VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้
4, ถ้าเบราว์เซอร์ของคุณไม่สามารถอัปโหลดไฟล์กรุณาดาวน์โหลด Virscan uploader สำหรับการอัปโหลด

ภาษา
การทำงานของเซิฟเวอร์
Server Load
VirSCAN
VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ข้อมูลพื้นฐาน

ชื่อไฟล์: 00水果老虎机
ขนาดไฟล์: 9928704
ประเภทไฟล์: application/x-dosexec
MD5: a3f6bdc35f7f2791493c89c91e4d3cbd
sha1: 24e4e80d891e7964b684ec94ff0cdbabad07a922

 CreateProcess

ApplicationName:
CmdLine: C:\Windows\system32\Ilkqgqfc.exe
childid: 3056
childname: Ilkqgqfc.exe
childpath: C:\Windows\SysWOW64\Ilkqgqfc.exe
drop_type:
name: 1620945012744_a3f6bdc35f7f2791493c89c91e4d3cbd.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620945012744_a3f6bdc35f7f2791493c89c91e4d3cbd.exe
pid: 916
ApplicationName:
CmdLine: C:\Windows\system32\Jonfnk32.exe
childid: 2684
childname: Jonfnk32.exe
childpath: C:\Windows\SysWOW64\Jonfnk32.exe
drop_type:
name: Ilkqgqfc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ilkqgqfc.exe
pid: 3056
ApplicationName:
CmdLine: C:\Windows\system32\Jcokji32.exe
childid: 2084
childname: Jcokji32.exe
childpath: C:\Windows\SysWOW64\Jcokji32.exe
drop_type:
name: Jonfnk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jonfnk32.exe
pid: 2684
ApplicationName:
CmdLine: C:\Windows\system32\Kcceeibp.exe
childid: 1276
childname: Kcceeibp.exe
childpath: C:\Windows\SysWOW64\Kcceeibp.exe
drop_type:
name: Jcokji32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jcokji32.exe
pid: 2084
ApplicationName:
CmdLine: C:\Windows\system32\Kakoke32.exe
childid: 784
childname: Kakoke32.exe
childpath: C:\Windows\SysWOW64\Kakoke32.exe
drop_type:
name: Kcceeibp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kcceeibp.exe
pid: 1276
ApplicationName:
CmdLine: C:\Windows\system32\Kfkdgc32.exe
childid: 1128
childname: Kfkdgc32.exe
childpath: C:\Windows\SysWOW64\Kfkdgc32.exe
drop_type:
name: Kakoke32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kakoke32.exe
pid: 784
ApplicationName:
CmdLine: C:\Windows\system32\Ljkica32.exe
childid: 3068
childname: Ljkica32.exe
childpath: C:\Windows\SysWOW64\Ljkica32.exe
drop_type:
name: Kfkdgc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kfkdgc32.exe
pid: 1128
ApplicationName:
CmdLine: C:\Windows\system32\Lhccim32.exe
childid: 2340
childname: Lhccim32.exe
childpath: C:\Windows\SysWOW64\Lhccim32.exe
drop_type:
name: Ljkica32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ljkica32.exe
pid: 3068
ApplicationName:
CmdLine: C:\Windows\system32\Mmchek32.exe
childid: 2536
childname: Mmchek32.exe
childpath: C:\Windows\SysWOW64\Mmchek32.exe
drop_type:
name: Lhccim32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lhccim32.exe
pid: 2340
ApplicationName:
CmdLine: C:\Windows\system32\Mkjblg32.exe
childid: 2224
childname: Mkjblg32.exe
childpath: C:\Windows\SysWOW64\Mkjblg32.exe
drop_type:
name: Mmchek32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mmchek32.exe
pid: 2536
ApplicationName:
CmdLine: C:\Windows\system32\Npkgge32.exe
childid: 3044
childname: Npkgge32.exe
childpath: C:\Windows\SysWOW64\Npkgge32.exe
drop_type:
name: Mkjblg32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mkjblg32.exe
pid: 2224
ApplicationName:
CmdLine: C:\Windows\system32\Nfiioong.exe
childid: 2404
childname: Nfiioong.exe
childpath: C:\Windows\SysWOW64\Nfiioong.exe
drop_type:
name: Npkgge32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Npkgge32.exe
pid: 3044
ApplicationName:
CmdLine: C:\Windows\system32\Pfahgkjl.exe
childid: 3020
childname: Pfahgkjl.exe
childpath: C:\Windows\SysWOW64\Pfahgkjl.exe
drop_type:
name: Nfiioong.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nfiioong.exe
pid: 2404
ApplicationName:
CmdLine: C:\Windows\system32\Qdibkoep.exe
childid: 1640
childname: Qdibkoep.exe
childpath: C:\Windows\SysWOW64\Qdibkoep.exe
drop_type:
name: Pfahgkjl.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pfahgkjl.exe
pid: 3020
ApplicationName:
CmdLine: C:\Windows\system32\Abalbk32.exe
childid: 276
childname: Abalbk32.exe
childpath: C:\Windows\SysWOW64\Abalbk32.exe
drop_type:
name: Qdibkoep.exe
noNeedLine:
path: C:\Windows\SysWOW64\Qdibkoep.exe
pid: 1640
ApplicationName:
CmdLine: C:\Windows\system32\Agaani32.exe
childid: 808
childname: Agaani32.exe
childpath: C:\Windows\SysWOW64\Agaani32.exe
drop_type:
name: Abalbk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Abalbk32.exe
pid: 276
ApplicationName:
CmdLine: C:\Windows\system32\Bkafig32.exe
childid: 2436
childname: Bkafig32.exe
childpath: C:\Windows\SysWOW64\Bkafig32.exe
drop_type:
name: Agaani32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Agaani32.exe
pid: 808
ApplicationName:
CmdLine: C:\Windows\system32\Biippc32.exe
childid: 1896
childname: Biippc32.exe
childpath: C:\Windows\SysWOW64\Biippc32.exe
drop_type:
name: Bkafig32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bkafig32.exe
pid: 2436
ApplicationName:
CmdLine: C:\Windows\system32\Bnifla32.exe
childid: 2308
childname: Bnifla32.exe
childpath: C:\Windows\SysWOW64\Bnifla32.exe
drop_type:
name: Biippc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Biippc32.exe
pid: 1896
ApplicationName:
CmdLine: C:\Windows\system32\Claobm32.exe
childid: 2252
childname: Claobm32.exe
childpath: C:\Windows\SysWOW64\Claobm32.exe
drop_type:
name: Bnifla32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bnifla32.exe
pid: 2308
ApplicationName:
CmdLine: C:\Windows\system32\Cdmqoj32.exe
childid: 1344
childname: Cdmqoj32.exe
childpath: C:\Windows\SysWOW64\Cdmqoj32.exe
drop_type:
name: Claobm32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Claobm32.exe
pid: 2252
ApplicationName:
CmdLine: C:\Windows\system32\Dgpffdag.exe
childid: 2488
childname: Dgpffdag.exe
childpath: C:\Windows\SysWOW64\Dgpffdag.exe
drop_type:
name: Cdmqoj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cdmqoj32.exe
pid: 1344
ApplicationName:
CmdLine: C:\Windows\system32\Dkplabfj.exe
childid: 3016
childname: Dkplabfj.exe
childpath: C:\Windows\SysWOW64\Dkplabfj.exe
drop_type:
name: Dgpffdag.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dgpffdag.exe
pid: 2488
ApplicationName:
CmdLine: C:\Windows\system32\Encaim32.exe
childid: 2168
childname: Encaim32.exe
childpath: C:\Windows\SysWOW64\Encaim32.exe
drop_type:
name: Dkplabfj.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dkplabfj.exe
pid: 3016
ApplicationName:
CmdLine: C:\Windows\system32\Emkkoi32.exe
childid: 1948
childname: Emkkoi32.exe
childpath: C:\Windows\SysWOW64\Emkkoi32.exe
drop_type:
name: Encaim32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Encaim32.exe
pid: 2168
ApplicationName:
CmdLine: C:\Windows\system32\Fqkqkg32.exe
childid: 2432
childname: Fqkqkg32.exe
childpath: C:\Windows\SysWOW64\Fqkqkg32.exe
drop_type:
name: Emkkoi32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Emkkoi32.exe
pid: 1948
ApplicationName:
CmdLine: C:\Windows\system32\Fcnfbbcp.exe
childid: 2104
childname: Fcnfbbcp.exe
childpath: C:\Windows\SysWOW64\Fcnfbbcp.exe
drop_type:
name: Fqkqkg32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fqkqkg32.exe
pid: 2432
ApplicationName:
CmdLine: C:\Windows\system32\Fkjhoo32.exe
childid: 1752
childname: Fkjhoo32.exe
childpath: C:\Windows\SysWOW64\Fkjhoo32.exe
drop_type:
name: Fcnfbbcp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fcnfbbcp.exe
pid: 2104
ApplicationName:
CmdLine: C:\Windows\system32\Gnmmfjjk.exe
childid: 1476
childname: Gnmmfjjk.exe
childpath: C:\Windows\SysWOW64\Gnmmfjjk.exe
drop_type:
name: Fkjhoo32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fkjhoo32.exe
pid: 1752
ApplicationName:
CmdLine: C:\Windows\system32\Gmdglfmq.exe
childid: 2896
childname: Gmdglfmq.exe
childpath: C:\Windows\SysWOW64\Gmdglfmq.exe
drop_type:
name: Gnmmfjjk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gnmmfjjk.exe
pid: 1476
ApplicationName:
CmdLine: C:\Windows\system32\Hdcidoqh.exe
childid: 1384
childname: Hdcidoqh.exe
childpath: C:\Windows\SysWOW64\Hdcidoqh.exe
drop_type:
name: Gmdglfmq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gmdglfmq.exe
pid: 2896
ApplicationName:
CmdLine: C:\Windows\system32\Kahkko32.exe
childid: 1976
childname: Kahkko32.exe
childpath: C:\Windows\SysWOW64\Kahkko32.exe
drop_type:
name: Hdcidoqh.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hdcidoqh.exe
pid: 1384
ApplicationName:
CmdLine: C:\Windows\system32\Lddcihfp.exe
childid: 1768
childname: Lddcihfp.exe
childpath: C:\Windows\SysWOW64\Lddcihfp.exe
drop_type:
name: Kahkko32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kahkko32.exe
pid: 1976
ApplicationName:
CmdLine: C:\Windows\system32\Mkceqbih.exe
childid: 2292
childname: Mkceqbih.exe
childpath: C:\Windows\SysWOW64\Mkceqbih.exe
drop_type:
name: Lddcihfp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lddcihfp.exe
pid: 1768
ApplicationName:
CmdLine: C:\Windows\system32\Mocjlpnk.exe
childid: 3028
childname: Mocjlpnk.exe
childpath: C:\Windows\SysWOW64\Mocjlpnk.exe
drop_type:
name: Mkceqbih.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mkceqbih.exe
pid: 2292
ApplicationName:
CmdLine: C:\Windows\system32\Nbfpck32.exe
childid: 2836
childname: Nbfpck32.exe
childpath: C:\Windows\SysWOW64\Nbfpck32.exe
drop_type:
name: Mocjlpnk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mocjlpnk.exe
pid: 3028
ApplicationName:
CmdLine: C:\Windows\system32\Ndifkech.exe
childid: 2916
childname: Ndifkech.exe
childpath: C:\Windows\SysWOW64\Ndifkech.exe
drop_type:
name: Nbfpck32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nbfpck32.exe
pid: 2836
ApplicationName:
CmdLine: C:\Windows\system32\Nmeggb32.exe
childid: 2992
childname: Nmeggb32.exe
childpath: C:\Windows\SysWOW64\Nmeggb32.exe
drop_type:
name: Ndifkech.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ndifkech.exe
pid: 2916
ApplicationName:
CmdLine: C:\Windows\system32\Oohmnmkc.exe
childid: 1452
childname: Oohmnmkc.exe
childpath: C:\Windows\SysWOW64\Oohmnmkc.exe
drop_type:
name: Nmeggb32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nmeggb32.exe
pid: 2992
ApplicationName:
CmdLine: C:\Windows\system32\Obkbeg32.exe
childid: 1260
childname: Obkbeg32.exe
childpath: C:\Windows\SysWOW64\Obkbeg32.exe
drop_type:
name: Oohmnmkc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Oohmnmkc.exe
pid: 1452
ApplicationName:
CmdLine: C:\Windows\system32\Penhmbap.exe
childid: 1900
childname: Penhmbap.exe
childpath: C:\Windows\SysWOW64\Penhmbap.exe
drop_type:
name: Obkbeg32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Obkbeg32.exe
pid: 1260
ApplicationName:
CmdLine: C:\Windows\system32\Pmjjio32.exe
childid: 896
childname: Pmjjio32.exe
childpath: C:\Windows\SysWOW64\Pmjjio32.exe
drop_type:
name: Penhmbap.exe
noNeedLine:
path: C:\Windows\SysWOW64\Penhmbap.exe
pid: 1900
ApplicationName:
CmdLine: C:\Windows\system32\Qlacpk32.exe
childid: 2176
childname: Qlacpk32.exe
childpath: C:\Windows\SysWOW64\Qlacpk32.exe
drop_type:
name: Pmjjio32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pmjjio32.exe
pid: 896
ApplicationName:
CmdLine: C:\Windows\system32\Apbiki32.exe
childid: 2568
childname: Apbiki32.exe
childpath: C:\Windows\SysWOW64\Apbiki32.exe
drop_type:
name: Qlacpk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Qlacpk32.exe
pid: 2176
ApplicationName:
CmdLine: C:\Windows\system32\Abenbdpd.exe
childid: 940
childname: Abenbdpd.exe
childpath: C:\Windows\SysWOW64\Abenbdpd.exe
drop_type:
name: Apbiki32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Apbiki32.exe
pid: 2568
ApplicationName:
CmdLine: C:\Windows\system32\Bfednbdh.exe
childid: 1020
childname: Bfednbdh.exe
childpath: C:\Windows\SysWOW64\Bfednbdh.exe
drop_type:
name: Abenbdpd.exe
noNeedLine:
path: C:\Windows\SysWOW64\Abenbdpd.exe
pid: 940
ApplicationName:
CmdLine: C:\Windows\system32\Bemmengn.exe
childid: 2260
childname: Bemmengn.exe
childpath: C:\Windows\SysWOW64\Bemmengn.exe
drop_type:
name: Bfednbdh.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bfednbdh.exe
pid: 1020
ApplicationName:
CmdLine: C:\Windows\system32\Cmioak32.exe
childid: 876
childname: Cmioak32.exe
childpath: C:\Windows\SysWOW64\Cmioak32.exe
drop_type:
name: Bemmengn.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bemmengn.exe
pid: 2260
ApplicationName:
CmdLine: C:\Windows\system32\Cpldheoi.exe
childid: 1572
childname: Cpldheoi.exe
childpath: C:\Windows\SysWOW64\Cpldheoi.exe
drop_type:
name: Cmioak32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cmioak32.exe
pid: 876
ApplicationName:
CmdLine: C:\Windows\system32\Ccojpp32.exe
childid: 1888
childname: Ccojpp32.exe
childpath: C:\Windows\SysWOW64\Ccojpp32.exe
drop_type:
name: Cpldheoi.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cpldheoi.exe
pid: 1572
ApplicationName:
CmdLine: C:\Windows\system32\Iaklnm32.exe
childid: 2732
childname: Iaklnm32.exe
childpath: C:\Windows\SysWOW64\Iaklnm32.exe
drop_type:
name: Ccojpp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ccojpp32.exe
pid: 1888
ApplicationName:
CmdLine: C:\Windows\system32\Icnaegco.exe
childid: 2604
childname: Icnaegco.exe
childpath: C:\Windows\SysWOW64\Icnaegco.exe
drop_type:
name: Iaklnm32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Iaklnm32.exe
pid: 2732
ApplicationName:
CmdLine: C:\Windows\system32\Ifagmb32.exe
childid: 788
childname: Ifagmb32.exe
childpath: C:\Windows\SysWOW64\Ifagmb32.exe
drop_type:
name: Icnaegco.exe
noNeedLine:
path: C:\Windows\SysWOW64\Icnaegco.exe
pid: 2604
ApplicationName:
CmdLine: C:\Windows\system32\Jnmhiojj.exe
childid: 432
childname: Jnmhiojj.exe
childpath: C:\Windows\SysWOW64\Jnmhiojj.exe
drop_type:
name: Ifagmb32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ifagmb32.exe
pid: 788
ApplicationName:
CmdLine: C:\Windows\system32\Japnpj32.exe
childid: 2452
childname: Japnpj32.exe
childpath: C:\Windows\SysWOW64\Japnpj32.exe
drop_type:
name: Jnmhiojj.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jnmhiojj.exe
pid: 432
ApplicationName:
CmdLine: C:\Windows\system32\Khophc32.exe
childid: 2640
childname: Khophc32.exe
childpath: C:\Windows\SysWOW64\Khophc32.exe
drop_type:
name: Japnpj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Japnpj32.exe
pid: 2452
ApplicationName:
CmdLine: C:\Windows\system32\Kkbeondo.exe
childid: 1364
childname: Kkbeondo.exe
childpath: C:\Windows\SysWOW64\Kkbeondo.exe
drop_type:
name: Khophc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Khophc32.exe
pid: 2640
ApplicationName:
CmdLine: C:\Windows\system32\Lmekfi32.exe
childid: 1720
childname: Lmekfi32.exe
childpath: C:\Windows\SysWOW64\Lmekfi32.exe
drop_type:
name: Kkbeondo.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kkbeondo.exe
pid: 1364
ApplicationName:
CmdLine: C:\Windows\system32\Lphqncjk.exe
childid: 1732
childname: Lphqncjk.exe
childpath: C:\Windows\SysWOW64\Lphqncjk.exe
drop_type:
name: Lmekfi32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lmekfi32.exe
pid: 1720
ApplicationName:
CmdLine: C:\Windows\system32\Mhdbjp32.exe
childid: 2844
childname: Mhdbjp32.exe
childpath: C:\Windows\SysWOW64\Mhdbjp32.exe
drop_type:
name: Lphqncjk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lphqncjk.exe
pid: 1732
ApplicationName:
CmdLine: C:\Windows\system32\Mkghakag.exe
childid: 2588
childname: Mkghakag.exe
childpath: C:\Windows\SysWOW64\Mkghakag.exe
drop_type:
name: Mhdbjp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mhdbjp32.exe
pid: 2844
ApplicationName:
CmdLine: C:\Windows\system32\Nnjmie32.exe
childid: 3004
childname: Nnjmie32.exe
childpath: C:\Windows\SysWOW64\Nnjmie32.exe
drop_type:
name: Mkghakag.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mkghakag.exe
pid: 2588
ApplicationName:
CmdLine: C:\Windows\system32\Nqmcpqhc.exe
childid: 1936
childname: Nqmcpqhc.exe
childpath: C:\Windows\SysWOW64\Nqmcpqhc.exe
drop_type:
name: Nnjmie32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nnjmie32.exe
pid: 3004
ApplicationName:
CmdLine: C:\Windows\system32\Ogldhj32.exe
childid: 1092
childname: Ogldhj32.exe
childpath: C:\Windows\SysWOW64\Ogldhj32.exe
drop_type:
name: Nqmcpqhc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nqmcpqhc.exe
pid: 1936
ApplicationName:
CmdLine: C:\Windows\system32\Onjfpc32.exe
childid: 1116
childname: Onjfpc32.exe
childpath: C:\Windows\SysWOW64\Onjfpc32.exe
drop_type:
name: Ogldhj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ogldhj32.exe
pid: 1092
ApplicationName:
CmdLine: C:\Windows\system32\Pggdch32.exe
childid: 2060
childname: Pggdch32.exe
childpath: C:\Windows\SysWOW64\Pggdch32.exe
drop_type:
name: Onjfpc32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Onjfpc32.exe
pid: 1116
ApplicationName:
CmdLine: C:\Windows\system32\Cbbcil32.exe
childid: 3012
childname: Cbbcil32.exe
childpath: C:\Windows\SysWOW64\Cbbcil32.exe
drop_type:
name: Pggdch32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pggdch32.exe
pid: 2060
ApplicationName:
CmdLine: C:\Windows\system32\Dogqpk32.exe
childid: 1784
childname: Dogqpk32.exe
childpath: C:\Windows\SysWOW64\Dogqpk32.exe
drop_type:
name: Cbbcil32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cbbcil32.exe
pid: 3012
ApplicationName:
CmdLine: C:\Windows\system32\Defbhd32.exe
childid: 3104
childname: Defbhd32.exe
childpath: C:\Windows\SysWOW64\Defbhd32.exe
drop_type:
name: Dogqpk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dogqpk32.exe
pid: 1784
ApplicationName:
CmdLine: C:\Windows\system32\Eihdib32.exe
childid: 3208
childname: Eihdib32.exe
childpath: C:\Windows\SysWOW64\Eihdib32.exe
drop_type:
name: Defbhd32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Defbhd32.exe
pid: 3104
ApplicationName:
CmdLine: C:\Windows\system32\Fpicfkqj.exe
childid: 3320
childname: Fpicfkqj.exe
childpath: C:\Windows\SysWOW64\Fpicfkqj.exe
drop_type:
name: Eihdib32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Eihdib32.exe
pid: 3208
ApplicationName:
CmdLine: C:\Windows\system32\Fcoece32.exe
childid: 3440
childname: Fcoece32.exe
childpath: C:\Windows\SysWOW64\Fcoece32.exe
drop_type:
name: Fpicfkqj.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fpicfkqj.exe
pid: 3320
ApplicationName:
CmdLine: C:\Windows\system32\Icknea32.exe
childid: 3556
childname: Icknea32.exe
childpath: C:\Windows\SysWOW64\Icknea32.exe
drop_type:
name: Fcoece32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fcoece32.exe
pid: 3440
ApplicationName:
CmdLine: C:\Windows\system32\Jcdqlp32.exe
childid: 3660
childname: Jcdqlp32.exe
childpath: C:\Windows\SysWOW64\Jcdqlp32.exe
drop_type:
name: Icknea32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Icknea32.exe
pid: 3556
ApplicationName:
CmdLine: C:\Windows\system32\Lfabpg32.exe
childid: 3780
childname: Lfabpg32.exe
childpath: C:\Windows\SysWOW64\Lfabpg32.exe
drop_type:
name: Jcdqlp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jcdqlp32.exe
pid: 3660
ApplicationName:
CmdLine: C:\Windows\system32\Makphoim.exe
childid: 3884
childname: Makphoim.exe
childpath: C:\Windows\SysWOW64\Makphoim.exe
drop_type:
name: Lfabpg32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lfabpg32.exe
pid: 3780
ApplicationName:
CmdLine: C:\Windows\system32\Mgmale32.exe
childid: 3988
childname: Mgmale32.exe
childpath: C:\Windows\SysWOW64\Mgmale32.exe
drop_type:
name: Makphoim.exe
noNeedLine:
path: C:\Windows\SysWOW64\Makphoim.exe
pid: 3884
ApplicationName:
CmdLine: C:\Windows\system32\Ndjelhjn.exe
childid: 3084
childname: Ndjelhjn.exe
childpath: C:\Windows\SysWOW64\Ndjelhjn.exe
drop_type:
name: Mgmale32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mgmale32.exe
pid: 3988
ApplicationName:
CmdLine: C:\Windows\system32\Acpcjpbq.exe
childid: 3168
childname: Acpcjpbq.exe
childpath: C:\Windows\SysWOW64\Acpcjpbq.exe
drop_type:
name: Ndjelhjn.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ndjelhjn.exe
pid: 3084
ApplicationName:
CmdLine: C:\Windows\system32\Cnhndfba.exe
childid: 3340
childname: Cnhndfba.exe
childpath: C:\Windows\SysWOW64\Cnhndfba.exe
drop_type:
name: Acpcjpbq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Acpcjpbq.exe
pid: 3168
ApplicationName:
CmdLine: C:\Windows\system32\Elhfpgik.exe
childid: 3488
childname: Elhfpgik.exe
childpath: C:\Windows\SysWOW64\Elhfpgik.exe
drop_type:
name: Cnhndfba.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cnhndfba.exe
pid: 3340
ApplicationName:
CmdLine: C:\Windows\system32\Gdfaaffq.exe
childid: 3592
childname: Gdfaaffq.exe
childpath: C:\Windows\SysWOW64\Gdfaaffq.exe
drop_type:
name: Elhfpgik.exe
noNeedLine:
path: C:\Windows\SysWOW64\Elhfpgik.exe
pid: 3488
ApplicationName:
CmdLine: C:\Windows\system32\Hdngae32.exe
childid: 3684
childname: Hdngae32.exe
childpath: C:\Windows\SysWOW64\Hdngae32.exe
drop_type:
name: Gdfaaffq.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gdfaaffq.exe
pid: 3592
ApplicationName:
CmdLine: C:\Windows\system32\Icjgkk32.exe
childid: 3860
childname: Icjgkk32.exe
childpath: C:\Windows\SysWOW64\Icjgkk32.exe
drop_type:
name: Hdngae32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hdngae32.exe
pid: 3684
ApplicationName:
CmdLine: C:\Windows\system32\Kfbodcfa.exe
childid: 3956
childname: Kfbodcfa.exe
childpath: C:\Windows\SysWOW64\Kfbodcfa.exe
drop_type:
name: Icjgkk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Icjgkk32.exe
pid: 3860
ApplicationName:
CmdLine:
childid: 916
childname: 1620945012744_a3f6bdc35f7f2791493c89c91e4d3cbd.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620945012744_a3f6bdc35f7f2791493c89c91e4d3cbd.exe
drop_type:
name:
noNeedLine:
path:
pid: 2236

 Summary

buffer: C:\Windows\system32\Adhkkpkq.dll
processid: 916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 916
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nkndlcem.dll
processid: 3056
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3056
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3056
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pgmhgdha.dll
processid: 2684
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2684
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2684
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ofoeobbp.dll
processid: 2084
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2084
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2084
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Oknfiifk.dll
processid: 1276
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1276
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1276
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bgbkip32.dll
processid: 784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 784
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Acecbf32.dll
processid: 1128
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1128
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1128
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lckhlanh.dll
processid: 3068
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3068
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3068
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mlbpfnol.dll
processid: 2340
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2340
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2340
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Maaqqdcg.dll
processid: 2536
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2536
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2536
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dkmlgp32.dll
processid: 2224
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2224
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2224
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nnjdfmln.dll
processid: 3044
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3044
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3044
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Iifncakn.dll
processid: 2404
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2404
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2404
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pgkafkcd.dll
processid: 3020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3020
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pljbqaho.dll
processid: 1640
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1640
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1640
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Njccojid.dll
processid: 276
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 276
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 276
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Eoopkgac.dll
processid: 808
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 808
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 808
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Qhloplni.dll
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2436
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2436
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nnokmgqp.dll
processid: 1896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1896
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nbnmgmdk.dll
processid: 2308
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2308
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2308
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ndlmam32.dll
processid: 2252
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2252
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2252
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bckljh32.dll
processid: 1344
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1344
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1344
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dpipei32.dll
processid: 2488
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2488
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2488
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jagmab32.dll
processid: 3016
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3016
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3016
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mfjcmgif.dll
processid: 2168
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2168
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2168
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dkepid32.dll
processid: 1948
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1948
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1948
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Onpmoo32.dll
processid: 2432
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2432
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pfmdjehk.dll
processid: 2104
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2104
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2104
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dhdbkebb.dll
processid: 1752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1752
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1752
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Acaohaok.dll
processid: 1476
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1476
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1476
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cnkehjnd.dll
processid: 2896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2896
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dfdgei32.dll
processid: 1384
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1384
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1384
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cbqcbjkf.dll
processid: 1976
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1976
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1976
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Caegmh32.dll
processid: 1768
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1768
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1768
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Okejaomi.dll
processid: 2292
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2292
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2292
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lmppconq.dll
processid: 3028
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3028
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3028
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hbllle32.dll
processid: 2836
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2836
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2836
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ppoggm32.dll
processid: 2916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2916
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2916
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ljoceq32.dll
processid: 2992
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2992
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2992
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ejgjkk32.dll
processid: 1452
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1452
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1452
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lbgdep32.dll
processid: 1260
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1260
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1260
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ohdnlm32.dll
processid: 1900
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1900
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1900
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jckbenkd.dll
processid: 896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 896
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 896
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Agfpqk32.dll
processid: 2176
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2176
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2176
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nmfaolpj.dll
processid: 2568
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2568
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2568
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ndenclkh.dll
processid: 940
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 940
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 940
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nhdonb32.dll
processid: 1020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1020
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1020
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Icafke32.dll
processid: 2260
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2260
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2260
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Phenii32.dll
processid: 876
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 876
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 876
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fbflhhnj.dll
processid: 1572
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1572
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1572
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lncglmkd.dll
processid: 1888
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1888
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1888
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Idelhjpn.dll
processid: 2732
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2732
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2732
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Feqbijaf.dll
processid: 2604
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2604
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2604
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jobeda32.dll
processid: 788
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 788
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 788
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kfhnam32.dll
processid: 432
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 432
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fimnoo32.dll
processid: 2452
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2452
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2452
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mbojbkgn.dll
processid: 2640
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2640
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2640
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ejfbem32.dll
processid: 1364
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1364
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1364
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Khjkaf32.dll
processid: 1720
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1720
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1720
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Biggcq32.dll
processid: 1732
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1732
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1732
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bbkblfkm.dll
processid: 2844
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2844
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2844
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cclikl32.dll
processid: 2588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2588
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2588
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Imhigqlo.dll
processid: 3004
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3004
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3004
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Eeggja32.dll
processid: 1936
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1936
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1936
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Dqneqpag.dll
processid: 1092
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1092
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1092
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ahajpcll.dll
processid: 1116
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1116
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1116
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Abnmde32.dll
processid: 2060
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2060
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2060
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Eejabp32.dll
processid: 3012
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3012
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3012
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fdmnfmmi.dll
processid: 1784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1784
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Meoded32.dll
processid: 3104
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3104
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3104
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cidcmg32.dll
processid: 3208
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3208
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3208
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lnmhkkgq.dll
processid: 3320
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3320
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3320
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mbjnjb32.dll
processid: 3440
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3440
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3440
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mndeje32.dll
processid: 3556
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3556
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3556
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fnoqbeef.dll
processid: 3660
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3660
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3660
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jkmqph32.dll
processid: 3780
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3780
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3780
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Medlne32.dll
processid: 3884
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3884
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3884
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cphheg32.dll
processid: 3988
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3988
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3988
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nchbadme.dll
processid: 3084
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3084
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3084
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mehffdak.dll
processid: 3168
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3168
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3168
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Moghedon.dll
processid: 3340
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3340
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3340
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event