32\Fekmfd32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe Process created: C:\Windows\SysWOW64\Foaacm32.exe C:\Windows\system32\Foaacm32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe Process created: C:\Windows\SysWOW64\Fmeamaph.exe C:\Windows\system32\Fmeamaph.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe Process created: C:\Windows\SysWOW64\Ffmfeg32.exe C:\Windows\system32\Ffmfeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Process created: C:\Windows\SysWOW64\Febcfckp.exe C:\Windows\system32\Febcfckp.exe Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe Process created: C:\Windows\SysWOW64\Gbfcph32.exe C:\Windows\system32\Gbfcph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe Process created: C:\Windows\SysWOW64\Gbipeg32.exe C:\Windows\system32\Gbipeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe Process created: C:\Windows\SysWOW64\Gpmqolfa.exe C:\Windows\system32\Gpmqolfa.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Process created: C:\Windows\SysWOW64\Geiigbeh.exe C:\Windows\system32\Geiigbeh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe Process created: C:\Windows\SysWOW64\Gnbnph32.exe C:\Windows\system32\Gnbnph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe Process created: C:\Windows\SysWOW64\Gpajjk32.exe C:\Windows\system32\Gpajjk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe Process created: C:\Windows\SysWOW64\Genbbb32.exe C:\Windows\system32\Genbbb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Process created: C:\Windows\SysWOW64\Hbbclf32.exe C:\Windows\system32\Hbbclf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe Process created: C:\Windows\SysWOW64\Hpfcejof.exe C:\Windows\system32\Hpfcejof.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe Process created: C:\Windows\SysWOW64\Hphpkjlc.exe C:\Windows\system32\Hphpkjlc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Process created: C:\Windows\SysWOW64\Hloapk32.exe C:\Windows\system32\Hloapk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe Process created: C:\Windows\SysWOW64\Iejbnp32.exe C:\Windows\system32\Iejbnp32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe Process created: C:\Windows\SysWOW64\Iflknc32.exe C:\Windows\system32\Iflknc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe Process created: C:\Windows\SysWOW64\Ipdpfhbf.exe C:\Windows\system32\Ipdpfhbf.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Process created: C:\Windows\SysWOW64\Ilkpkihj.exe C:\Windows\system32\Ilkpkihj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Process created: C:\Windows\SysWOW64\Imjmel32.exe C:\Windows\system32\Imjmel32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe Process created: C:\Windows\SysWOW64\Ifcanaen.exe C:\Windows\system32\Ifcanaen.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ifcanaen.exe Process created: C:\Windows\SysWOW64\Jfenda32.exe C:\Windows\system32\Jfenda32.exe
Source: C:\Windows\SysWOW64\Jfenda32.exe Process created: C:\Windows\SysWOW64\Jopbhd32.exe C:\Windows\system32\Jopbhd32.exe
Source: C:\Windows\SysWOW64\Jopbhd32.exe Process created: C:\Windows\SysWOW64\Jppobf32.exe C:\Windows\system32\Jppobf32.exe
Source: C:\Windows\SysWOW64\Jppobf32.exe Process created: C:\Windows\SysWOW64\Jlfpghnm.exe C:\Windows\system32\Jlfpghnm.exe
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Process created: C:\Windows\SysWOW64\Jlimmg32.exe C:\Windows\system32\Jlimmg32.exe
Source: C:\Windows\SysWOW64\Jlimmg32.exe Process created: C:\Windows\SysWOW64\Kmhigjcm.exe C:\Windows\system32\Kmhigjcm.exe
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Process created: C:\Windows\SysWOW64\Kiojlk32.exe C:\Windows\system32\Kiojlk32.exe
Source: C:\Windows\SysWOW64\Kiojlk32.exe Process created: C:\Windows\SysWOW64\Kefjql32.exe C:\Windows\system32\Kefjql32.exe
Source: C:\Windows\SysWOW64\Kefjql32.exe Process created: C:\Windows\SysWOW64\Kgegkoeh.exe C:\Windows\system32\Kgegkoeh.exe
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Process created: C:\Windows\SysWOW64\Kpnkcdli.exe C:\Windows\system32\Kpnkcdli.exe
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Process created: C:\Windows\SysWOW64\Kjfplj32.exe C:\Windows\system32\Kjfplj32.exe
Source: C:\Windows\SysWOW64\Kjfplj32.exe Process created: C:\Windows\SysWOW64\Ljimbj32.exe C:\Windows\system32\Ljimbj32.exe
Source: C:\Windows\SysWOW64\Ljimbj32.exe Process created: C:\Windows\SysWOW64\Leomgk32.exe C:\Windows\system32\Leomgk32.exe
Source: C:\Windows\SysWOW64\Leomgk32.exe Process created: C:\Windows\SysWOW64\Lgojanmn.exe C:\Windows\system32\Lgojanmn.exe
Source: C:\Windows\SysWOW64\Lgojanmn.exe Process created: C:\Windows\SysWOW64\Lgaffm32.exe C:\Windows\system32\Lgaffm32.exe
Source: C:\Windows\SysWOW64\Lgaffm32.exe Process created: C:\Windows\SysWOW64\Llnood32.exe C:\Windows\system32\Llnood32.exe
Source: C:\Windows\SysWOW64\Llnood32.exe Process created: C:\Windows\SysWOW64\Ljbphh32.exe C:\Windows\system32\Ljbphh32.exe
Source: C:\Windows\SysWOW64\Ljbphh32.exe Process created: C:\Windows\SysWOW64\Mjdlnhfi.exe C:\Windows\system32\Mjdlnhfi.exe
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Process created: C:\Windows\SysWOW64\Mjgichdg.exe C:\Windows\system32\Mjgichdg.exe
Source: C:\Windows\SysWOW64\Mjgichdg.exe Process created: C:\Windows\SysWOW64\Mjieig32.exe C:\Windows\system32\Mjieig32.exe
Source: C:\Windows\SysWOW64\Mjieig32.exe Process created: C:\Windows\SysWOW64\Mgmfbl32.exe C:\Windows\system32\Mgmfbl32.exe
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Process created: C:\Windows\SysWOW64\Mohkfn32.exe C:\Windows\system32\Mohkfn32.exe
Source: C:\Windows\SysWOW64\Mohkfn32.exe Process created: C:\Windows\SysWOW64\Mnikde32.exe C:\Windows\system32\Mnikde32.exe
Source: C:\Windows\SysWOW64\Mnikde32.exe Process created: C:\Windows\SysWOW64\Njplifll.exe C:\Windows\system32\Njplifll.exe
Source: C:\Windows\SysWOW64\Njplifll.exe Process created: C:\Windows\SysWOW64\Nchpbl32.exe C:\Windows\system32\Nchpbl32.exe
Source: C:\Windows\SysWOW64\Nchpbl32.exe Process created: C:\Windows\SysWOW64\Nooagm32.exe C:\Windows\system32\Nooagm32.exe
Source: C:\Windows\SysWOW64\Nooagm32.exe Process created: C:\Windows\SysWOW64\Nqomappc.exe C:\Windows\system32\Nqomappc.exe
Source: C:\Windows\SysWOW64\Nqomappc.exe Process created: C:\Windows\SysWOW64\Nmenfa32.exe C:\Windows\system32\Nmenfa32.exe
Source: C:\Windows\SysWOW64\Nmenfa32.exe Process created: C:\Windows\SysWOW64\Oqcglo32.exe C:\Windows\system32\Oqcglo32.exe
Source: C:\Windows\SysWOW64\Oqcglo32.exe Process created: C:\Windows\SysWOW64\Ophcmlpf.exe C:\Windows\system32\Ophcmlpf.exe
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Process created: C:\Windows\SysWOW64\Oqhpgogi.exe C:\Windows\system32\Oqhpgogi.exe
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Process created: C:\Windows\SysWOW64\Omoalp32.exe C:\Windows\system32\Omoalp32.exe
Source: C:\Windows\SysWOW64\Omoalp32.exe Process created: C:\Windows\SysWOW64\Onnmfb32.exe C:\Windows\system32\Onnmfb32.exe
Source: C:\Windows\SysWOW64\Onnmfb32.exe Process created: C:\Windows\SysWOW64\Onqjlb32.exe C:\Windows\system32\Onqjlb32.exe
Source: C:\Windows\SysWOW64\Onqjlb32.exe Process created: C:\Windows\SysWOW64\Pjgkac32.exe C:\Windows\system32\Pjgkac32.exe
Source: C:\Windows\SysWOW64\Pjgkac32.exe Process created: C:\Windows\SysWOW64\Pfnkfdne.exe C:\Windows\system32\Pfnkfdne.exe
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Process created: C:\Windows\SysWOW64\Pfqhkdkc.exe C:\Windows\system32\Pfqhkdkc.exe
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Process created: C:\Windows\SysWOW64\Pfceac32.exe C:\Windows\system32\Pfceac32.exe
Source: C:\Windows\SysWOW64\Pfceac32.exe Process created: C:\Windows\SysWOW64\Pfeafc32.exe C:\Windows\system32\Pfeafc32.exe
Source: C:\Windows\SysWOW64\Pfeafc32.exe Process created: C:\Windows\SysWOW64\Qjcjma32.exe C:\Windows\system32\Qjcjma32.exe
Source: C:\Windows\SysWOW64\Qjcjma32.exe Process created: C:\Windows\SysWOW64\Qhgkff32.exe C:\Windows\system32\Qhgkff32.exe
Source: C:\Windows\SysWOW64\Qhgkff32.exe Process created: C:\Windows\SysWOW64\Apbpjhji.exe C:\Windows\system32\Apbpjhji.exe
Source: C:\Windows\SysWOW64\Apbpjhji.exe Process created: C:\Windows\SysWOW64\Aabldk32.exe C:\Windows\system32\Aabldk32.exe
Source: C:\Windows\SysWOW64\Aabldk32.exe Process created: C:\Windows\SysWOW64\Ajjqmqgl.exe C:\Windows\system32\Ajjqmqgl.exe
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Process created: C:\Windows\SysWOW64\Apgieg32.exe C:\Windows\system32\Apgieg32.exe
Source: C:\Windows\SysWOW64\Apgieg32.exe Process created: C:\Windows\SysWOW64\Amkiol32.exe C:\Windows\system32\Amkiol32.exe
Source: C:\Windows\SysWOW64\Amkiol32.exe Process created: C:\Windows\SysWOW64\Ajojhp32.exe C:\Windows\system32\Ajojhp32.exe
Source: C:\Windows\SysWOW64\Ajojhp32.exe Process created: C:\Windows\SysWOW64\Bombon32.exe C:\Windows\system32\Bombon32.exe
Source: C:\Windows\SysWOW64\Bombon32.exe Process created: C:\Windows\SysWOW64\Bmbppkoe.exe C:\Windows\system32\Bmbppkoe.exe
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Process created: C:\Windows\SysWOW64\Baphfiel.exe C:\Windows\system32\Baphfiel.exe
Source: C:\Windows\SysWOW64\Baphfiel.exe Process created: C:\Windows\SysWOW64\Bmgikj32.exe C:\Windows\system32\Bmgikj32.exe
Source: C:\Windows\SysWOW64\Bmgikj32.exe Process created: C:\Windows\SysWOW64\Badaah32.exe C:\Windows\system32\Badaah32.exe
Source: C:\Windows\SysWOW64\Badaah32.exe Process created: C:\Windows\SysWOW64\Cohbjm32.exe C:\Windows\system32\Cohbjm32.exe
Source: C:\Windows\SysWOW64\Cohbjm32.exe Process created: C:\Windows\SysWOW64\Cokoplnm.exe C:\Windows\system32\Cokoplnm.exe
Source: C:\Windows\SysWOW64\Cokoplnm.exe Process created: C:\Windows\SysWOW64\Cgfcdokh.exe C:\Windows\system32\Cgfcdokh.exe
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Process created: C:\Windows\SysWOW64\Ckdljm32.exe C:\Windows\system32\Ckdljm32.exe
Source: C:\Windows\SysWOW64\Ckdljm32.exe Process created: C:\Windows\SysWOW64\Chhmdaph.exe C:\Windows\system32\Chhmdaph.exe
Source: C:\Windows\SysWOW64\Chhmdaph.exe Process created: C:\Windows\SysWOW64\Dhjiianf.exe C:\Windows\system32\Dhjiianf.exe
Source: C:\Windows\SysWOW64\Dhjiianf.exe Process created: C:\Windows\SysWOW64\Dhmfoq32.exe C:\Windows\system32\Dhmfoq32.exe
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Process created: C:\Windows\SysWOW64\Dhocdp32.exe C:\Windows\system32\Dhocdp32.exe
Source: C:\Windows\SysWOW64\Dhocdp32.exe Process created: C:\Windows\SysWOW64\Dokhgj32.exe C:\Windows\system32\Dokhgj32.exe
Source: C:\Windows\SysWOW64\Dokhgj32.exe Process created: C:\Windows\SysWOW64\Dondlj32.exe C:\Windows\system32\Dondlj32.exe
Source: C:\Windows\SysWOW64\Dondlj32.exe Process created: C:\Windows\SysWOW64\Encamf32.exe C:\Windows\system32\Encamf32.exe
Source: C:\Windows\SysWOW64\Encamf32.exe Process created: C:\Windows\SysWOW64\Eaqjcdhf.exe C:\Windows\system32\Eaqjcdhf.exe
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Process created: C:\Windows\SysWOW64\Engkhenj.exe C:\Windows\system32\Engkhenj.exe
Source: C:\Windows\SysWOW64\Engkhenj.exe Process created: C:\Windows\SysWOW64\Eddpko32.exe C:\Windows\system32\Eddpko32.exe
Source: C:\Windows\SysWOW64\Eddpko32.exe Process created: C:\Windows\SysWOW64\Fqjqpp32.exe C:\Windows\system32\Fqjqpp32.exe
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Process created: C:\Windows\SysWOW64\Fbjmjcpl.exe C:\Windows\system32\Fbjmjcpl.exe
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Process created: C:\Windows\SysWOW64\Fnanodfp.exe C:\Windows\system32\Fnanodfp.exe
Source: C:\Windows\SysWOW64\Fnanodfp.exe Process created: C:\Windows\SysWOW64\Fopjig32.exe C:\Windows\system32\Fopjig32.exe
Source: C:\Windows\SysWOW64\Fopjig32.exe Process created: C:\Windows\SysWOW64\Fbacjbjc.exe C:\Windows\system32\Fbacjbjc.exe
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Process created: C:\Windows\SysWOW64\Gqfpko32.exe C:\Windows\system32\Gqfpko32.exe
Source: C:\Windows\SysWOW64\Gqfpko32.exe Process created: C:\Windows\SysWOW64\Ggbenh32.exe C:\Windows\system32\Ggbenh32.exe
Source: C:\Windows\SysWOW64\Ggbenh32.exe Process created: C:\Windows\SysWOW64\Gibahklh.exe C:\Windows\system32\Gibahklh.exe
Source: C:\Windows\SysWOW64\Gibahklh.exe Process created: C:\Windows\SysWOW64\Gidnmk32.exe C:\Windows\system32\Gidnmk32.exe
Source: C:\Windows\SysWOW64\Gidnmk32.exe Process created: C:\Windows\SysWOW64\Gekobloj.exe C:\Windows\system32\Gekobloj.exe
Source: C:\Windows\SysWOW64\Gekobloj.exe Process created: C:\Windows\SysWOW64\Hglhdg32.exe C:\Windows\system32\Hglhdg32.exe
Source: C:\Windows\SysWOW64\Hglhdg32.exe Process created: C:\Windows\SysWOW64\Hkjqjeba.exe C:\Windows\system32\Hkjqjeba.exe
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Process created: C:\Windows\SysWOW64\Hgqaofhe.exe C:\Windows\system32\Hgqaofhe.exe
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Process created: C:\Windows\SysWOW64\Hedahkgo.exe C:\Windows\system32\Hedahkgo.exe
Source: C:\Windows\SysWOW64\Hedahkgo.exe Process created: C:\Windows\SysWOW64\Hbhbbofi.exe C:\Windows\system32\Hbhbbofi.exe
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Process created: C:\Windows\SysWOW64\Ibkogn32.exe C:\Windows\system32\Ibkogn32.exe
Source: C:\Windows\SysWOW64\Ibkogn32.exe Process created: C:\Windows\SysWOW64\Inaplpij.exe C:\Windows\system32\Inaplpij.exe
Source: C:\Windows\SysWOW64\Inaplpij.exe Process created: C:\Windows\SysWOW64\Iiiqoh32.exe C:\Windows\system32\Iiiqoh32.exe
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Process created: C:\Windows\SysWOW64\Ipfeaa32.exe C:\Windows\system32\Ipfeaa32.exe
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Process created: C:\Windows\SysWOW64\Jphbga32.exe C:\Windows\system32\Jphbga32.exe
Source: C:\Windows\SysWOW64\Jphbga32.exe Process created: C:\Windows\SysWOW64\Jomohnom.exe C:\Windows\system32\Jomohnom.exe
Source: C:\Windows\SysWOW64\Jomohnom.exe Process created: C:\Windows\SysWOW64\Jpmlbqfp.exe C:\Windows\system32\Jpmlbqfp.exe
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Process created: C:\Windows\SysWOW64\Jlclga32.exe C:\Windows\system32\Jlclga32.exe
Source: C:\Windows\SysWOW64\Jlclga32.exe Process created: C:\Windows\SysWOW64\Jhjmlb32.exe C:\Windows\system32\Jhjmlb32.exe
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Process created: C:\Windows\SysWOW64\Jacaehhi.exe C:\Windows\system32\Jacaehhi.exe
Source: C:\Windows\SysWOW64\Jacaehhi.exe Process created: C:\Windows\SysWOW64\Khofgbnc.exe C:\Windows\system32\Khofgbnc.exe
Source: C:\Windows\SysWOW64\Khofgbnc.exe Process created: C:\Windows\SysWOW64\Khacmalp.exe C:\Windows\system32\Khacmalp.exe
Source: C:\Windows\SysWOW64\Khacmalp.exe Process created: C:\Windows\SysWOW64\Konhokaj.exe C:\Windows\system32\Konhokaj.exe
Source: C:\Windows\SysWOW64\Konhokaj.exe Process created: C:\Windows\SysWOW64\Kejmae32.exe C:\Windows\system32\Kejmae32.exe
Source: C:\Windows\SysWOW64\Kejmae32.exe Process created: C:\Windows\SysWOW64\Lpbndndh.exe C:\Windows\system32\Lpbndndh.exe
Source: C:\Windows\SysWOW64\Lpbndndh.exe Process created: C:\Windows\SysWOW64\Lcbgfi32.exe C:\Windows\system32\Lcbgfi32.exe
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Process created: C:\Windows\SysWOW64\Lceckh32.exe C:\Windows\system32\Lceckh32.exe
Source: C:\Windows\SysWOW64\Lceckh32.exe Process created: C:\Windows\SysWOW64\Lcgpahmc.exe C:\Windows\system32\Lcgpahmc.exe
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Process created: C:\Windows\SysWOW64\Mpkajllm.exe C:\Windows\system32\Mpkajllm.exe
Source: C:\Windows\SysWOW64\Mpkajllm.exe Process created: C:\Windows\SysWOW64\Mhibdn32.exe C:\Windows\system32\Mhibdn32.exe
Source: C:\Windows\SysWOW64\Mhibdn32.exe Process created: C:\Windows\SysWOW64\Mhkojn32.exe C:\Windows\system32\Mhkojn32.exe
Source: C:\Windows\SysWOW64\Mhkojn32.exe Process created: C:\Windows\SysWOW64\Mlihpl32.exe C:\Windows\system32\Mlihpl32.exe
Source: C:\Windows\SysWOW64\Mlihpl32.exe Process created: C:\Windows\SysWOW64\Njoeophq.exe C:\Windows\system32\Njoeophq.exe
Source: C:\Windows\SysWOW64\Njoeophq.exe Process created: C:\Windows\SysWOW64\Nbkicbfk.exe C:\Windows\system32\Nbkicbfk.exe
Source: C:\Windows\SysWOW64\Nbkicbfk.exe Process created: C:\Windows\SysWOW64\Nqnfgjlh.exe C:\Windows\system32\Nqnfgjlh.exe
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe Process created: C:\Windows\SysWOW64\Ofmldphm.exe C:\Windows\system32\Ofmldphm.exe
Source: C:\Windows\SysWOW64\Ofmldphm.exe Process created: C:\Windows\SysWOW64\Ojkdkonc.exe C:\Windows\system32\Ojkdkonc.exe
Source: C:\Windows\SysWOW64\Ojkdkonc.exe Process created: C:\Windows\SysWOW64\Ojmapnlq.exe C:\Windows\system32\Ojmapnlq.exe
Source: C:\Windows\SysWOW64\Ojmapnlq.exe Process created: C:\Windows\SysWOW64\Ofdbeobd.exe C:\Windows\system32\Ofdbeobd.exe
Source: C:\Windows\SysWOW64\Ofdbeobd.exe Process created: C:\Windows\SysWOW64\Offokopb.exe C:\Windows\system32\Offokopb.exe
Source: C:\Windows\SysWOW64\Offokopb.exe Process created: C:\Windows\SysWOW64\Pfikpo32.exe C:\Windows\system32\Pfikpo32.exe
Source: C:\Windows\SysWOW64\Pfikpo32.exe Process created: C:\Windows\SysWOW64\Pijdbj32.exe C:\Windows\system32\Pijdbj32.exe
Source: C:\Windows\SysWOW64\Pijdbj32.exe Process created: C:\Windows\SysWOW64\Pjiqlm32.exe C:\Windows\system32\Pjiqlm32.exe
Source: C:\Windows\SysWOW64\Pjiqlm32.exe Process created: C:\Windows\SysWOW64\Pbdepo32.exe C:\Windows\system32\Pbdepo32.exe
Source: C:\Windows\SysWOW64\Pbdepo32.exe Process created: C:\Windows\SysWOW64\Pqhbdf32.exe C:\Windows\system32\Pqhbdf32.exe
Source: C:\Windows\SysWOW64\Pqhbdf32.exe Process created: C:\Windows\SysWOW64\Qmocigko.exe C:\Windows\system32\Qmocigko.exe
Source: C:\Windows\SysWOW64\Qmocigko.exe Process created: C:\Windows\SysWOW64\Qiecnhac.exe C:\Windows\system32\Qiecnhac.exe
Source: C:\Windows\SysWOW64\Qiecnhac.exe Process created: C:\Windows\SysWOW64\Amcldf32.exe C:\Windows\system32\Amcldf32.exe
Source: C:\Windows\SysWOW64\Amcldf32.exe Process created: C:\Windows\SysWOW64\Ameiifeg.exe C:\Windows\system32\Ameiifeg.exe
Source: C:\Windows\SysWOW64\Ameiifeg.exe Process created: C:\Windows\SysWOW64\Ailjng32.exe C:\Windows\system32\Ailjng32.exe
Source: C:\Windows\SysWOW64\Ailjng32.exe Process created: C:\Windows\SysWOW64\Ajlfhjbn.exe C:\Windows\system32\Ajlfhjbn.exe
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Process created: C:\Windows\SysWOW64\Bpkkfq32.exe C:\Windows\system32\Bpkkfq32.exe
Source: C:\Windows\SysWOW64\Bpkkfq32.exe Process created: C:\Windows\SysWOW64\Bajhpc32.exe C:\Windows\system32\Bajhpc32.exe
Source: C:\Windows\SysWOW64\Bajhpc32.exe Process created: C:\Windows\SysWOW64\Bdkabo32.exe C:\Windows\system32\Bdkabo32.exe
Source: C:\Windows\SysWOW64\Bdkabo32.exe Process created: C:\Windows\SysWOW64\Bdnngnpc.exe C:\Windows\system32\Bdnngnpc.exe
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Process created: C:\Windows\SysWOW64\Baanabom.exe C:\Windows\system32\Baanabom.exe
Source: C:\Windows\SysWOW64\Baanabom.exe Process created: C:\Windows\SysWOW64\Bmhofc32.exe C:\Windows\system32\Bmhofc32.exe
Source: C:\Windows\SysWOW64\Bmhofc32.exe Process created: C:\Windows\SysWOW64\Cafglb32.exe C:\Windows\system32\Cafglb32.exe
Source: C:\Windows\SysWOW64\Cafglb32.exe Process created: C:\Windows\SysWOW64\Cmmhacal.exe C:\Windows\system32\Cmmhacal.exe
Source: C:\Windows\SysWOW64\Cmmhacal.exe Process created: C:\Windows\SysWOW64\Cmoefb32.exe C:\Windows\system32\Cmoefb32.exe
Source: C:\Windows\SysWOW64\Cmoefb32.exe Process created: C:\Windows\SysWOW64\Cppnhn32.exe C:\Windows\system32\Cppnhn32.exe
Source: C:\Windows\SysWOW64\Cppnhn32.exe Process created: C:\Windows\SysWOW64\Dbagjiik.exe C:\Windows\system32\Dbagjiik.exe
Source: C:\Windows\SysWOW64\Dbagjiik.exe Process created: C:\Windows\SysWOW64\Dmihma32.exe C:\Windows\system32\Dmihma32.exe
Source: C:\Windows\SysWOW64\Dmihma32.exe Process created: C:\Windows\SysWOW64\Dafpcpme.exe C:\Windows\system32\Dafpcpme.exe
Source: C:\Windows\SysWOW64\Dafpcpme.exe Process created: C:\Windows\SysWOW64\Dkoele32.exe C:\Windows\system32\Dkoele32.exe
Source: C:\Windows\SysWOW64\Dkoele32.exe Process created: C:\Windows\SysWOW64\Dcjjpgaa.exe C:\Windows\system32\Dcjjpgaa.exe
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe Process created: C:\Windows\SysWOW64\Ecmfegon.exe C:\Windows\system32\Ecmfegon.exe
Source: C:\Windows\SysWOW64\Ecmfegon.exe Process created: C:\Windows\SysWOW64\Edlcpjfa.exe C:\Windows\system32\Edlcpjfa.exe
Source: C:\Windows\SysWOW64\Edlcpjfa.exe Process created: C:\Windows\SysWOW64\Ednpeidn.exe C:\Windows\system32\Ednpeidn.exe
Source: C:\Windows\SysWOW64\Ednpeidn.exe Process created: C:\Windows\SysWOW64\Edqlki32.exe C:\Windows\system32\Edqlki32.exe
Source: C:\Windows\SysWOW64\Edqlki32.exe Process created: C:\Windows\SysWOW64\Eniqcohl.exe C:\Windows\system32\Eniqcohl.exe
Source: C:\Windows\SysWOW64\Eniqcohl.exe Process created: C:\Windows\SysWOW64\Fnkmiofi.exe C:\Windows\system32\Fnkmiofi.exe
Source: C:\Windows\SysWOW64\Fnkmiofi.exe Process created: C:\Windows\SysWOW64\Fplfki32.exe C:\Windows\system32\Fplfki32.exe
Source: C:\Windows\SysWOW64\Fplfki32.exe Process created: C:\Windows\SysWOW64\Fghkmc32.exe C:\Windows\system32\Fghkmc32.exe
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Enmknk32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fnohck32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fkchmojh.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fekmfd32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Foaacm32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Fmeamaph.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Febcfckp.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbfcph32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gbipeg32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Geiigbeh.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gnbnph32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Gpajjk32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hbbclf32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hpfcejof.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Hloapk32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iejbnp32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Iflknc32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe Section loaded: crtdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\Imjmel32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\Ifcanaen.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ifcanaen.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ifcanaen.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ifcanaen.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jfenda32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jfenda32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jfenda32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jfenda32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jopbhd32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jopbhd32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jopbhd32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jopbhd32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jppobf32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jppobf32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jppobf32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jppobf32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jlimmg32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jlimmg32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jlimmg32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jlimmg32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kiojlk32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kiojlk32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kiojlk32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kiojlk32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kefjql32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kefjql32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kefjql32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kefjql32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kjfplj32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kjfplj32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kjfplj32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kjfplj32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ljimbj32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ljimbj32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ljimbj32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ljimbj32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Leomgk32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Leomgk32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Leomgk32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Leomgk32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lgojanmn.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lgojanmn.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lgojanmn.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lgojanmn.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lgaffm32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lgaffm32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lgaffm32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lgaffm32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Llnood32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Llnood32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Llnood32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Llnood32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ljbphh32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ljbphh32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ljbphh32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ljbphh32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mjgichdg.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mjgichdg.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mjgichdg.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mjgichdg.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mjieig32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mjieig32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mjieig32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mjieig32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mohkfn32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mohkfn32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mohkfn32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mohkfn32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Mnikde32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Mnikde32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Mnikde32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Mnikde32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Njplifll.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Njplifll.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Njplifll.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Njplifll.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nchpbl32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nchpbl32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nchpbl32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nchpbl32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nooagm32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nooagm32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nooagm32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nooagm32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nqomappc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nqomappc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nqomappc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nqomappc.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Nmenfa32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Nmenfa32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Nmenfa32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Nmenfa32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Oqcglo32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Oqcglo32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Oqcglo32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Oqcglo32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Omoalp32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Omoalp32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Omoalp32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Omoalp32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Onnmfb32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Onnmfb32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Onnmfb32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Onnmfb32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Onqjlb32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Onqjlb32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Onqjlb32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Onqjlb32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pjgkac32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pjgkac32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pjgkac32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pjgkac32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pfceac32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pfceac32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pfceac32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pfceac32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Pfeafc32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Pfeafc32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Pfeafc32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Pfeafc32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Qjcjma32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Qjcjma32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Qjcjma32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Qjcjma32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Qhgkff32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Qhgkff32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Qhgkff32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Qhgkff32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Apbpjhji.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Apbpjhji.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Apbpjhji.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Apbpjhji.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Aabldk32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Aabldk32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Aabldk32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Aabldk32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Apgieg32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Apgieg32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Apgieg32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Apgieg32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Amkiol32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Amkiol32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Amkiol32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Amkiol32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ajojhp32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ajojhp32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ajojhp32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ajojhp32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Bombon32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Bombon32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Bombon32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Bombon32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Baphfiel.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Baphfiel.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Baphfiel.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Baphfiel.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Bmgikj32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Bmgikj32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Bmgikj32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Bmgikj32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Badaah32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Badaah32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Badaah32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Badaah32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Cohbjm32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Cohbjm32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Cohbjm32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Cohbjm32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Cokoplnm.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Cokoplnm.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Cokoplnm.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Cokoplnm.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ckdljm32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ckdljm32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ckdljm32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ckdljm32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Chhmdaph.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Chhmdaph.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Chhmdaph.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Chhmdaph.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Dhjiianf.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Dhjiianf.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Dhjiianf.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Dhjiianf.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Dhocdp32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Dhocdp32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Dhocdp32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Dhocdp32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Dokhgj32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Dokhgj32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Dokhgj32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Dokhgj32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Dondlj32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Dondlj32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Dondlj32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Dondlj32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Encamf32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Encamf32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Encamf32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Encamf32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Engkhenj.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Engkhenj.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Engkhenj.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Engkhenj.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Eddpko32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Eddpko32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Eddpko32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Eddpko32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Fnanodfp.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Fnanodfp.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Fnanodfp.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Fnanodfp.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Fopjig32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Fopjig32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Fopjig32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Fopjig32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Gqfpko32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Gqfpko32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Gqfpko32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Gqfpko32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ggbenh32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ggbenh32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ggbenh32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ggbenh32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Gibahklh.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Gibahklh.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Gibahklh.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Gibahklh.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Gidnmk32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Gidnmk32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Gidnmk32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Gidnmk32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Gekobloj.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Gekobloj.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Gekobloj.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Gekobloj.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Hglhdg32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Hglhdg32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Hglhdg32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Hglhdg32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Hedahkgo.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Hedahkgo.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Hedahkgo.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Hedahkgo.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ibkogn32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ibkogn32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ibkogn32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ibkogn32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Inaplpij.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Inaplpij.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Inaplpij.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Inaplpij.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jphbga32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jphbga32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jphbga32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jphbga32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jomohnom.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jomohnom.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jomohnom.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jomohnom.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jlclga32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jlclga32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jlclga32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jlclga32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Jacaehhi.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Jacaehhi.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Jacaehhi.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Jacaehhi.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Khofgbnc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Khofgbnc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Khofgbnc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Khofgbnc.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Khacmalp.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Khacmalp.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Khacmalp.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Khacmalp.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Konhokaj.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Konhokaj.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Konhokaj.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Konhokaj.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Kejmae32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Kejmae32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Kejmae32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Kejmae32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lpbndndh.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lpbndndh.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lpbndndh.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lpbndndh.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lceckh32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lceckh32.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lceckh32.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lceckh32.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Section loaded: crtdll.dll
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Section loaded: ntmarta.dll
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .embm
PE file contains sections with non-standard names
Source: jQ3NFDayJm Static PE information: section name: .embm
Source: Enmknk32.exe.0.dr Static PE information: section name: .embm
Source: Fnohck32.exe.1.dr Static PE information: section name: .embm
Source: Fkchmojh.exe.2.dr Static PE information: section name: .embm
Source: Fekmfd32.exe.3.dr Static PE information: section name: .embm
Source: Foaacm32.exe.5.dr Static PE information: section name: .embm
Source: Fmeamaph.exe.6.dr Static PE information: section name: .embm
Source: Ffmfeg32.exe.7.dr Static PE information: section name: .embm
Source: Febcfckp.exe.8.dr Static PE information: section name: .embm
Source: Gbfcph32.exe.9.dr Static PE information: section name: .embm
Source: Gbipeg32.exe.10.dr Static PE information: section name: .embm
Source: Gpmqolfa.exe.11.dr Static PE information: section name: .embm
Source: Geiigbeh.exe.12.dr Static PE information: section name: .embm
Source: Gnbnph32.exe.13.dr Static PE information: section name: .embm
Source: Gpajjk32.exe.14.dr Static PE information: section name: .embm
Source: Genbbb32.exe.15.dr Static PE information: section name: .embm
Source: Hbbclf32.exe.16.dr Static PE information: section name: .embm
Source: Hpfcejof.exe.17.dr Static PE information: section name: .embm
Source: Hphpkjlc.exe.18.dr Static PE information: section name: .embm
Source: Hloapk32.exe.19.dr Static PE information: section name: .embm
Source: Iejbnp32.exe.20.dr Static PE information: section name: .embm
Source: Iflknc32.exe.21.dr Static PE information: section name: .embm
Source: Ipdpfhbf.exe.22.dr Static PE information: section name: .embm
Source: Ilkpkihj.exe.23.dr Static PE information: section name: .embm
Source: Imjmel32.exe.24.dr Static PE information: section name: .embm
Source: Ifcanaen.exe.25.dr Static PE information: section name: .embm
Source: Jfenda32.exe.26.dr Static PE information: section name: .embm
Source: Jopbhd32.exe.27.dr Static PE information: section name: .embm
Source: Jppobf32.exe.28.dr Static PE information: section name: .embm
Source: Jlfpghnm.exe.29.dr Static PE information: section name: .embm
Source: Jlimmg32.exe.30.dr Static PE information: section name: .embm
Source: Kmhigjcm.exe.31.dr Static PE information: section name: .embm
Source: Kiojlk32.exe.32.dr Static PE information: section name: .embm
Source: Kefjql32.exe.33.dr Static PE information: section name: .embm
Source: Kgegkoeh.exe.34.dr Static PE information: section name: .embm
Source: Kpnkcdli.exe.35.dr Static PE information: section name: .embm
Source: Kjfplj32.exe.36.dr Static PE information: section name: .embm
Source: Ljimbj32.exe.38.dr Static PE information: section name: .embm
Source: Leomgk32.exe.39.dr Static PE information: section name: .embm
Source: Lgojanmn.exe.40.dr Static PE information: section name: .embm
Source: Lgaffm32.exe.41.dr Static PE information: section name: .embm
Source: Llnood32.exe.42.dr Static PE information: section name: .embm
Source: Ljbphh32.exe.43.dr Static PE information: section name: .embm
Source: Mjdlnhfi.exe.44.dr Static PE information: section name: .embm
Source: Mjgichdg.exe.45.dr Static PE information: section name: .embm
Source: Mjieig32.exe.46.dr Static PE information: section name: .embm
Source: Mgmfbl32.exe.47.dr Static PE information: section name: .embm
Source: Mohkfn32.exe.48.dr Static PE information: section name: .embm
Source: Mnikde32.exe.49.dr Static PE information: section name: .embm
Source: Njplifll.exe.50.dr Static PE information: section name: .embm
Source: Nchpbl32.exe.51.dr Static PE information: section name: .embm
Source: Nooagm32.exe.52.dr Static PE information: section name: .embm
Source: Nqomappc.exe.53.dr Static PE information: section name: .embm
Source: Nmenfa32.exe.54.dr Static PE information: section name: .embm
Source: Oqcglo32.exe.55.dr Static PE information: section name: .embm
Source: Ophcmlpf.exe.56.dr Static PE information: section name: .embm
Source: Oqhpgogi.exe.57.dr Static PE information: section name: .embm
Source: Omoalp32.exe.58.dr Static PE information: section name: .embm
Source: Onnmfb32.exe.59.dr Static PE information: section name: .embm
Source: Onqjlb32.exe.60.dr Static PE information: section name: .embm
Source: Pjgkac32.exe.61.dr Static PE information: section name: .embm
Source: Pfnkfdne.exe.62.dr Static PE information: section name: .embm
Source: Pfqhkdkc.exe.63.dr Static PE information: section name: .embm
Source: Pfceac32.exe.64.dr Static PE information: section name: .embm
Source: Pfeafc32.exe.65.dr Static PE information: section name: .embm
Source: Qjcjma32.exe.66.dr Static PE information: section name: .embm
Source: Qhgkff32.exe.67.dr Static PE information: section name: .embm
Source: Apbpjhji.exe.68.dr Static PE information: section name: .embm
Source: Aabldk32.exe.69.dr Static PE information: section name: .embm
Source: Ajjqmqgl.exe.70.dr Static PE information: section name: .embm
Source: Apgieg32.exe.71.dr Static PE information: section name: .embm
Source: Amkiol32.exe.72.dr Static PE information: section name: .embm
Source: Ajojhp32.exe.73.dr Static PE information: section name: .embm
Source: Bombon32.exe.74.dr Static PE information: section name: .embm
Source: Bmbppkoe.exe.75.dr Static PE information: section name: .embm
Source: Baphfiel.exe.76.dr Static PE information: section name: .embm
Source: Bmgikj32.exe.77.dr Static PE information: section name: .embm
Source: Badaah32.exe.78.dr Static PE information: section name: .embm
Source: Cohbjm32.exe.79.dr Static PE information: section name: .embm
Source: Cokoplnm.exe.80.dr Static PE information: section name: .embm
Source: Cgfcdokh.exe.81.dr Static PE information: section name: .embm
Source: Ckdljm32.exe.82.dr Static PE information: section name: .embm
Source: Chhmdaph.exe.83.dr Static PE information: section name: .embm
Source: Dhjiianf.exe.84.dr Static PE information: section name: .embm
Source: jQ3NFDayJm Static PE information: section name: .text entropy: 6.967795675976894
Source: Enmknk32.exe.0.dr Static PE information: section name: .text entropy: 7.0880725316755555
Source: Fnohck32.exe.1.dr Static PE information: section name: .text entropy: 7.204697784522738
Source: Fkchmojh.exe.2.dr Static PE information: section name: .text entropy: 7.189205574281606
Source: Fekmfd32.exe.3.dr Static PE information: section name: .text entropy: 7.184238875284019
Source: Foaacm32.exe.5.dr Static PE information: section name: .text entropy: 7.135974140163313
Source: Fmeamaph.exe.6.dr Static PE information: section name: .text entropy: 7.0716217535923525
Source: Ffmfeg32.exe.7.dr Static PE information: section name: .text entropy: 7.010695943539895
Source: Febcfckp.exe.8.dr Static PE information: section name: .text entropy: 7.220731641062342
Source: Gbfcph32.exe.9.dr Static PE information: section name: .text entropy: 7.155772215790841
Source: Gbipeg32.exe.10.dr Static PE information: section name: .text entropy: 7.100606846841398
Source: Gpmqolfa.exe.11.dr Static PE information: section name: .text entropy: 7.154707924144056
Source: Geiigbeh.exe.12.dr Static PE information: section name: .text entropy: 7.2001223765676405
Source: Gnbnph32.exe.13.dr Static PE information: section name: .text entropy: 7.156794794237128
Source: Gpajjk32.exe.14.dr Static PE information: section name: .text entropy: 7.184421525399273
Source: Genbbb32.exe.15.dr Static PE information: section name: .text entropy: 7.17786991562426
Source: Hbbclf32.exe.16.dr Static PE information: section name: .text entropy: 7.177998388238537
Source: Hpfcejof.exe.17.dr Static PE information: section name: .text entropy: 7.230380149949785
Source: Hphpkjlc.exe.18.dr Static PE information: section name: .text entropy: 7.18348958086663
Source: Hloapk32.exe.19.dr Static PE information: section name: .text entropy: 7.130209325388142
Source: Iejbnp32.exe.20.dr Static PE information: section name: .text entropy: 7.108291035319974
Source: Iflknc32.exe.21.dr Static PE information: section name: .text entropy: 7.173336926705286
Source: Ipdpfhbf.exe.22.dr Static PE information: section name: .text entropy: 7.1360801464761385
Source: Ilkpkihj.exe.23.dr Static PE information: section name: .text entropy: 7.243940550782323
Source: Imjmel32.exe.24.dr Static PE information: section name: .text entropy: 7.16704199937331
Source: Ifcanaen.exe.25.dr Static PE information: section name: .text entropy: 7.134971138222919
Source: Jfenda32.exe.26.dr Static PE information: section name: .text entropy: 7.1687828613035816
Source: Jopbhd32.exe.27.dr Static PE information: section name: .text entropy: 6.986096098162108
Source: Jppobf32.exe.28.dr Static PE information: section name: .text entropy: 7.141626768499709
Source: Jlfpghnm.exe.29.dr Static PE information: section name: .text entropy: 7.218833873140882
Source: Jlimmg32.exe.30.dr Static PE information: section name: .text entropy: 7.166871633482736
Source: Kmhigjcm.exe.31.dr Static PE information: section name: .text entropy: 7.1749907376089075
Source: Kiojlk32.exe.32.dr Static PE information: section name: .text entropy: 7.136947481095759
Source: Kefjql32.exe.33.dr Static PE information: section name: .text entropy: 7.194379303198812
Source: Kgegkoeh.exe.34.dr Static PE information: section name: .text entropy: 7.154514943332378
Source: Kpnkcdli.exe.35.dr Static PE information: section name: .text entropy: 7.184472278858186
Source: Kjfplj32.exe.36.dr Static PE information: section name: .text entropy: 7.20481398648761
Source: Ljimbj32.exe.38.dr Static PE information: section name: .text entropy: 7.171423645288901
Source: Leomgk32.exe.39.dr Static PE information: section name: .text entropy: 7.112409693971807
Source: Lgojanmn.exe.40.dr Static PE information: section name: .text entropy: 7.057581126747963
Source: Lgaffm32.exe.41.dr Static PE information: section name: .text entropy: 7.160037224066742
Source: Llnood32.exe.42.dr Static PE information: section name: .text entropy: 7.111025978944535
Source: Ljbphh32.exe.43.dr Static PE information: section name: .text entropy: 7.1737461564992495
Source: Mjdlnhfi.exe.44.dr Static PE information: section name: .text entropy: 7.153296046248593
Source: Mjgichdg.exe.45.dr Static PE information: section name: .text entropy: 7.0591683492769235
Source: Mjieig32.exe.46.dr Static PE information: section name: .text entropy: 7.081682927854323
Source: Mgmfbl32.exe.47.dr Static PE information: section name: .text entropy: 7.214626498336459
Source: Mohkfn32.exe.48.dr Static PE information: section name: .text entropy: 7.183704744546774
Source: Mnikde32.exe.49.dr Static PE information: section name: .text entropy: 7.187027508092678
Source: Njplifll.exe.50.dr Static PE information: section name: .text entropy: 7.192055798569515
Source: Nchpbl32.exe.51.dr Static PE information: section name: .text entropy: 7.23525004754913
Source: Nooagm32.exe.52.dr Static PE information: section name: .text entropy: 7.190698405723743
Source: Nqomappc.exe.53.dr Static PE information: section name: .text entropy: 7.1460204164625445
Source: Nmenfa32.exe.54.dr Static PE information: section name: .text entropy: 7.022633190727473
Source: Oqcglo32.exe.55.dr Static PE information: section name: .text entropy: 6.999308406944921
Source: Ophcmlpf.exe.56.dr Static PE information: section name: .text entropy: 7.14007589681238
Source: Oqhpgogi.exe.57.dr Static PE information: section name: .text entropy: 7.154953895704857
Source: Omoalp32.exe.58.dr Static PE information: section name: .text entropy: 7.169676499383685
Source: Onnmfb32.exe.59.dr Static PE information: section name: .text entropy: 7.170212873520649
Source: Onqjlb32.exe.60.dr Static PE information: section name: .text entropy: 7.116386416806007
Source: Pjgkac32.exe.61.dr Static PE information: section name: .text entropy: 7.1955219885767
Source: Pfnkfdne.exe.62.dr Static PE information: section name: .text entropy: 7.146895247877552
Source: Pfqhkdkc.exe.63.dr Static PE information: section name: .text entropy: 7.161467255225603
Source: Pfceac32.exe.64.dr Static PE information: section name: .text entropy: 7.1494786719792724
Source: Pfeafc32.exe.65.dr Static PE information: section name: .text entropy: 7.203686485634131
Source: Qjcjma32.exe.66.dr Static PE information: section name: .text entropy: 7.1508002253519685
Source: Qhgkff32.exe.67.dr Static PE information: section name: .text entropy: 7.141312070488272
Source: Apbpjhji.exe.68.dr Static PE information: section name: .text entropy: 7.162149762184501
Source: Aabldk32.exe.69.dr Static PE information: section name: .text entropy: 7.135942839703284
Source: Ajjqmqgl.exe.70.dr Static PE information: section name: .text entropy: 7.2158055047526135
Source: Apgieg32.exe.71.dr Static PE information: section name: .text entropy: 7.174897289453085
Source: Amkiol32.exe.72.dr Static PE information: section name: .text entropy: 7.166310875061317
Source: Ajojhp32.exe.73.dr Static PE information: section name: .text entropy: 7.206772116282912
Source: Bombon32.exe.74.dr Static PE information: section name: .text entropy: 7.127698805125321
Source: Bmbppkoe.exe.75.dr Static PE information: section name: .text entropy: 7.2047099976093785
Source: Baphfiel.exe.76.dr Static PE information: section name: .text entropy: 7.153065618640719
Source: Bmgikj32.exe.77.dr Static PE information: section name: .text entropy: 7.185275526455101
Source: Badaah32.exe.78.dr Static PE information: section name: .text entropy: 7.151430505816835
Source: Cohbjm32.exe.79.dr Static PE information: section name: .text entropy: 7.158796189308544
Source: Cokoplnm.exe.80.dr Static PE information: section name: .text entropy: 7.153909788292788
Source: Cgfcdokh.exe.81.dr Static PE information: section name: .text entropy: 7.173685316728015
Source: Ckdljm32.exe.82.dr Static PE information: section name: .text entropy: 7.161158115030997
Source: Chhmdaph.exe.83.dr Static PE information: section name: .text entropy: 7.125512647320786
Source: Dhjiianf.exe.84.dr Static PE information: section name: .text entropy: 7.144421430917175

Persistence and Installation Behavior
barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\SysWOW64\Dkoele32.exe Executable created and started: C:\Windows\SysWOW64\Dcjjpgaa.exe
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Executable created and started: C:\Windows\SysWOW64\Fbjmjcpl.exe
Source: C:\Windows\SysWOW64\Mlihpl32.exe Executable created and started: C:\Windows\SysWOW64\Njoeophq.exe
Source: C:\Windows\SysWOW64\Nooagm32.exe Executable created and started: C:\Windows\SysWOW64\Nqomappc.exe
Source: C:\Windows\SysWOW64\Mpkajllm.exe Executable created and started: C:\Windows\SysWOW64\Mhibdn32.exe
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Executable created and started: C:\Windows\SysWOW64\Pfqhkdkc.exe
Source: C:\Windows\SysWOW64\Cohbjm32.exe Executable created and started: C:\Windows\SysWOW64\Cokoplnm.exe
Source: C:\Windows\SysWOW64\Ifcanaen.exe Executable created and started: C:\Windows\SysWOW64\Jfenda32.exe
Source: C:\Windows\SysWOW64\Jomohnom.exe Executable created and started: C:\Windows\SysWOW64\Jpmlbqfp.exe
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Executable created and started: C:\Windows\SysWOW64\Oqhpgogi.exe
Source: C:\Windows\SysWOW64\Konhokaj.exe Executable created and started: C:\Windows\SysWOW64\Kejmae32.exe
Source: C:\Windows\SysWOW64\Dondlj32.exe Executable created and started: C:\Windows\SysWOW64\Encamf32.exe
Source: C:\Windows\SysWOW64\Imjmel32.exe Executable created and started: C:\Windows\SysWOW64\Ifcanaen.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ckdljm32.exe Executable created and started: C:\Windows\SysWOW64\Chhmdaph.exe
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Executable created and started: C:\Windows\SysWOW64\Hedahkgo.exe
Source: C:\Windows\SysWOW64\Bpkkfq32.exe Executable created and started: C:\Windows\SysWOW64\Bajhpc32.exe
Source: C:\Windows\SysWOW64\Apgieg32.exe Executable created and started: C:\Windows\SysWOW64\Amkiol32.exe
Source: C:\Windows\SysWOW64\Ljimbj32.exe Executable created and started: C:\Windows\SysWOW64\Leomgk32.exe
Source: C:\Windows\SysWOW64\Fnkmiofi.exe Executable created and started: C:\Windows\SysWOW64\Fplfki32.exe
Source: C:\Windows\SysWOW64\Jacaehhi.exe Executable created and started: C:\Windows\SysWOW64\Khofgbnc.exe
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Executable created and started: C:\Windows\SysWOW64\Gqfpko32.exe
Source: C:\Windows\SysWOW64\Offokopb.exe Executable created and started: C:\Windows\SysWOW64\Pfikpo32.exe
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Executable created and started: C:\Windows\SysWOW64\Baanabom.exe
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Executable created and started: C:\Windows\SysWOW64\Geiigbeh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hedahkgo.exe Executable created and started: C:\Windows\SysWOW64\Hbhbbofi.exe
Source: C:\Windows\SysWOW64\Baanabom.exe Executable created and started: C:\Windows\SysWOW64\Bmhofc32.exe
Source: C:\Windows\SysWOW64\Dmihma32.exe Executable created and started: C:\Windows\SysWOW64\Dafpcpme.exe
Source: C:\Windows\SysWOW64\Llnood32.exe Executable created and started: C:\Windows\SysWOW64\Ljbphh32.exe
Source: C:\Windows\SysWOW64\Gqfpko32.exe Executable created and started: C:\Windows\SysWOW64\Ggbenh32.exe
Source: C:\Windows\SysWOW64\Mjieig32.exe Executable created and started: C:\Windows\SysWOW64\Mgmfbl32.exe
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Executable created and started: C:\Windows\SysWOW64\Ipfeaa32.exe
Source: C:\Windows\SysWOW64\Amcldf32.exe Executable created and started: C:\Windows\SysWOW64\Ameiifeg.exe
Source: C:\Windows\SysWOW64\Baphfiel.exe Executable created and started: C:\Windows\SysWOW64\Bmgikj32.exe
Source: C:\Windows\SysWOW64\Pjiqlm32.exe Executable created and started: C:\Windows\SysWOW64\Pbdepo32.exe
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Executable created and started: C:\Windows\SysWOW64\Pfceac32.exe
Source: C:\Windows\SysWOW64\Gbipeg32.exe Executable created and started: C:\Windows\SysWOW64\Gpmqolfa.exe Jump to behavior
Source: C:\Windows\SysWOW64\Lgojanmn.exe Executable created and started: C:\Windows\SysWOW64\Lgaffm32.exe
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Executable created and started: C:\Windows\SysWOW64\Ckdljm32.exe
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Executable created and started: C:\Windows\SysWOW64\Ibkogn32.exe
Source: C:\Windows\SysWOW64\Nqomappc.exe Executable created and started: C:\Windows\SysWOW64\Nmenfa32.exe
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Executable created and started: C:\Windows\SysWOW64\Mjgichdg.exe
Source: C:\Windows\SysWOW64\Pqhbdf32.exe Executable created and started: C:\Windows\SysWOW64\Qmocigko.exe
Source: C:\Windows\SysWOW64\Gpajjk32.exe Executable created and started: C:\Windows\SysWOW64\Genbbb32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Pbdepo32.exe Executable created and started: C:\Windows\SysWOW64\Pqhbdf32.exe
Source: C:\Windows\SysWOW64\Ednpeidn.exe Executable created and started: C:\Windows\SysWOW64\Edqlki32.exe
Source: C:\Windows\SysWOW64\Jlclga32.exe Executable created and started: C:\Windows\SysWOW64\Jhjmlb32.exe
Source: C:\Windows\SysWOW64\Ailjng32.exe Executable created and started: C:\Windows\SysWOW64\Ajlfhjbn.exe
Source: C:\Windows\SysWOW64\Omoalp32.exe Executable created and started: C:\Windows\SysWOW64\Onnmfb32.exe
Source: C:\Windows\SysWOW64\Oqcglo32.exe Executable created and started: C:\Windows\SysWOW64\Ophcmlpf.exe
Source: C:\Windows\SysWOW64\Fnanodfp.exe Executable created and started: C:\Windows\SysWOW64\Fopjig32.exe
Source: C:\Windows\SysWOW64\Bmgikj32.exe Executable created and started: C:\Windows\SysWOW64\Badaah32.exe
Source: C:\Windows\SysWOW64\Eddpko32.exe Executable created and started: C:\Windows\SysWOW64\Fqjqpp32.exe
Source: C:\Windows\SysWOW64\Cafglb32.exe Executable created and started: C:\Windows\SysWOW64\Cmmhacal.exe
Source: C:\Windows\SysWOW64\Iflknc32.exe Executable created and started: C:\Windows\SysWOW64\Ipdpfhbf.exe Jump to behavior
Source: C:\Windows\SysWOW64\Genbbb32.exe Executable created and started: C:\Windows\SysWOW64\Hbbclf32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ecmfegon.exe Executable created and started: C:\Windows\SysWOW64\Edlcpjfa.exe
Source: C:\Windows\SysWOW64\Nbkicbfk.exe Executable created and started: C:\Windows\SysWOW64\Nqnfgjlh.exe
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Executable created and started: C:\Windows\SysWOW64\Fnanodfp.exe
Source: C:\Windows\SysWOW64\Gbfcph32.exe Executable created and started: C:\Windows\SysWOW64\Gbipeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Pjgkac32.exe Executable created and started: C:\Windows\SysWOW64\Pfnkfdne.exe
Source: C:\Windows\SysWOW64\Engkhenj.exe Executable created and started: C:\Windows\SysWOW64\Eddpko32.exe
Source: C:\Windows\SysWOW64\Fekmfd32.exe Executable created and started: C:\Windows\SysWOW64\Foaacm32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Cmoefb32.exe Executable created and started: C:\Windows\SysWOW64\Cppnhn32.exe
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Executable created and started: C:\Windows\SysWOW64\Lceckh32.exe
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Executable created and started: C:\Windows\SysWOW64\Mohkfn32.exe
Source: C:\Windows\SysWOW64\Pfikpo32.exe Executable created and started: C:\Windows\SysWOW64\Pijdbj32.exe
Source: C:\Windows\SysWOW64\Jlimmg32.exe Executable created and started: C:\Windows\SysWOW64\Kmhigjcm.exe
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Executable created and started: C:\Windows\SysWOW64\Hloapk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Executable created and started: C:\Windows\SysWOW64\Jphbga32.exe
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe Executable created and started: C:\Windows\SysWOW64\Ecmfegon.exe
Source: C:\Windows\SysWOW64\Geiigbeh.exe Executable created and started: C:\Windows\SysWOW64\Gnbnph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Executable created and started: C:\Windows\SysWOW64\Hgqaofhe.exe
Source: C:\Windows\SysWOW64\Kefjql32.exe Executable created and started: C:\Windows\SysWOW64\Kgegkoeh.exe
Source: C:\Windows\SysWOW64\Foaacm32.exe Executable created and started: C:\Windows\SysWOW64\Fmeamaph.exe Jump to behavior
Source: C:\Windows\SysWOW64\Dokhgj32.exe Executable created and started: C:\Windows\SysWOW64\Dondlj32.exe
Source: C:\Windows\SysWOW64\Pfceac32.exe Executable created and started: C:\Windows\SysWOW64\Pfeafc32.exe
Source: C:\Windows\SysWOW64\Febcfckp.exe Executable created and started: C:\Windows\SysWOW64\Gbfcph32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Chhmdaph.exe Executable created and started: C:\Windows\SysWOW64\Dhjiianf.exe
Source: C:\Windows\SysWOW64\Badaah32.exe Executable created and started: C:\Windows\SysWOW64\Cohbjm32.exe
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe Executable created and started: C:\Windows\SysWOW64\Ofmldphm.exe
Source: C:\Windows\SysWOW64\Khofgbnc.exe Executable created and started: C:\Windows\SysWOW64\Khacmalp.exe
Source: C:\Windows\SysWOW64\Inaplpij.exe Executable created and started: C:\Windows\SysWOW64\Iiiqoh32.exe
Source: C:\Windows\SysWOW64\Mhkojn32.exe Executable created and started: C:\Windows\SysWOW64\Mlihpl32.exe
Source: C:\Windows\SysWOW64\Ojkdkonc.exe Executable created and started: C:\Windows\SysWOW64\Ojmapnlq.exe
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Executable created and started: C:\Windows\SysWOW64\Jlimmg32.exe
Source: C:\Windows\SysWOW64\Qhgkff32.exe Executable created and started: C:\Windows\SysWOW64\Apbpjhji.exe
Source: C:\Windows\SysWOW64\Dbagjiik.exe Executable created and started: C:\Windows\SysWOW64\Dmihma32.exe
Source: C:\Windows\SysWOW64\Fnohck32.exe Executable created and started: C:\Windows\SysWOW64\Fkchmojh.exe Jump to behavior
Source: C:\Windows\SysWOW64\Nmenfa32.exe Executable created and started: C:\Windows\SysWOW64\Oqcglo32.exe
Source: C:\Windows\SysWOW64\Ljbphh32.exe Executable created and started: C:\Windows\SysWOW64\Mjdlnhfi.exe
Source: C:\Windows\SysWOW64\Gnbnph32.exe Executable created and started: C:\Windows\SysWOW64\Gpajjk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Bdkabo32.exe Executable created and started: C:\Windows\SysWOW64\Bdnngnpc.exe
Source: C:\Windows\SysWOW64\Mnikde32.exe Executable created and started: C:\Windows\SysWOW64\Njplifll.exe
Source: C:\Windows\SysWOW64\Onqjlb32.exe Executable created and started: C:\Windows\SysWOW64\Pjgkac32.exe
Source: C:\Windows\SysWOW64\Qjcjma32.exe Executable created and started: C:\Windows\SysWOW64\Qhgkff32.exe
Source: C:\Windows\SysWOW64\Bombon32.exe Executable created and started: C:\Windows\SysWOW64\Bmbppkoe.exe
Source: C:\Windows\SysWOW64\Eniqcohl.exe Executable created and started: C:\Windows\SysWOW64\Fnkmiofi.exe
Source: C:\Windows\SysWOW64\Aabldk32.exe Executable created and started: C:\Windows\SysWOW64\Ajjqmqgl.exe
Source: C:\Windows\SysWOW64\Gidnmk32.exe Executable created and started: C:\Windows\SysWOW64\Gekobloj.exe
Source: C:\Windows\SysWOW64\Qmocigko.exe Executable created and started: C:\Windows\SysWOW64\Qiecnhac.exe
Source: C:\Windows\SysWOW64\Jphbga32.exe Executable created and started: C:\Windows\SysWOW64\Jomohnom.exe
Source: C:\Windows\SysWOW64\Bmhofc32.exe Executable created and started: C:\Windows\SysWOW64\Cafglb32.exe
Source: C:\Windows\SysWOW64\Onnmfb32.exe Executable created and started: C:\Windows\SysWOW64\Onqjlb32.exe
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Executable created and started: C:\Windows\SysWOW64\Apgieg32.exe
Source: C:\Windows\SysWOW64\Ibkogn32.exe Executable created and started: C:\Windows\SysWOW64\Inaplpij.exe
Source: C:\Windows\SysWOW64\Enmknk32.exe Executable created and started: C:\Windows\SysWOW64\Fnohck32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Khacmalp.exe Executable created and started: C:\Windows\SysWOW64\Konhokaj.exe
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Executable created and started: C:\Windows\SysWOW64\Jacaehhi.exe
Source: C:\Windows\SysWOW64\Qiecnhac.exe Executable created and started: C:\Windows\SysWOW64\Amcldf32.exe
Source: C:\Windows\SysWOW64\Kiojlk32.exe Executable created and started: C:\Windows\SysWOW64\Kefjql32.exe
Source: C:\Windows\SysWOW64\Pijdbj32.exe Executable created and started: C:\Windows\SysWOW64\Pjiqlm32.exe
Source: C:\Windows\SysWOW64\Cokoplnm.exe Executable created and started: C:\Windows\SysWOW64\Cgfcdokh.exe
Source: C:\Windows\SysWOW64\Amkiol32.exe Executable created and started: C:\Windows\SysWOW64\Ajojhp32.exe
Source: C:\Windows\SysWOW64\Njplifll.exe Executable created and started: C:\Windows\SysWOW64\Nchpbl32.exe
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Executable created and started: C:\Windows\SysWOW64\Dhocdp32.exe
Source: C:\Windows\SysWOW64\Edlcpjfa.exe Executable created and started: C:\Windows\SysWOW64\Ednpeidn.exe
Source: C:\Windows\SysWOW64\Ofdbeobd.exe Executable created and started: C:\Windows\SysWOW64\Offokopb.exe
Source: C:\Windows\SysWOW64\Fkchmojh.exe Executable created and started: C:\Windows\SysWOW64\Fekmfd32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jppobf32.exe Executable created and started: C:\Windows\SysWOW64\Jlfpghnm.exe
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Executable created and started: C:\Windows\SysWOW64\Ilkpkihj.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ggbenh32.exe Executable created and started: C:\Windows\SysWOW64\Gibahklh.exe
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Executable created and started: C:\Windows\SysWOW64\Enmknk32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ameiifeg.exe Executable created and started: C:\Windows\SysWOW64\Ailjng32.exe
Source: C:\Windows\SysWOW64\Dhocdp32.exe Executable created and started: C:\Windows\SysWOW64\Dokhgj32.exe
Source: C:\Windows\SysWOW64\Cmmhacal.exe Executable created and started: C:\Windows\SysWOW64\Cmoefb32.exe
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Executable created and started: C:\Windows\SysWOW64\Engkhenj.exe
Source: C:\Windows\SysWOW64\Hbbclf32.exe Executable created and started: C:\Windows\SysWOW64\Hpfcejof.exe Jump to behavior
Source: C:\Windows\SysWOW64\Dafpcpme.exe Executable created and started: C:\Windows\SysWOW64\Dkoele32.exe
Source: C:\Windows\SysWOW64\Pfeafc32.exe Executable created and started: C:\Windows\SysWOW64\Qjcjma32.exe
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Executable created and started: C:\Windows\SysWOW64\Kpnkcdli.exe
Source: C:\Windows\SysWOW64\Encamf32.exe Executable created and started: C:\Windows\SysWOW64\Eaqjcdhf.exe
Source: C:\Windows\SysWOW64\Leomgk32.exe Executable created and started: C:\Windows\SysWOW64\Lgojanmn.exe
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Executable created and started: C:\Windows\SysWOW64\Mpkajllm.exe
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Executable created and started: C:\Windows\SysWOW64\Kjfplj32.exe
Source: C:\Windows\SysWOW64\Jopbhd32.exe Executable created and started: C:\Windows\SysWOW64\Jppobf32.exe
Source: C:\Windows\SysWOW64\Fmeamaph.exe Executable created and started: C:\Windows\SysWOW64\Ffmfeg32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Apbpjhji.exe Executable created and started: C:\Windows\SysWOW64\Aabldk32.exe
Source: C:\Windows\SysWOW64\Edqlki32.exe Executable created and started: C:\Windows\SysWOW64\Eniqcohl.exe
Source: C:\Windows\SysWOW64\Jfenda32.exe Executable created and started: C:\Windows\SysWOW64\Jopbhd32.exe
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Executable created and started: C:\Windows\SysWOW64\Baphfiel.exe
Source: C:\Windows\SysWOW64\Kjfplj32.exe Executable created and started: C:\Windows\SysWOW64\Ljimbj32.exe
Source: C:\Windows\SysWOW64\Ojmapnlq.exe Executable created and started: C:\Windows\SysWOW64\Ofdbeobd.exe
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Executable created and started: C:\Windows\SysWOW64\Kiojlk32.exe
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Executable created and started: C:\Windows\SysWOW64\Imjmel32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Executable created and started: C:\Windows\SysWOW64\Bpkkfq32.exe
Source: C:\Windows\SysWOW64\Iejbnp32.exe Executable created and started: C:\Windows\SysWOW64\Iflknc32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Gekobloj.exe Executable created and started: C:\Windows\SysWOW64\Hglhdg32.exe
Source: C:\Windows\SysWOW64\Ajojhp32.exe Executable created and started: C:\Windows\SysWOW64\Bombon32.exe
Source: C:\Windows\SysWOW64\Gibahklh.exe Executable created and started: C:\Windows\SysWOW64\Gidnmk32.exe
Source: C:\Windows\SysWOW64\Hloapk32.exe Executable created and started: C:\Windows\SysWOW64\Iejbnp32.exe Jump to behavior
Source: C:\Windows\SysWOW64\Fopjig32.exe Executable created and started: C:\Windows\SysWOW64\Fbacjbjc.exe
Source: C:\Windows\SysWOW64\Fplfki32.exe Executable created and started: C:\Windows\SysWOW64\Fghkmc32.exe
Source: C:\Windows\SysWOW64\Kejmae32.exe Executable created and started: C:\Windows\SysWOW64\Lpbndndh.exe
Source: C:\Windows\SysWOW64\Hpfcejof.exe Executable created and started: C:\Windows\SysWOW64\Hphpkjlc.exe Jump to behavior
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Executable created and started: C:\Windows\SysWOW64\Jlclga32.exe
Source: C:\Windows\SysWOW64\Cppnhn32.exe Executable created and started: C:\Windows\SysWOW64\Dbagjiik.exe
Source: C:\Windows\SysWOW64\Mohkfn32.exe Executable created and started: C:\Windows\SysWOW64\Mnikde32.exe
Source: C:\Windows\SysWOW64\Mjgichdg.exe Executable created and started: C:\Windows\SysWOW64\Mjieig32.exe
Source: C:\Windows\SysWOW64\Lgaffm32.exe Executable created and started: C:\Windows\SysWOW64\Llnood32.exe
Source: C:\Windows\SysWOW64\Lpbndndh.exe Executable created and started: C:\Windows\SysWOW64\Lcbgfi32.exe
Source: C:\Windows\SysWOW64\Mhibdn32.exe Executable created and started: C:\Windows\SysWOW64\Mhkojn32.exe
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Executable created and started: C:\Windows\SysWOW64\Omoalp32.exe
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Executable created and started: C:\Windows\SysWOW64\Febcfckp.exe Jump to behavior
Source: C:\Windows\SysWOW64\Ofmldphm.exe Executable created and started: C:\Windows\SysWOW64\Ojkdkonc.exe
Source: C:\Windows\SysWOW64\Bajhpc32.exe Executable created and started: C:\Windows\SysWOW64\Bdkabo32.exe
Source: C:\Windows\SysWOW64\Dhjiianf.exe Executable created and started: C:\Windows\SysWOW64\Dhmfoq32.exe
Source: C:\Windows\SysWOW64\Lceckh32.exe Executable created and started: C:\Windows\SysWOW64\Lcgpahmc.exe
Source: C:\Windows\SysWOW64\Hglhdg32.exe Executable created and started: C:\Windows\SysWOW64\Hkjqjeba.exe
Source: C:\Windows\SysWOW64\Nchpbl32.exe Executable created and started: C:\Windows\SysWOW64\Nooagm32.exe
Source: C:\Windows\SysWOW64\Njoeophq.exe Executable created and started: C:\Windows\SysWOW64\Nbkicbfk.exe
Drops PE files
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Njmgoh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Dddgooib.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Phhqek32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Gdkolaoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Kfkiao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hikbigjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Akcokgql.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Dcjjpgaa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Impfdpln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Qjndnbei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Fbjmjcpl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Njoeophq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Nqomappc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Lhhhfbih.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Mhibdn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Pfqhkdkc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Dqamkq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Cokoplnm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Jfenda32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Ggjbcdlg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Jpmlbqfp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Oqhpgogi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Ecjgjl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Nlfalpdi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Fbjocj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Qoejampk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Bhiabhja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Kejmae32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Encamf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Kaigjjqk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Dgibhggn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Ifcanaen.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Chhmdaph.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hedahkgo.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Bajhpc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Amkiol32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Leomgk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Cpdhdolk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Fplfki32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Jmclho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Iciglbko.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Khofgbnc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Jeoqiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Gqfpko32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Pfikpo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Baanabom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Geiigbeh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Hbhbbofi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Bmhofc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Kgamdcln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Dafpcpme.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Cemjaq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Ljbphh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Ggbenh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Mgmfbl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Ipfeaa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Oogkej32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ameiifeg.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Bmgikj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Kdjdhipm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pbdepo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Epnhmj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Pfceac32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Okbebenm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Gpmqolfa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Lgaffm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Aelink32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Ckdljm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Lmaaqi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Ibkogn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Chbmaj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Nmenfa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Mjgichdg.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Ejjjedcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Qmocigko.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Pmqiii32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Genbbb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Gljedo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Igiglfjj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Pqhbdf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Edqlki32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Jhjmlb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Pihcgoep.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Ajlfhjbn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fifbonoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Onnmfb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Ophcmlpf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Fopjig32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Badaah32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Fqjqpp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Cmmhacal.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Foqfph32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Mmgiocda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Ipdpfhbf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Mfpeda32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Beqfpgmi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Hbbclf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Clakkf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Edlcpjfa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Nqnfgjlh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Fnanodfp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Cccfolfa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Jlnoca32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Inbgmhop.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Magfho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Gbipeg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gmakid32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Pfnkfdne.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Eddpko32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Mpahpi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Golngj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Dnjcfdoi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Knggaeba.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Iodlcfjb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Foaacm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Nnclcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Cbjkoi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Alghniec.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Mbpekpdk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pdhionab.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Cppnhn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Lpdccbgf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Hqcomlbp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Lceckh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Oollcpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Mohkfn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Hiolkefh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Efcana32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Knjaiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Jiipjfip.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Pijdbj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Kmhigjcm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Afkgdh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Eeapjigc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Njlgcl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Hcddga32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Haiooqfk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Hmnmcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Hloapk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Aidobh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Glgklpcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Jphbga32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ecmfegon.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Gnbnph32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Hgqaofhe.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Kgegkoeh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Hcliif32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Fmeamaph.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Dondlj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Ipdpiheo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Pfeafc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Ebgacgaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Cjojjp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Eqacmgol.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Ncafmodl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Gbfcph32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Nggkimpl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Fkoqiobi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Dhjiianf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Fcbfja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Nlfojgba.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ecllamlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Cohbjm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Llbhhh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Ofmldphm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Bhfgjioo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Iamocmjl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Khacmalp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Iiiqoh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Mlihpl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Cmkokg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Lpkigf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ojmapnlq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Jlimmg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Apbpjhji.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Dmihma32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Kpnojmgp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ohblco32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Fkchmojh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Oqcglo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Mjdlnhfi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Heblggpd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Gpajjk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Hgpoon32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Lgbpdadc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Giommjni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Bdnngnpc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Njplifll.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Oqkkln32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Majppnhp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Domiglci.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Pjgkac32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ibphfofn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Qhgkff32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Bmbppkoe.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Kjkggl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fnkmiofi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Ajjqmqgl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gekobloj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Qiecnhac.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Ppcqpc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Ddnmejkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Jomohnom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Cafglb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Onqjlb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Apgieg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Inaplpij.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Mafkbeoj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Fdldjhaq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Fnohck32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Dodmipcd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Konhokaj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Fflljpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Dbhphf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Jacaehhi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Mdfpjg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Obgbhn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Amcldf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Kefjql32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Pjiqlm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ecglja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Iibphp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Mejcahjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Hchcho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Cgfcdokh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Aefbqf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Ajojhp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Nchpbl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Dhocdp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ednpeidn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Nnpajnal.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Ffchlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Fnjcoo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Cgbcokgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Offokopb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Fekmfd32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Docmmc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Khmhlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Jlfpghnm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Jfebge32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Lecjmhnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Hkkoqdmp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ilkpkihj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Gibahklh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Ieiomg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Giamobql.dll Jump to dropped file
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Enmknk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Ingcjaio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Ailjng32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Heaepkaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Dokhgj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Lmolop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Ipoden32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Aljbfgpf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Cmoefb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Cbaabn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Engkhenj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Hpfcejof.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Nhljaibo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Cqeolm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Kcamoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Dkoele32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qjcjma32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Jmcpkl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Kpnkcdli.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Glgafh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Hoeiflna.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Kilkncaa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Eaqjcdhf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Hfplhlei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Lbjkckae.dll Jump to dropped file
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Gopkbc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Lgojanmn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Mpkajllm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Kjfplj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Dkbmhf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Jppobf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Homjaafk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Ffmfeg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Aabldk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Jiceolni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Jofjci32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Pidiop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Jjhmem32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Eniqcohl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Nfghhi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Bccbfjkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ndkkoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Fjpdni32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Jopbhd32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Baphfiel.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Imdckjjd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Ljimbj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Gllhcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Ofdbeobd.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Kiojlk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Hppahlmk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Imjmel32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Bpkkfq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Iflknc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Ikdhblhl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Pdlope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Hglhdg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Hdnaik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Bombon32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Gidnmk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Kiolqecl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Hfknhcaf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Iejbnp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Ajjjec32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Chjnlmda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Fbacjbjc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Lpbndndh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Hphpkjlc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Jlclga32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Gjhongok.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Dbagjiik.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Mnikde32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Mhoflbja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Mjieig32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Hjfniidf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Llnood32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Lcbgfi32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qappag32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Mhkojn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Ekifajpc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Galjgp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Omoalp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Febcfckp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Ojkdkonc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Lpgaep32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Bdkabo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Dhmfoq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Lcgpahmc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Hkjqjeba.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Gchqcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Nooagm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Nbkicbfk.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Njmgoh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Dddgooib.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Phhqek32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Gdkolaoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Kfkiao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hikbigjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Akcokgql.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Dcjjpgaa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Impfdpln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Qjndnbei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Fbjmjcpl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Njoeophq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Nqomappc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Lhhhfbih.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Mhibdn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Pfqhkdkc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mlihpl32.exe File created: C:\Windows\SysWOW64\Dqamkq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Cokoplnm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Jfenda32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Ggjbcdlg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Jpmlbqfp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Oqhpgogi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Ecjgjl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Nlfalpdi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Fbjocj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Qoejampk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Bhiabhja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Kejmae32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Encamf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jomohnom.exe File created: C:\Windows\SysWOW64\Kaigjjqk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Dgibhggn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Ifcanaen.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Chhmdaph.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hgqaofhe.exe File created: C:\Windows\SysWOW64\Hedahkgo.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Bajhpc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Amkiol32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Leomgk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Cpdhdolk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnkmiofi.exe File created: C:\Windows\SysWOW64\Fplfki32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Jmclho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Iciglbko.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Khofgbnc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Jeoqiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Gqfpko32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Pfikpo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Baanabom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gpmqolfa.exe File created: C:\Windows\SysWOW64\Geiigbeh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Hbhbbofi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Bmhofc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Kgamdcln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Dafpcpme.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Cemjaq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Ljbphh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Ggbenh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjieig32.exe File created: C:\Windows\SysWOW64\Mgmfbl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iiiqoh32.exe File created: C:\Windows\SysWOW64\Ipfeaa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Oogkej32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ameiifeg.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Baphfiel.exe File created: C:\Windows\SysWOW64\Bmgikj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Kdjdhipm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pbdepo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Epnhmj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Pfceac32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Okbebenm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Gpmqolfa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Lgaffm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Aelink32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cgfcdokh.exe File created: C:\Windows\SysWOW64\Ckdljm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe File created: C:\Windows\SysWOW64\Lmaaqi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbhbbofi.exe File created: C:\Windows\SysWOW64\Ibkogn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nooagm32.exe File created: C:\Windows\SysWOW64\Chbmaj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Nmenfa32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe File created: C:\Windows\SysWOW64\Mjgichdg.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Ejjjedcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Qmocigko.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Pmqiii32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Genbbb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Gljedo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Igiglfjj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Pqhbdf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Edqlki32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlclga32.exe File created: C:\Windows\SysWOW64\Jhjmlb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dmihma32.exe File created: C:\Windows\SysWOW64\Pihcgoep.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Ajlfhjbn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fifbonoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Onnmfb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Ophcmlpf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Fopjig32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Badaah32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Fqjqpp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Cmmhacal.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Foqfph32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Apgieg32.exe File created: C:\Windows\SysWOW64\Mmgiocda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Ipdpfhbf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nqomappc.exe File created: C:\Windows\SysWOW64\Mfpeda32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Baanabom.exe File created: C:\Windows\SysWOW64\Beqfpgmi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Hbbclf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dondlj32.exe File created: C:\Windows\SysWOW64\Clakkf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ecmfegon.exe File created: C:\Windows\SysWOW64\Edlcpjfa.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Nqnfgjlh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Fnanodfp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Cccfolfa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbacjbjc.exe File created: C:\Windows\SysWOW64\Jlnoca32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Inbgmhop.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Magfho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbfcph32.exe File created: C:\Windows\SysWOW64\Gbipeg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gmakid32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Pfnkfdne.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Eddpko32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe File created: C:\Windows\SysWOW64\Mpahpi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pqhbdf32.exe File created: C:\Windows\SysWOW64\Golngj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Dnjcfdoi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Knggaeba.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cohbjm32.exe File created: C:\Windows\SysWOW64\Iodlcfjb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Foaacm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Omoalp32.exe File created: C:\Windows\SysWOW64\Nnclcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Cbjkoi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Alghniec.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfnkfdne.exe File created: C:\Windows\SysWOW64\Mbpekpdk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjiqlm32.exe File created: C:\Windows\SysWOW64\Pdhionab.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmoefb32.exe File created: C:\Windows\SysWOW64\Cppnhn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iflknc32.exe File created: C:\Windows\SysWOW64\Lpdccbgf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Hqcomlbp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Lceckh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Oollcpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Mohkfn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ckdljm32.exe File created: C:\Windows\SysWOW64\Hiolkefh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcbgfi32.exe File created: C:\Windows\SysWOW64\Efcana32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Knjaiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ljimbj32.exe File created: C:\Windows\SysWOW64\Jiipjfip.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Pijdbj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Kmhigjcm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mpkajllm.exe File created: C:\Windows\SysWOW64\Afkgdh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Eeapjigc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Njlgcl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Hcddga32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Haiooqfk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Hmnmcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Hloapk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Aidobh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Glgklpcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Jphbga32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ecmfegon.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Geiigbeh.exe File created: C:\Windows\SysWOW64\Gnbnph32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Hgqaofhe.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Kgegkoeh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Hcliif32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Foaacm32.exe File created: C:\Windows\SysWOW64\Fmeamaph.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Dondlj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Ipdpiheo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Pfeafc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Ebgacgaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbipeg32.exe File created: C:\Windows\SysWOW64\Cjojjp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Eqacmgol.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Ncafmodl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Febcfckp.exe File created: C:\Windows\SysWOW64\Gbfcph32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ednpeidn.exe File created: C:\Windows\SysWOW64\Nggkimpl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fekmfd32.exe File created: C:\Windows\SysWOW64\Fkoqiobi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Dhjiianf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Fcbfja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnanodfp.exe File created: C:\Windows\SysWOW64\Nlfojgba.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ecllamlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Cohbjm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Llbhhh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe File created: C:\Windows\SysWOW64\Ofmldphm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Chhmdaph.exe File created: C:\Windows\SysWOW64\Bhfgjioo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Iamocmjl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Khacmalp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Inaplpij.exe File created: C:\Windows\SysWOW64\Iiiqoh32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhkojn32.exe File created: C:\Windows\SysWOW64\Mlihpl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Cmkokg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ophcmlpf.exe File created: C:\Windows\SysWOW64\Lpkigf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojkdkonc.exe File created: C:\Windows\SysWOW64\Ojmapnlq.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlfpghnm.exe File created: C:\Windows\SysWOW64\Jlimmg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qhgkff32.exe File created: C:\Windows\SysWOW64\Apbpjhji.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Dmihma32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Badaah32.exe File created: C:\Windows\SysWOW64\Kpnojmgp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ohblco32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Fkchmojh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nmenfa32.exe File created: C:\Windows\SysWOW64\Oqcglo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ljbphh32.exe File created: C:\Windows\SysWOW64\Mjdlnhfi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Heblggpd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Gpajjk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfeaa32.exe File created: C:\Windows\SysWOW64\Hgpoon32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Offokopb.exe File created: C:\Windows\SysWOW64\Lgbpdadc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eddpko32.exe File created: C:\Windows\SysWOW64\Giommjni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Bdnngnpc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Njplifll.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mgmfbl32.exe File created: C:\Windows\SysWOW64\Oqkkln32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gqfpko32.exe File created: C:\Windows\SysWOW64\Majppnhp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpajjk32.exe File created: C:\Windows\SysWOW64\Domiglci.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onqjlb32.exe File created: C:\Windows\SysWOW64\Pjgkac32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe File created: C:\Windows\SysWOW64\Ibphfofn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Qhgkff32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bombon32.exe File created: C:\Windows\SysWOW64\Bmbppkoe.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Kjkggl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eniqcohl.exe File created: C:\Windows\SysWOW64\Fnkmiofi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Ajjqmqgl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gidnmk32.exe File created: C:\Windows\SysWOW64\Gekobloj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Qiecnhac.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Cafglb32.exe File created: C:\Windows\SysWOW64\Ppcqpc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bpkkfq32.exe File created: C:\Windows\SysWOW64\Ddnmejkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Jomohnom.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmhofc32.exe File created: C:\Windows\SysWOW64\Cafglb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Onnmfb32.exe File created: C:\Windows\SysWOW64\Onqjlb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe File created: C:\Windows\SysWOW64\Apgieg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ibkogn32.exe File created: C:\Windows\SysWOW64\Inaplpij.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jacaehhi.exe File created: C:\Windows\SysWOW64\Mafkbeoj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Fdldjhaq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Fnohck32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pjgkac32.exe File created: C:\Windows\SysWOW64\Dodmipcd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Konhokaj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dkoele32.exe File created: C:\Windows\SysWOW64\Fflljpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqcglo32.exe File created: C:\Windows\SysWOW64\Dbhphf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jhjmlb32.exe File created: C:\Windows\SysWOW64\Jacaehhi.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Khacmalp.exe File created: C:\Windows\SysWOW64\Mdfpjg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pbdepo32.exe File created: C:\Windows\SysWOW64\Obgbhn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qiecnhac.exe File created: C:\Windows\SysWOW64\Amcldf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kiojlk32.exe File created: C:\Windows\SysWOW64\Kefjql32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Pjiqlm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ecglja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Konhokaj.exe File created: C:\Windows\SysWOW64\Iibphp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Genbbb32.exe File created: C:\Windows\SysWOW64\Mejcahjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qmocigko.exe File created: C:\Windows\SysWOW64\Hchcho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cokoplnm.exe File created: C:\Windows\SysWOW64\Cgfcdokh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Aefbqf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Ajojhp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Nchpbl32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhmfoq32.exe File created: C:\Windows\SysWOW64\Dhocdp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Edlcpjfa.exe File created: C:\Windows\SysWOW64\Ednpeidn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Imjmel32.exe File created: C:\Windows\SysWOW64\Nnpajnal.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Ffchlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qjcjma32.exe File created: C:\Windows\SysWOW64\Fnjcoo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdkabo32.exe File created: C:\Windows\SysWOW64\Cgbcokgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofdbeobd.exe File created: C:\Windows\SysWOW64\Offokopb.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fkchmojh.exe File created: C:\Windows\SysWOW64\Fekmfd32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ifcanaen.exe File created: C:\Windows\SysWOW64\Docmmc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Khmhlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jppobf32.exe File created: C:\Windows\SysWOW64\Jlfpghnm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hkjqjeba.exe File created: C:\Windows\SysWOW64\Jfebge32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hphpkjlc.exe File created: C:\Windows\SysWOW64\Lecjmhnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbkicbfk.exe File created: C:\Windows\SysWOW64\Hkkoqdmp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe File created: C:\Windows\SysWOW64\Ilkpkihj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ggbenh32.exe File created: C:\Windows\SysWOW64\Gibahklh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jlimmg32.exe File created: C:\Windows\SysWOW64\Ieiomg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gnbnph32.exe File created: C:\Windows\SysWOW64\Giamobql.dll Jump to dropped file
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Enmknk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Ingcjaio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ameiifeg.exe File created: C:\Windows\SysWOW64\Ailjng32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Heaepkaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Dokhgj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fqjqpp32.exe File created: C:\Windows\SysWOW64\Lmolop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Ipoden32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Llnood32.exe File created: C:\Windows\SysWOW64\Aljbfgpf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmmhacal.exe File created: C:\Windows\SysWOW64\Cmoefb32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ailjng32.exe File created: C:\Windows\SysWOW64\Cbaabn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Engkhenj.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hbbclf32.exe File created: C:\Windows\SysWOW64\Hpfcejof.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mnikde32.exe File created: C:\Windows\SysWOW64\Nhljaibo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Cqeolm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Kcamoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Dkoele32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qjcjma32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfceac32.exe File created: C:\Windows\SysWOW64\Jmcpkl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kgegkoeh.exe File created: C:\Windows\SysWOW64\Kpnkcdli.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Glgafh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe File created: C:\Windows\SysWOW64\Hoeiflna.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdnngnpc.exe File created: C:\Windows\SysWOW64\Kilkncaa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Encamf32.exe File created: C:\Windows\SysWOW64\Eaqjcdhf.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Aabldk32.exe File created: C:\Windows\SysWOW64\Hfplhlei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khofgbnc.exe File created: C:\Windows\SysWOW64\Lbjkckae.dll Jump to dropped file
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe File created: C:\Windows\SysWOW64\Gopkbc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Leomgk32.exe File created: C:\Windows\SysWOW64\Lgojanmn.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lcgpahmc.exe File created: C:\Windows\SysWOW64\Mpkajllm.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Kjfplj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Dkbmhf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jopbhd32.exe File created: C:\Windows\SysWOW64\Jppobf32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Homjaafk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fmeamaph.exe File created: C:\Windows\SysWOW64\Ffmfeg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Aabldk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dokhgj32.exe File created: C:\Windows\SysWOW64\Jiceolni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Engkhenj.exe File created: C:\Windows\SysWOW64\Jofjci32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Pidiop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Enmknk32.exe File created: C:\Windows\SysWOW64\Jjhmem32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edqlki32.exe File created: C:\Windows\SysWOW64\Eniqcohl.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Nfghhi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dbagjiik.exe File created: C:\Windows\SysWOW64\Bccbfjkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amcldf32.exe File created: C:\Windows\SysWOW64\Ndkkoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgojanmn.exe File created: C:\Windows\SysWOW64\Fjpdni32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jfenda32.exe File created: C:\Windows\SysWOW64\Jopbhd32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bmbppkoe.exe File created: C:\Windows\SysWOW64\Baphfiel.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhocdp32.exe File created: C:\Windows\SysWOW64\Imdckjjd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjfplj32.exe File created: C:\Windows\SysWOW64\Ljimbj32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Gllhcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Ofdbeobd.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kmhigjcm.exe File created: C:\Windows\SysWOW64\Kiojlk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kefjql32.exe File created: C:\Windows\SysWOW64\Hppahlmk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ilkpkihj.exe File created: C:\Windows\SysWOW64\Imjmel32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe File created: C:\Windows\SysWOW64\Bpkkfq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Iflknc32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Ikdhblhl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amkiol32.exe File created: C:\Windows\SysWOW64\Pdlope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gekobloj.exe File created: C:\Windows\SysWOW64\Hglhdg32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ojmapnlq.exe File created: C:\Windows\SysWOW64\Hdnaik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajojhp32.exe File created: C:\Windows\SysWOW64\Bombon32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Gibahklh.exe File created: C:\Windows\SysWOW64\Gidnmk32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Fnohck32.exe File created: C:\Windows\SysWOW64\Kiolqecl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pijdbj32.exe File created: C:\Windows\SysWOW64\Hfknhcaf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hloapk32.exe File created: C:\Windows\SysWOW64\Iejbnp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njplifll.exe File created: C:\Windows\SysWOW64\Ajjjec32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kpnkcdli.exe File created: C:\Windows\SysWOW64\Chjnlmda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fopjig32.exe File created: C:\Windows\SysWOW64\Fbacjbjc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Kejmae32.exe File created: C:\Windows\SysWOW64\Lpbndndh.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hpfcejof.exe File created: C:\Windows\SysWOW64\Hphpkjlc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe File created: C:\Windows\SysWOW64\Jlclga32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hedahkgo.exe File created: C:\Windows\SysWOW64\Gjhongok.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cppnhn32.exe File created: C:\Windows\SysWOW64\Dbagjiik.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Mohkfn32.exe File created: C:\Windows\SysWOW64\Mnikde32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Jphbga32.exe File created: C:\Windows\SysWOW64\Mhoflbja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjgichdg.exe File created: C:\Windows\SysWOW64\Mjieig32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dafpcpme.exe File created: C:\Windows\SysWOW64\Hjfniidf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgaffm32.exe File created: C:\Windows\SysWOW64\Llnood32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lpbndndh.exe File created: C:\Windows\SysWOW64\Lcbgfi32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfeafc32.exe File created: C:\Windows\SysWOW64\Qappag32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhibdn32.exe File created: C:\Windows\SysWOW64\Mhkojn32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Apbpjhji.exe File created: C:\Windows\SysWOW64\Ekifajpc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bmgikj32.exe File created: C:\Windows\SysWOW64\Galjgp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqhpgogi.exe File created: C:\Windows\SysWOW64\Omoalp32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ffmfeg32.exe File created: C:\Windows\SysWOW64\Febcfckp.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Ofmldphm.exe File created: C:\Windows\SysWOW64\Ojkdkonc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Pfikpo32.exe File created: C:\Windows\SysWOW64\Lpgaep32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bajhpc32.exe File created: C:\Windows\SysWOW64\Bdkabo32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Dhjiianf.exe File created: C:\Windows\SysWOW64\Dhmfoq32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Lceckh32.exe File created: C:\Windows\SysWOW64\Lcgpahmc.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Hglhdg32.exe File created: C:\Windows\SysWOW64\Hkjqjeba.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Iejbnp32.exe File created: C:\Windows\SysWOW64\Gchqcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nchpbl32.exe File created: C:\Windows\SysWOW64\Nooagm32.exe Jump to dropped file
Source: C:\Windows\SysWOW64\Njoeophq.exe File created: C:\Windows\SysWOW64\Nbkicbfk.exe Jump to dropped file

Boot Survival
barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Web Event Logger Jump to behavior
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Web Event Logger Jump to behavior
Found decision node followed by non-executed suspicious APIs
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\Ojkdkonc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ecllamlh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgaffm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Njmgoh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gekobloj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Llbhhh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Inaplpij.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Phhqek32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbbclf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dddgooib.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Chhmdaph.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Bhfgjioo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fmeamaph.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Iamocmjl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnkmiofi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gdkolaoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qiecnhac.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cmkokg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ophcmlpf.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lpkigf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbfcph32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kfkiao32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hgqaofhe.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hikbigjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Badaah32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kpnojmgp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipdpfhbf.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ohblco32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jlfpghnm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Akcokgql.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cgfcdokh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Qjndnbei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjieig32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Impfdpln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhibdn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Heblggpd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cokoplnm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lhhhfbih.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ipfeaa32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hgpoon32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Offokopb.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lgbpdadc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mlihpl32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dqamkq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eddpko32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Giommjni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mgmfbl32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Oqkkln32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gqfpko32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Majppnhp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmmhacal.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ggjbcdlg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jlclga32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ecjgjl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jhjmlb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fbjocj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpajjk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Domiglci.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqnfgjlh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Qoejampk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ibkogn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nlfalpdi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iiiqoh32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Bhiabhja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dcjjpgaa.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ibphfofn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jomohnom.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kaigjjqk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fkchmojh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kjkggl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kiojlk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dgibhggn.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cafglb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ppcqpc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bpkkfq32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ddnmejkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kgegkoeh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cpdhdolk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jacaehhi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mafkbeoj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onnmfb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jmclho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Leomgk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Iciglbko.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcgpahmc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fdldjhaq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gpmqolfa.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jeoqiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjgkac32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dodmipcd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njoeophq.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kgamdcln.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dkoele32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fflljpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqcglo32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dbhphf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjdlnhfi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cemjaq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khacmalp.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mdfpjg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pbdepo32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Obgbhn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Baphfiel.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Oogkej32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hbhbbofi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kdjdhipm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cmoefb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Epnhmj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edlcpjfa.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ecglja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ilkpkihj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Okbebenm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Konhokaj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Iibphp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ljbphh32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Aelink32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qmocigko.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hchcho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Genbbb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mejcahjf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Encamf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Aefbqf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfqhkdkc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lmaaqi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nooagm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Chbmaj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Imjmel32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nnpajnal.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ggbenh32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ejjjedcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fopjig32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ffchlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qjcjma32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fnjcoo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bmhofc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pmqiii32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dhmfoq32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gljedo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ecmfegon.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Igiglfjj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdkabo32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cgbcokgg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ifcanaen.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Docmmc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gibahklh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Khmhlo32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dmihma32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pihcgoep.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eniqcohl.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fifbonoq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hkjqjeba.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jfebge32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cppnhn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Foqfph32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hphpkjlc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lecjmhnq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nbkicbfk.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hkkoqdmp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Apgieg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mmgiocda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nqomappc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mfpeda32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jlimmg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ieiomg32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Baanabom.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Beqfpgmi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gnbnph32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Giamobql.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mohkfn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ingcjaio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kjfplj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Heaepkaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fqjqpp32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lmolop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dondlj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Clakkf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Llnood32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Aljbfgpf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jfenda32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ipoden32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ailjng32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cbaabn32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mnikde32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nhljaibo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Edqlki32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cqeolm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bombon32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cccfolfa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hloapk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kcamoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfceac32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jmcpkl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbacjbjc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jlnoca32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Oqhpgogi.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Glgafh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bdnngnpc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kilkncaa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Eaqjcdhf.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hoeiflna.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Qhgkff32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Inbgmhop.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajjqmqgl.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Magfho32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Aabldk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hfplhlei.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Khofgbnc.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lbjkckae.dll Jump to dropped file
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gopkbc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gidnmk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gmakid32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lpbndndh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dkbmhf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fbjmjcpl.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mpahpi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nchpbl32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Homjaafk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pqhbdf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Golngj32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Geiigbeh.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Dnjcfdoi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dokhgj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jiceolni.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Engkhenj.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jofjci32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofmldphm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pidiop32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jppobf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Knggaeba.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Enmknk32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jjhmem32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Cohbjm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Iodlcfjb.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jpmlbqfp.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nfghhi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dbagjiik.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Bccbfjkm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Omoalp32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nnclcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mhkojn32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cbjkoi32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amcldf32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ndkkoc32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pjiqlm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pdhionab.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lgojanmn.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fjpdni32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfnkfdne.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mbpekpdk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Febcfckp.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Alghniec.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dhocdp32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Imdckjjd.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iflknc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lpdccbgf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kejmae32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hqcomlbp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ffmfeg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gllhcm32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ofdbeobd.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Oollcpnc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lcbgfi32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Efcana32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ckdljm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hiolkefh.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ameiifeg.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Knjaiq32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kefjql32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hppahlmk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ljimbj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Jiipjfip.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bajhpc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ikdhblhl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Amkiol32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Pdlope32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ojmapnlq.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hdnaik32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mpkajllm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Afkgdh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kmhigjcm.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Eeapjigc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Foaacm32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Njlgcl32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnohck32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Kiolqecl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jopbhd32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hcddga32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pijdbj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hfknhcaf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Mjgichdg.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Haiooqfk.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajojhp32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hmnmcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Lceckh32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Aidobh32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Njplifll.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ajjjec32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Nmenfa32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Glgklpcj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Kpnkcdli.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Chjnlmda.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hedahkgo.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gjhongok.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Jphbga32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Mhoflbja.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bmbppkoe.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hcliif32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dafpcpme.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Hjfniidf.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ajlfhjbn.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ipdpiheo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hglhdg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ebgacgaj.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfeafc32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Qappag32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Gbipeg32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Cjojjp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Apbpjhji.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ekifajpc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Bmgikj32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Galjgp32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Onqjlb32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Eqacmgol.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Pfikpo32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Lpgaep32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Hpfcejof.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Ncafmodl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Iejbnp32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Gchqcf32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Ednpeidn.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nggkimpl.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fekmfd32.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fkoqiobi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Dhjiianf.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Fcbfja32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\Fnanodfp.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Nlfojgba.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe API coverage: 6.8 %
Source: C:\Users\user\Desktop\jQ3NFDayJm.exe Code function: 0_2_00406C29 CloseHandle,GetVersionExA,GetSystemDirectoryA,GetTickCount,GetModuleFileNameA,CopyFileA,WinExec,ExitProcess,GetVersion,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,CreateThread,CloseHandle,CreateThread,CloseHandle,SetTimer,GetMessageA, 0_2_00406C29

Stealing of Sensitive Information
barindex
Yara detected Berbew
Source: Yara match File source: 0.2.jQ3NFDayJm.exe.42aa84.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1470739378.000000000042A000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jQ3NFDayJm.exe PID: 2972, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Berbew
Source: Yara match File source: 0.2.jQ3NFDayJm.exe.42aa84.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1470739378.000000000042A000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jQ3NFDayJm.exe PID: 2972, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1592456 Sample: jQ3NFDayJm Startdate: 16/01/2025 Architecture: WINDOWS Score: 100 96 Antivirus detection for dropped file 2->96 98 Antivirus / Scanner detection for submitted sample 2->98 100 Multi AV Scanner detection for dropped file 2->100 102 6 other signatures 2->102 14 jQ3NFDayJm.exe 3 3 2->14         started        process3 file4 82 C:\Windows\SysWOW64behaviorgraphopkbc32.dll, PE32 14->82 dropped 84 C:\Windows\SysWOW64nmknk32.exe, PE32 14->84 dropped 86 C:\Windows\...nmknk32.exe:Zone.Identifier, ASCII 14->86 dropped 118 Creates an undocumented autostart registry key 14->118 120 Drops executables to the windows directory (C:\Windows) and starts them 14->120 18 Enmknk32.exe 2 14->18         started        signatures5 process6 file7 54 C:\Windows\SysWOW64\Jjhmem32.dll, PE32 18->54 dropped 56 C:\Windows\SysWOW64\Fnohck32.exe, PE32 18->56 dropped 104 Drops executables to the windows directory (C:\Windows) and starts them 18->104 22 Fnohck32.exe 2 18->22         started        signatures8 process9 file10 66 C:\Windows\SysWOW64\Kiolqecl.dll, PE32 22->66 dropped 68 C:\Windows\SysWOW64\Fkchmojh.exe, PE32 22->68 dropped 110 Drops executables to the windows directory (C:\Windows) and starts them 22->110 26 Fkchmojh.exe 2 22->26         started        signatures11 process12 file13 74 C:\Windows\SysWOW64\Kjkggl32.dll, PE32 26->74 dropped 76 C:\Windows\SysWOW64\Fekmfd32.exe, PE32 26->76 dropped 114 Drops executables to the windows directory (C:\Windows) and starts them 26->114 30 Fekmfd32.exe 2 26->30         started        signatures14 process15 file16 88 C:\Windows\SysWOW64\Foaacm32.exe, PE32 30->88 dropped 90 C:\Windows\SysWOW64\Fkoqiobi.dll, PE32 30->90 dropped 122 Drops executables to the windows directory (C:\Windows) and starts them 30->122 34 Foaacm32.exe 2 30->34         started        signatures17 process18 file19 58 C:\Windows\SysWOW6458jlgcl32.dll, PE32 34->58 dropped 60 C:\Windows\SysWOW64\Fmeamaph.exe, PE32 34->60 dropped 106 Drops executables to the windows directory (C:\Windows) and starts them 34->106 38 Fmeamaph.exe 2 34->38         started        signatures20 process21 file22 70 C:\Windows\SysWOW64\Iamocmjl.dll, PE32 38->70 dropped 72 C:\Windows\SysWOW64\Ffmfeg32.exe, PE32 38->72 dropped 112 Drops executables to the windows directory (C:\Windows) and starts them 38->112 42 Ffmfeg32.exe 2 38->42         started        signatures23 process24 file25 78 C:\Windows\SysWOW64behaviorgraphllhcm32.dll, PE32 42->78 dropped 80 C:\Windows\SysWOW64\Febcfckp.exe, PE32 42->80 dropped 116 Drops executables to the windows directory (C:\Windows) and starts them 42->116 46 Febcfckp.exe 2 42->46         started        signatures26 process27 file28 92 C:\Windows\SysWOW64behaviorgraphbfcph32.exe, PE32 46->92 dropped 94 C:\Windows\SysWOW64\Alghniec.dll, PE32 46->94 dropped 124 Drops executables to the windows directory (C:\Windows) and starts them 46->124 50 Gbfcph32.exe 2 46->50         started        signatures29 process30 file31 62 C:\Windows\SysWOW64\Kfkiao32.dll, PE32 50->62 dropped 64 C:\Windows\SysWOW64behaviorgraphbipeg32.exe, PE32 50->64 dropped 108 Drops executables to the windows directory (C:\Windows) and starts them 50->108 signatures32
No contacted IP infos