VirSCAN VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー
4, アップロードできませんでした。Virscan Uploaderを使ってください。

言語
サーバーロード
Server Load
VirSCAN
VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

基本情報

ファイル名: 00星际战甲
ファイルサイズ: 9721856
ファイルタイプ: application/x-dosexec
MD5: a32dd09a903ed58c470aeb78c27b6e99
sha1: d78e15f891336123badf752f268ec5747c290cdc

 CreateProcess

ApplicationName:
CmdLine: C:\Windows\system32\Fkjgnp32.exe
childid: 2172
childname: Fkjgnp32.exe
childpath: C:\Windows\SysWOW64\Fkjgnp32.exe
drop_type:
name: 1620943238406_a32dd09a903ed58c470aeb78c27b6e99.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620943238406_a32dd09a903ed58c470aeb78c27b6e99.exe
pid: 2532
ApplicationName:
CmdLine: C:\Windows\system32\Fjaqdl32.exe
childid: 2916
childname: Fjaqdl32.exe
childpath: C:\Windows\SysWOW64\Fjaqdl32.exe
drop_type:
name: Fkjgnp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fkjgnp32.exe
pid: 2172
ApplicationName:
CmdLine: C:\Windows\system32\Glhconnk.exe
childid: 2404
childname: Glhconnk.exe
childpath: C:\Windows\SysWOW64\Glhconnk.exe
drop_type:
name: Fjaqdl32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fjaqdl32.exe
pid: 2916
ApplicationName:
CmdLine: C:\Windows\system32\Gmnibepd.exe
childid: 2068
childname: Gmnibepd.exe
childpath: C:\Windows\SysWOW64\Gmnibepd.exe
drop_type:
name: Glhconnk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Glhconnk.exe
pid: 2404
ApplicationName:
CmdLine: C:\Windows\system32\Hmbbmd32.exe
childid: 256
childname: Hmbbmd32.exe
childpath: C:\Windows\SysWOW64\Hmbbmd32.exe
drop_type:
name: Gmnibepd.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gmnibepd.exe
pid: 2068
ApplicationName:
CmdLine: C:\Windows\system32\Hmglhchj.exe
childid: 2712
childname: Hmglhchj.exe
childpath: C:\Windows\SysWOW64\Hmglhchj.exe
drop_type:
name: Hmbbmd32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hmbbmd32.exe
pid: 256
ApplicationName:
CmdLine: C:\Windows\system32\Imlecc32.exe
childid: 2908
childname: Imlecc32.exe
childpath: C:\Windows\SysWOW64\Imlecc32.exe
drop_type:
name: Hmglhchj.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hmglhchj.exe
pid: 2712
ApplicationName:
CmdLine: C:\Windows\system32\Ialkoa32.exe
childid: 2728
childname: Ialkoa32.exe
childpath: C:\Windows\SysWOW64\Ialkoa32.exe
drop_type:
name: Imlecc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Imlecc32.exe
pid: 2908
ApplicationName:
CmdLine: C:\Windows\system32\Lbdcmk32.exe
childid: 2588
childname: Lbdcmk32.exe
childpath: C:\Windows\SysWOW64\Lbdcmk32.exe
drop_type:
name: Ialkoa32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ialkoa32.exe
pid: 2728
ApplicationName:
CmdLine: C:\Windows\system32\Mdghdfpi.exe
childid: 1824
childname: Mdghdfpi.exe
childpath: C:\Windows\SysWOW64\Mdghdfpi.exe
drop_type:
name: Lbdcmk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lbdcmk32.exe
pid: 2588
ApplicationName:
CmdLine: C:\Windows\system32\Mhgnpddm.exe
childid: 1588
childname: Mhgnpddm.exe
childpath: C:\Windows\SysWOW64\Mhgnpddm.exe
drop_type:
name: Mdghdfpi.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mdghdfpi.exe
pid: 1824
ApplicationName:
CmdLine: C:\Windows\system32\Nmgclbiq.exe
childid: 2460
childname: Nmgclbiq.exe
childpath: C:\Windows\SysWOW64\Nmgclbiq.exe
drop_type:
name: Mhgnpddm.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mhgnpddm.exe
pid: 1588
ApplicationName:
CmdLine: C:\Windows\system32\Nokicm32.exe
childid: 776
childname: Nokicm32.exe
childpath: C:\Windows\SysWOW64\Nokicm32.exe
drop_type:
name: Nmgclbiq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nmgclbiq.exe
pid: 2460
ApplicationName:
CmdLine: C:\Windows\system32\Obnojhom.exe
childid: 1752
childname: Obnojhom.exe
childpath: C:\Windows\SysWOW64\Obnojhom.exe
drop_type:
name: Nokicm32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nokicm32.exe
pid: 776
ApplicationName:
CmdLine: C:\Windows\system32\Omhlcp32.exe
childid: 1208
childname: Omhlcp32.exe
childpath: C:\Windows\SysWOW64\Omhlcp32.exe
drop_type:
name: Obnojhom.exe
noNeedLine:
path: C:\Windows\SysWOW64\Obnojhom.exe
pid: 1752
ApplicationName:
CmdLine: C:\Windows\system32\Plofil32.exe
childid: 584
childname: Plofil32.exe
childpath: C:\Windows\SysWOW64\Plofil32.exe
drop_type:
name: Omhlcp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Omhlcp32.exe
pid: 1208
ApplicationName:
CmdLine: C:\Windows\system32\Pppkej32.exe
childid: 2252
childname: Pppkej32.exe
childpath: C:\Windows\SysWOW64\Pppkej32.exe
drop_type:
name: Plofil32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Plofil32.exe
pid: 584
ApplicationName:
CmdLine: C:\Windows\system32\Qngelf32.exe
childid: 1820
childname: Qngelf32.exe
childpath: C:\Windows\SysWOW64\Qngelf32.exe
drop_type:
name: Pppkej32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pppkej32.exe
pid: 2252
ApplicationName:
CmdLine: C:\Windows\system32\Abgjgd32.exe
childid: 1580
childname: Abgjgd32.exe
childpath: C:\Windows\SysWOW64\Abgjgd32.exe
drop_type:
name: Qngelf32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Qngelf32.exe
pid: 1820
ApplicationName:
CmdLine: C:\Windows\system32\Aejpooco.exe
childid: 960
childname: Aejpooco.exe
childpath: C:\Windows\SysWOW64\Aejpooco.exe
drop_type:
name: Abgjgd32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Abgjgd32.exe
pid: 1580
ApplicationName:
CmdLine: C:\Windows\system32\Aikejmhb.exe
childid: 1936
childname: Aikejmhb.exe
childpath: C:\Windows\SysWOW64\Aikejmhb.exe
drop_type:
name: Aejpooco.exe
noNeedLine:
path: C:\Windows\SysWOW64\Aejpooco.exe
pid: 960
ApplicationName:
CmdLine: C:\Windows\system32\Bmkkfklf.exe
childid: 2416
childname: Bmkkfklf.exe
childpath: C:\Windows\SysWOW64\Bmkkfklf.exe
drop_type:
name: Aikejmhb.exe
noNeedLine:
path: C:\Windows\SysWOW64\Aikejmhb.exe
pid: 1936
ApplicationName:
CmdLine: C:\Windows\system32\Bpnqmf32.exe
childid: 264
childname: Bpnqmf32.exe
childpath: C:\Windows\SysWOW64\Bpnqmf32.exe
drop_type:
name: Bmkkfklf.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bmkkfklf.exe
pid: 2416
ApplicationName:
CmdLine: C:\Windows\system32\Ccafdqbc.exe
childid: 2972
childname: Ccafdqbc.exe
childpath: C:\Windows\SysWOW64\Ccafdqbc.exe
drop_type:
name: Bpnqmf32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bpnqmf32.exe
pid: 264
ApplicationName:
CmdLine: C:\Windows\system32\Cedllk32.exe
childid: 2380
childname: Cedllk32.exe
childpath: C:\Windows\SysWOW64\Cedllk32.exe
drop_type:
name: Ccafdqbc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ccafdqbc.exe
pid: 2972
ApplicationName:
CmdLine: C:\Windows\system32\Dnpmhhjn.exe
childid: 2744
childname: Dnpmhhjn.exe
childpath: C:\Windows\SysWOW64\Dnpmhhjn.exe
drop_type:
name: Cedllk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cedllk32.exe
pid: 2380
ApplicationName:
CmdLine: C:\Windows\system32\Ifhlma32.exe
childid: 2464
childname: Ifhlma32.exe
childpath: C:\Windows\SysWOW64\Ifhlma32.exe
drop_type:
name: Dnpmhhjn.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dnpmhhjn.exe
pid: 2744
ApplicationName:
CmdLine: C:\Windows\system32\Kmbnpi32.exe
childid: 1892
childname: Kmbnpi32.exe
childpath: C:\Windows\SysWOW64\Kmbnpi32.exe
drop_type:
name: Ifhlma32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ifhlma32.exe
pid: 2464
ApplicationName:
CmdLine: C:\Windows\system32\Kpecgdgl.exe
childid: 2636
childname: Kpecgdgl.exe
childpath: C:\Windows\SysWOW64\Kpecgdgl.exe
drop_type:
name: Kmbnpi32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kmbnpi32.exe
pid: 1892
ApplicationName:
CmdLine: C:\Windows\system32\Lhadda32.exe
childid: 752
childname: Lhadda32.exe
childpath: C:\Windows\SysWOW64\Lhadda32.exe
drop_type:
name: Kpecgdgl.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kpecgdgl.exe
pid: 2636
ApplicationName:
CmdLine: C:\Windows\system32\Lginjm32.exe
childid: 3020
childname: Lginjm32.exe
childpath: C:\Windows\SysWOW64\Lginjm32.exe
drop_type:
name: Lhadda32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lhadda32.exe
pid: 752
ApplicationName:
CmdLine: C:\Windows\system32\Moepgjbk.exe
childid: 904
childname: Moepgjbk.exe
childpath: C:\Windows\SysWOW64\Moepgjbk.exe
drop_type:
name: Lginjm32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lginjm32.exe
pid: 3020
ApplicationName:
CmdLine: C:\Windows\system32\Mnlimfeq.exe
childid: 1856
childname: Mnlimfeq.exe
childpath: C:\Windows\SysWOW64\Mnlimfeq.exe
drop_type:
name: Moepgjbk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Moepgjbk.exe
pid: 904
ApplicationName:
CmdLine: C:\Windows\system32\Mqoodq32.exe
childid: 1612
childname: Mqoodq32.exe
childpath: C:\Windows\SysWOW64\Mqoodq32.exe
drop_type:
name: Mnlimfeq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mnlimfeq.exe
pid: 1856
ApplicationName:
CmdLine: C:\Windows\system32\Noeing32.exe
childid: 3024
childname: Noeing32.exe
childpath: C:\Windows\SysWOW64\Noeing32.exe
drop_type:
name: Mqoodq32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mqoodq32.exe
pid: 1612
ApplicationName:
CmdLine: C:\Windows\system32\Nbhnebog.exe
childid: 1744
childname: Nbhnebog.exe
childpath: C:\Windows\SysWOW64\Nbhnebog.exe
drop_type:
name: Noeing32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Noeing32.exe
pid: 3024
ApplicationName:
CmdLine: C:\Windows\system32\Oqphknbl.exe
childid: 2492
childname: Oqphknbl.exe
childpath: C:\Windows\SysWOW64\Oqphknbl.exe
drop_type:
name: Nbhnebog.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nbhnebog.exe
pid: 1744
ApplicationName:
CmdLine: C:\Windows\system32\Ogoich32.exe
childid: 1896
childname: Ogoich32.exe
childpath: C:\Windows\SysWOW64\Ogoich32.exe
drop_type:
name: Oqphknbl.exe
noNeedLine:
path: C:\Windows\SysWOW64\Oqphknbl.exe
pid: 2492
ApplicationName:
CmdLine: C:\Windows\system32\Pojkpdbq.exe
childid: 2752
childname: Pojkpdbq.exe
childpath: C:\Windows\SysWOW64\Pojkpdbq.exe
drop_type:
name: Ogoich32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ogoich32.exe
pid: 1896
ApplicationName:
CmdLine: C:\Windows\system32\Pbmqgo32.exe
childid: 616
childname: Pbmqgo32.exe
childpath: C:\Windows\SysWOW64\Pbmqgo32.exe
drop_type:
name: Pojkpdbq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pojkpdbq.exe
pid: 2752
ApplicationName:
CmdLine: C:\Windows\system32\Qaejmk32.exe
childid: 2688
childname: Qaejmk32.exe
childpath: C:\Windows\SysWOW64\Qaejmk32.exe
drop_type:
name: Pbmqgo32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pbmqgo32.exe
pid: 616
ApplicationName:
CmdLine: C:\Windows\system32\Aiqljhla.exe
childid: 2176
childname: Aiqljhla.exe
childpath: C:\Windows\SysWOW64\Aiqljhla.exe
drop_type:
name: Qaejmk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Qaejmk32.exe
pid: 2688
ApplicationName:
CmdLine: C:\Windows\system32\Aldaac32.exe
childid: 2468
childname: Aldaac32.exe
childpath: C:\Windows\SysWOW64\Aldaac32.exe
drop_type:
name: Aiqljhla.exe
noNeedLine:
path: C:\Windows\SysWOW64\Aiqljhla.exe
pid: 2176
ApplicationName:
CmdLine: C:\Windows\system32\Bpdgmq32.exe
childid: 1884
childname: Bpdgmq32.exe
childpath: C:\Windows\SysWOW64\Bpdgmq32.exe
drop_type:
name: Aldaac32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Aldaac32.exe
pid: 2468
ApplicationName:
CmdLine: C:\Windows\system32\Imhkignp.exe
childid: 1592
childname: Imhkignp.exe
childpath: C:\Windows\SysWOW64\Imhkignp.exe
drop_type:
name: Bpdgmq32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bpdgmq32.exe
pid: 1884
ApplicationName:
CmdLine: C:\Windows\system32\Iahpdebc.exe
childid: 2608
childname: Iahpdebc.exe
childpath: C:\Windows\SysWOW64\Iahpdebc.exe
drop_type:
name: Imhkignp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Imhkignp.exe
pid: 1592
ApplicationName:
CmdLine: C:\Windows\system32\Ickflp32.exe
childid: 1584
childname: Ickflp32.exe
childpath: C:\Windows\SysWOW64\Ickflp32.exe
drop_type:
name: Iahpdebc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Iahpdebc.exe
pid: 2608
ApplicationName:
CmdLine: C:\Windows\system32\Jfolcjip.exe
childid: 2780
childname: Jfolcjip.exe
childpath: C:\Windows\SysWOW64\Jfolcjip.exe
drop_type:
name: Ickflp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ickflp32.exe
pid: 1584
ApplicationName:
CmdLine: C:\Windows\system32\Elplpf32.exe
childid: 808
childname: Elplpf32.exe
childpath: C:\Windows\SysWOW64\Elplpf32.exe
drop_type:
name: Jfolcjip.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jfolcjip.exe
pid: 2780
ApplicationName:
CmdLine: C:\Windows\system32\Fcqjmoof.exe
childid: 1204
childname: Fcqjmoof.exe
childpath: C:\Windows\SysWOW64\Fcqjmoof.exe
drop_type:
name: Elplpf32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Elplpf32.exe
pid: 808
ApplicationName:
CmdLine: C:\Windows\system32\Fhblqe32.exe
childid: 2804
childname: Fhblqe32.exe
childpath: C:\Windows\SysWOW64\Fhblqe32.exe
drop_type:
name: Fcqjmoof.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fcqjmoof.exe
pid: 1204
ApplicationName:
CmdLine: C:\Windows\system32\Gcofom32.exe
childid: 2360
childname: Gcofom32.exe
childpath: C:\Windows\SysWOW64\Gcofom32.exe
drop_type:
name: Fhblqe32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fhblqe32.exe
pid: 2804
ApplicationName:
CmdLine: C:\Windows\system32\Hlqnnaal.exe
childid: 2580
childname: Hlqnnaal.exe
childpath: C:\Windows\SysWOW64\Hlqnnaal.exe
drop_type:
name: Gcofom32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gcofom32.exe
pid: 2360
ApplicationName:
CmdLine: C:\Windows\system32\Klacaj32.exe
childid: 2220
childname: Klacaj32.exe
childpath: C:\Windows\SysWOW64\Klacaj32.exe
drop_type:
name: Hlqnnaal.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hlqnnaal.exe
pid: 2580
ApplicationName:
CmdLine: C:\Windows\system32\Npckkc32.exe
childid: 1940
childname: Npckkc32.exe
childpath: C:\Windows\SysWOW64\Npckkc32.exe
drop_type:
name: Klacaj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Klacaj32.exe
pid: 2220
ApplicationName:
CmdLine: C:\Windows\system32\Ocochmhf.exe
childid: 1928
childname: Ocochmhf.exe
childpath: C:\Windows\SysWOW64\Ocochmhf.exe
drop_type:
name: Npckkc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Npckkc32.exe
pid: 1940
ApplicationName:
CmdLine: C:\Windows\system32\Qjggfecc.exe
childid: 2696
childname: Qjggfecc.exe
childpath: C:\Windows\SysWOW64\Qjggfecc.exe
drop_type:
name: Ocochmhf.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ocochmhf.exe
pid: 1928
ApplicationName:
CmdLine:
childid: 2532
childname: 1620943238406_a32dd09a903ed58c470aeb78c27b6e99.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620943238406_a32dd09a903ed58c470aeb78c27b6e99.exe
drop_type:
name:
noNeedLine:
path:
pid: 1696

 Summary

buffer: C:\Windows\system32\Oohkhgcb.dll
processid: 2532
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2532
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2532
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ljegecpj.dll
processid: 2172
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2172
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2172
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hefgfj32.dll
processid: 2916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2916
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jqcmpp32.dll
processid: 2404
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2404
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hkfgplej.dll
processid: 2068
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2068
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2068
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jdclfg32.dll
processid: 256
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 256
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 256
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bbppnqeo.dll
processid: 2712
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2712
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2712
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Daegkf32.dll
processid: 2908
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2908
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2908
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Oieobe32.dll
processid: 2728
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2728
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2728
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dockndpg.dll
processid: 2588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2588
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ddagepgi.dll
processid: 1824
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1824
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1824
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fapkpain.dll
processid: 1588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1588
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dnjgkg32.dll
processid: 2460
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2460
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2460
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lkoahodd.dll
processid: 776
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 776
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 776
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fmgenfno.dll
processid: 1752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1752
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Obhkogok.dll
processid: 1208
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1208
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1208
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cfonpg32.dll
processid: 584
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 584
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 584
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jdkphl32.dll
processid: 2252
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2252
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2252
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nfafhm32.dll
processid: 1820
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1820
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1820
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Eoapba32.dll
processid: 1580
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1580
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1580
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Capmgfon.dll
processid: 960
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 960
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 960
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mbgnmdmo.dll
processid: 1936
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1936
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1936
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jdbcnd32.dll
processid: 2416
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2416
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2416
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Gjqmmngd.dll
processid: 264
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 264
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 264
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kqallbbp.dll
processid: 2972
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2972
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2972
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jbqfpe32.dll
processid: 2380
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2380
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2380
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bbbncajd.dll
processid: 2744
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2744
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ppfkkj32.dll
processid: 2464
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2464
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2464
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Gigeepek.dll
processid: 1892
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1892
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1892
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fkjblm32.dll
processid: 2636
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2636
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2636
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kemgja32.dll
processid: 752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 752
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Odpmeaca.dll
processid: 3020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3020
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Idfaol32.dll
processid: 904
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 904
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 904
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hqgiof32.dll
processid: 1856
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1856
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1856
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Gabcfkqd.dll
processid: 1612
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1612
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1612
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Figanlli.dll
processid: 3024
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3024
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3024
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Inieeiem.dll
processid: 1744
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1744
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1744
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mecejkdj.dll
processid: 2492
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2492
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2492
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cpbpmbka.dll
processid: 1896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1896
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kicjggog.dll
processid: 2752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2752
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ggoljilf.dll
processid: 616
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 616
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 616
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dgmeging.dll
processid: 2688
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2688
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2688
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kgcbfb32.dll
processid: 2176
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2176
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2176
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ldbfac32.dll
processid: 2468
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2468
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2468
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ddckmc32.dll
processid: 1884
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1884
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1884
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hiknmc32.dll
processid: 1592
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1592
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1592
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ikfadloi.dll
processid: 2608
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2608
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2608
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Meamjkce.dll
processid: 1584
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1584
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1584
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Iibimadh.dll
processid: 2780
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2780
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2780
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cfdbafqm.dll
processid: 808
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 808
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 808
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lpgpjc32.dll
processid: 1204
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1204
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1204
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Golgpamd.dll
processid: 2804
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2804
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2804
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Llmggm32.dll
processid: 2360
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2360
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2360
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Gmodhjci.dll
processid: 2580
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2580
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2580
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cealncgi.dll
processid: 2220
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2220
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2220
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bdiblfjp.dll
processid: 1940
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1940
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1940
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mfhqclne.dll
processid: 1928
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1928
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1928
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hqleqc32.dll
processid: 2696
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2696
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2696
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger

 Behavior_analysis

message: 通过不断创建进程可以到达消耗系统资源或隐藏自身恶意代码。
name: 创建大量进程
szSubkey:
score: 2

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 3
process_id: 2532
process_name: 1620943238406_a32dd09a903ed58c470aeb78c27b6e99.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2172
process_name: Fkjgnp32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2916
process_name: Fjaqdl32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2404
process_name: Glhconnk.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2068
process_name: Gmnibepd.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 256
process_name: Hmbbmd32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2712
process_name: Hmglhchj.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2908
process_name: Imlecc32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2728
process_name: Ialkoa32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2588
process_name: Lbdcmk32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1824
process_name: Mdghdfpi.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1588
process_name: Mhgnpddm.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2460
process_name: Nmgclbiq.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 776
process_name: Nokicm32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1752
process_name: Obnojhom.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1208
process_name: Omhlcp32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 584
process_name: Plofil32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2252
process_name: Pppkej32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1820
process_name: Qngelf32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1580
process_name: Abgjgd32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 960
process_name: Aejpooco.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1936
process_name: Aikejmhb.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2416
process_name: Bmkkfklf.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 264
process_name: Bpnqmf32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2972
process_name: Ccafdqbc.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2380
process_name: Cedllk32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2744
process_name: Dnpmhhjn.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2464
process_name: Ifhlma32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1892
process_name: Kmbnpi32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2636
process_name: Kpecgdgl.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 752
process_name: Lhadda32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 3020
process_name: Lginjm32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 904
process_name: Moepgjbk.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1856
process_name: Mnlimfeq.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1612
process_name: Mqoodq32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 3024
process_name: Noeing32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1744
process_name: Nbhnebog.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2492
process_name: Oqphknbl.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1896
process_name: Ogoich32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2752
process_name: Pojkpdbq.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 616
process_name: Pbmqgo32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2688
process_name: Qaejmk32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2176
process_name: Aiqljhla.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2468
process_name: Aldaac32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1884
process_name: Bpdgmq32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1592
process_name: Imhkignp.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2608
process_name: Iahpdebc.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1584
process_name: Ickflp32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2780
process_name: Jfolcjip.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 808
process_name: Elplpf32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1204
process_name: Fcqjmoof.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2804
process_name: Fhblqe32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2360
process_name: Gcofom32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2580
process_name: Hlqnnaal.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2220
process_name: Klacaj32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1940
process_name: Npckkc32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1928
process_name: Ocochmhf.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2696
process_name: Qjggfecc.exe
rulename: 拷贝文件到系统目录