blackmoon | 7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe
Size

3.7MB
MD5

6b042ecf7c29ad15534621096520cab6
SHA1

a0e7ae80322f62f7fb7c13daf17fa7f4bf2fa401
SHA256

7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799
SHA512

b63817abac66a103cdc10149b2ff62a63a8ec86325e8d2b19936fa375292156a5899298e857cbd4dd4b811ee81ce70383087c26a31b222b51d6cb230fe25cc02
SSDEEP

49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98o:U6XLq/qPPslzKx/dJg1ErmNl

Score

10^/10

blackmoon njrat banker discovery trojan upx

Malware Config

Signatures

Blackmoon family
blackmoon
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 63 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2724-5-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2432-11-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1812-17-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/316-19-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2136-31-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4512-32-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4932-44-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/412-43-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3708-54-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/5072-59-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2524-68-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3856-67-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4480-94-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3068-101-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2904-116-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1616-123-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1032-129-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3500-134-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3316-140-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2060-156-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2868-167-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3544-172-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/812-180-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/392-186-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3800-190-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3760-203-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2392-210-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4620-214-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4448-218-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/596-222-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1672-229-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2924-233-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4868-242-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1468-249-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/184-256-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/552-265-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2524-268-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3420-271-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/336-287-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/716-291-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/740-307-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3680-317-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3864-321-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1760-341-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/440-381-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3996-397-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1480-428-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3536-432-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2872-469-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1960-473-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/5088-492-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/232-502-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2920-515-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4252-561-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1488-622-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1608-659-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4368-690-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4060-943-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1988-1079-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/184-1089-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4536-1165-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2324-2066-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Executes dropped EXE 64 IoCs

Processes:

nbnnnb.exenbtthn.exetntttb.exejdvdv.exettbnnh.exevjvvj.exellffxxx.exexfllflf.exeffxxrfr.exerlrrflr.exe7ppjv.exelfrrrrr.exexxlrrxx.exebbnhhn.exebthntt.exerlrrrff.exelrxxlll.exevdppj.exevppjv.exevjjpp.exevvppj.exerrllffl.exebbtbhh.exelrxxxrf.exepdjpp.exedjjjj.exebntttb.exexffrfrx.exetthnnn.exexrrxflf.exeddjvd.exefrlrxxr.exexflllll.exexxllffx.exevpvpp.exejdvvd.exelllfxrl.exeffrxflr.exellxxxrr.exerlffflr.exexxxxrxx.exexrrlllf.exetnbbtt.exethbbtb.exetnttnn.exejvvpd.exedppjj.exedpdpj.exejjjdv.exe7pjdv.exeffxfxxl.exexrrxflr.exerrrxrrr.exefrflxfr.exebtthbh.exethtnnn.exepjdvj.exexrxlllf.exelrxlxrr.exebtbttt.exe7thbnn.exebbhhnt.exejpvdd.exevppjd.exe

pid	Process
2432	nbnnnb.exe
316	nbtthn.exe
1812	tntttb.exe
2136	jdvdv.exe
4512	ttbnnh.exe
412	vjvvj.exe
4932	llffxxx.exe
3708	xfllflf.exe
5072	ffxxrfr.exe
3856	rlrrflr.exe
2524	7ppjv.exe
3848	lfrrrrr.exe
2248	xxlrrxx.exe
2236	bbnhhn.exe
4480	bthntt.exe
3488	rlrrrff.exe
3068	lrxxlll.exe
2624	vdppj.exe
2904	vppjv.exe
1616	vjjpp.exe
1032	vvppj.exe
3500	rrllffl.exe
3316	bbtbhh.exe
1592	lrxxxrf.exe
232	pdjpp.exe
2060	djjjj.exe
3980	bntttb.exe
2868	xffrfrx.exe
3544	tthnnn.exe
812	xrrxflf.exe
392	ddjvd.exe
3800	frlrxxr.exe
1684	xflllll.exe
4748	xxllffx.exe
540	vpvpp.exe
3760	jdvvd.exe
4316	lllfxrl.exe
2392	ffrxflr.exe
4620	llxxxrr.exe
4448	rlffflr.exe
596	xxxxrxx.exe
4456	xrrlllf.exe
1672	tnbbtt.exe
2924	thbbtb.exe
1520	tnttnn.exe
3124	jvvpd.exe
4868	dppjj.exe
2360	dpdpj.exe
1468	jjjdv.exe
1988	7pjdv.exe
184	ffxfxxl.exe
660	xrrxflr.exe
4200	rrrxrrr.exe
552	frflxfr.exe
2524	btthbh.exe
3420	thtnnn.exe
368	pjdvj.exe
2856	xrxlllf.exe
4816	lrxlxrr.exe
4812	btbttt.exe
336	7thbnn.exe
716	bbhhnt.exe
3172	jpvdd.exe
4476	vppjd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2724-0-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2724-5-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000c000000023b60-6.dat	upx
behavioral2/files/0x000a000000023b68-9.dat	upx
behavioral2/memory/2432-11-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023b65-13.dat	upx
behavioral2/memory/1812-17-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/316-19-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b69-23.dat	upx
behavioral2/memory/2136-25-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b6b-28.dat	upx
behavioral2/memory/2136-31-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4512-32-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b6c-36.dat	upx
behavioral2/files/0x000a000000023b6d-41.dat	upx
behavioral2/memory/4932-44-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/412-43-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b6e-47.dat	upx
behavioral2/files/0x000a000000023b6f-52.dat	upx
behavioral2/memory/3708-54-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0031000000023b70-60.dat	upx
behavioral2/memory/5072-59-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0031000000023b71-64.dat	upx
behavioral2/memory/2524-68-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3856-67-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0031000000023b72-72.dat	upx
behavioral2/files/0x000a000000023b73-76.dat	upx
behavioral2/files/0x000a000000023b74-81.dat	upx
behavioral2/memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b75-88.dat	upx
behavioral2/files/0x000a000000023b77-92.dat	upx
behavioral2/memory/4480-94-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b78-98.dat	upx
behavioral2/memory/3068-101-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b79-104.dat	upx
behavioral2/files/0x000a000000023b7a-110.dat	upx
behavioral2/files/0x000a000000023b7b-114.dat	upx
behavioral2/memory/2904-116-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b7c-120.dat	upx
behavioral2/memory/1616-123-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b7d-126.dat	upx
behavioral2/memory/1032-129-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-132.dat	upx
behavioral2/memory/3500-134-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b7f-139.dat	upx
behavioral2/memory/3316-140-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b81-146.dat	upx
behavioral2/files/0x000a000000023b82-149.dat	upx
behavioral2/files/0x000a000000023b83-154.dat	upx
behavioral2/memory/2060-156-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b84-160.dat	upx
behavioral2/memory/2868-167-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b85-165.dat	upx
behavioral2/memory/3544-172-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b86-173.dat	upx
behavioral2/files/0x000a000000023b87-177.dat	upx
behavioral2/memory/812-180-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023b88-183.dat	upx
behavioral2/memory/392-186-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3800-190-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3760-203-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2392-210-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4620-214-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4448-218-0x0000000000400000-0x0000000000427000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

7thbnn.exeppjpp.exerrllffl.exennhbnh.exedjjpv.exevjvvv.exerllfxxx.exe7ffxrrl.exehhbhbh.exefflffxx.exepvjjd.exepjvpp.exevjddj.exennnhhh.exevjppd.exelrfxrrl.exehbnntt.exejdpjj.exevvppj.exebnhhtt.exejvddp.exeddjdv.exe1hnhbb.exeththnt.exexrxlllf.exelxfrllf.exe5jppj.exetnttnn.exehthbtt.exetttttt.exettttnt.exenbhhbb.exehhhbhb.exejjddj.exe9pjjp.exeddpjj.exexxxxrxr.exedpppv.exenbttbh.exe9jvpj.exe5dppd.exexrxxrll.exenbbbhn.exedjjjj.exefllllrr.exevppjd.exejvdvp.exethbhtt.exethnhnn.exepvvdd.exebthntt.exevpppj.exejjpdd.exelxlxrrl.exettbbbb.exevpdjj.exe9bbtnn.exeppjvj.exehnnnnt.exenhnhbb.exerxrlffx.exenthhhn.exexlrlffx.exevppjv.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7thbnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ppjpp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rrllffl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nnhbnh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	djjpv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vjvvv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rllfxxx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ffxrrl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hhbhbh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fflffxx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pvjjd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pjvpp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vjddj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nnnhhh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vjppd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lrfxrrl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hbnntt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jdpjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vvppj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bnhhtt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jvddp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ddjdv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1hnhbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ththnt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xrxlllf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lxfrllf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5jppj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tnttnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hthbtt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tttttt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ttttnt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbhhbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hhhbhb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jjddj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9pjjp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ddpjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xxxxrxr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dpppv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbttbh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9jvpj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5dppd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xrxxrll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbbbhn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	djjjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fllllrr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vppjd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jvdvp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	thbhtt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	thnhnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pvvdd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bthntt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vpppj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jjpdd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lxlxrrl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ttbbbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vpdjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9bbtnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ppjvj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hnnnnt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nhnhbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rxrlffx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nthhhn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xlrlffx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vppjv.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exenbnnnb.exenbtthn.exetntttb.exejdvdv.exettbnnh.exevjvvj.exellffxxx.exexfllflf.exeffxxrfr.exerlrrflr.exe7ppjv.exelfrrrrr.exexxlrrxx.exebbnhhn.exebthntt.exerlrrrff.exelrxxlll.exevdppj.exevppjv.exevjjpp.exevvppj.exe

description	pid	Process	procid_target
PID 2724 wrote to memory of 2432	2724	7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe	82
PID 2724 wrote to memory of 2432	2724	7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe	82
PID 2724 wrote to memory of 2432	2724	7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe	82
PID 2432 wrote to memory of 316	2432	nbnnnb.exe	83
PID 2432 wrote to memory of 316	2432	nbnnnb.exe	83
PID 2432 wrote to memory of 316	2432	nbnnnb.exe	83
PID 316 wrote to memory of 1812	316	nbtthn.exe	84
PID 316 wrote to memory of 1812	316	nbtthn.exe	84
PID 316 wrote to memory of 1812	316	nbtthn.exe	84
PID 1812 wrote to memory of 2136	1812	tntttb.exe	85
PID 1812 wrote to memory of 2136	1812	tntttb.exe	85
PID 1812 wrote to memory of 2136	1812	tntttb.exe	85
PID 2136 wrote to memory of 4512	2136	jdvdv.exe	86
PID 2136 wrote to memory of 4512	2136	jdvdv.exe	86
PID 2136 wrote to memory of 4512	2136	jdvdv.exe	86
PID 4512 wrote to memory of 412	4512	ttbnnh.exe	87
PID 4512 wrote to memory of 412	4512	ttbnnh.exe	87
PID 4512 wrote to memory of 412	4512	ttbnnh.exe	87
PID 412 wrote to memory of 4932	412	vjvvj.exe	88
PID 412 wrote to memory of 4932	412	vjvvj.exe	88
PID 412 wrote to memory of 4932	412	vjvvj.exe	88
PID 4932 wrote to memory of 3708	4932	llffxxx.exe	89
PID 4932 wrote to memory of 3708	4932	llffxxx.exe	89
PID 4932 wrote to memory of 3708	4932	llffxxx.exe	89
PID 3708 wrote to memory of 5072	3708	xfllflf.exe	90
PID 3708 wrote to memory of 5072	3708	xfllflf.exe	90
PID 3708 wrote to memory of 5072	3708	xfllflf.exe	90
PID 5072 wrote to memory of 3856	5072	ffxxrfr.exe	91
PID 5072 wrote to memory of 3856	5072	ffxxrfr.exe	91
PID 5072 wrote to memory of 3856	5072	ffxxrfr.exe	91
PID 3856 wrote to memory of 2524	3856	rlrrflr.exe	92
PID 3856 wrote to memory of 2524	3856	rlrrflr.exe	92
PID 3856 wrote to memory of 2524	3856	rlrrflr.exe	92
PID 2524 wrote to memory of 3848	2524	7ppjv.exe	93
PID 2524 wrote to memory of 3848	2524	7ppjv.exe	93
PID 2524 wrote to memory of 3848	2524	7ppjv.exe	93
PID 3848 wrote to memory of 2248	3848	lfrrrrr.exe	94
PID 3848 wrote to memory of 2248	3848	lfrrrrr.exe	94
PID 3848 wrote to memory of 2248	3848	lfrrrrr.exe	94
PID 2248 wrote to memory of 2236	2248	xxlrrxx.exe	95
PID 2248 wrote to memory of 2236	2248	xxlrrxx.exe	95
PID 2248 wrote to memory of 2236	2248	xxlrrxx.exe	95
PID 2236 wrote to memory of 4480	2236	bbnhhn.exe	98
PID 2236 wrote to memory of 4480	2236	bbnhhn.exe	98
PID 2236 wrote to memory of 4480	2236	bbnhhn.exe	98
PID 4480 wrote to memory of 3488	4480	bthntt.exe	100
PID 4480 wrote to memory of 3488	4480	bthntt.exe	100
PID 4480 wrote to memory of 3488	4480	bthntt.exe	100
PID 3488 wrote to memory of 3068	3488	rlrrrff.exe	102
PID 3488 wrote to memory of 3068	3488	rlrrrff.exe	102
PID 3488 wrote to memory of 3068	3488	rlrrrff.exe	102
PID 3068 wrote to memory of 2624	3068	lrxxlll.exe	103
PID 3068 wrote to memory of 2624	3068	lrxxlll.exe	103
PID 3068 wrote to memory of 2624	3068	lrxxlll.exe	103
PID 2624 wrote to memory of 2904	2624	vdppj.exe	104
PID 2624 wrote to memory of 2904	2624	vdppj.exe	104
PID 2624 wrote to memory of 2904	2624	vdppj.exe	104
PID 2904 wrote to memory of 1616	2904	vppjv.exe	105
PID 2904 wrote to memory of 1616	2904	vppjv.exe	105
PID 2904 wrote to memory of 1616	2904	vppjv.exe	105
PID 1616 wrote to memory of 1032	1616	vjjpp.exe	106
PID 1616 wrote to memory of 1032	1616	vjjpp.exe	106
PID 1616 wrote to memory of 1032	1616	vjjpp.exe	106
PID 1032 wrote to memory of 3500	1032	vvppj.exe	107

C:\Users\Admin\AppData\Local\Temp\7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe
"C:\Users\Admin\AppData\Local\Temp\7971881855b6c6c2ac99fc9ac82def577ee578345d4f24e043e9415661bbc799.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- \??\c:\nbnnnb.exe
  c:\nbnnnb.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2432
- - \??\c:\nbtthn.exe
    c:\nbtthn.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:316
  - - \??\c:\tntttb.exe
      c:\tntttb.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1812
    - - \??\c:\jdvdv.exe
        
        c:\jdvdv.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2136
      - \??\c:\ttbnnh.exe
        
        c:\ttbnnh.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        \??\c:\vjvvj.exe
        
        c:\vjvvj.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:412
        
        \??\c:\llffxxx.exe
        
        c:\llffxxx.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4932
        
        \??\c:\xfllflf.exe
        
        c:\xfllflf.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3708
        
        \??\c:\ffxxrfr.exe
        
        c:\ffxxrfr.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5072
        
        \??\c:\rlrrflr.exe
        
        c:\rlrrflr.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3856
        
        \??\c:\7ppjv.exe
        
        c:\7ppjv.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2524
        
        \??\c:\lfrrrrr.exe
        
        c:\lfrrrrr.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3848
        
        \??\c:\xxlrrxx.exe
        
        c:\xxlrrxx.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2248
        
        \??\c:\bbnhhn.exe
        
        c:\bbnhhn.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2236
        
        \??\c:\bthntt.exe
        
        c:\bthntt.exe
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4480
        
        \??\c:\rlrrrff.exe
        
        c:\rlrrrff.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3488
        
        \??\c:\lrxxlll.exe
        
        c:\lrxxlll.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        \??\c:\vdppj.exe
        
        c:\vdppj.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        \??\c:\vppjv.exe
        
        c:\vppjv.exe
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2904
        
        \??\c:\vjjpp.exe
        
        c:\vjjpp.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        \??\c:\vvppj.exe
        
        c:\vvppj.exe
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1032
        
        \??\c:\rrllffl.exe
        
        c:\rrllffl.exe
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3500
        
        \??\c:\bbtbhh.exe
        
        c:\bbtbhh.exe
        24⤵
        Executes dropped EXE
        
        PID:3316
        
        \??\c:\lrxxxrf.exe
        
        c:\lrxxxrf.exe
        25⤵
        Executes dropped EXE
        
        PID:1592
        
        \??\c:\pdjpp.exe
        
        c:\pdjpp.exe
        26⤵
        Executes dropped EXE
        
        PID:232
        
        \??\c:\djjjj.exe
        
        c:\djjjj.exe
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        \??\c:\bntttb.exe
        
        c:\bntttb.exe
        28⤵
        Executes dropped EXE
        
        PID:3980
        
        \??\c:\xffrfrx.exe
        
        c:\xffrfrx.exe
        29⤵
        Executes dropped EXE
        
        PID:2868
        
        \??\c:\tthnnn.exe
        
        c:\tthnnn.exe
        30⤵
        Executes dropped EXE
        
        PID:3544
        
        \??\c:\xrrxflf.exe
        
        c:\xrrxflf.exe
        31⤵
        Executes dropped EXE
        
        PID:812
        
        \??\c:\ddjvd.exe
        
        c:\ddjvd.exe
        32⤵
        Executes dropped EXE
        
        PID:392
        
        \??\c:\frlrxxr.exe
        
        c:\frlrxxr.exe
        33⤵
        Executes dropped EXE
        
        PID:3800
        
        \??\c:\xflllll.exe
        
        c:\xflllll.exe
        34⤵
        Executes dropped EXE
        
        PID:1684
        
        \??\c:\xxllffx.exe
        
        c:\xxllffx.exe
        35⤵
        Executes dropped EXE
        
        PID:4748
        
        \??\c:\vpvpp.exe
        
        c:\vpvpp.exe
        36⤵
        Executes dropped EXE
        
        PID:540
        
        \??\c:\jdvvd.exe
        
        c:\jdvvd.exe
        37⤵
        Executes dropped EXE
        
        PID:3760
        
        \??\c:\lllfxrl.exe
        
        c:\lllfxrl.exe
        38⤵
        Executes dropped EXE
        
        PID:4316
        
        \??\c:\ffrxflr.exe
        
        c:\ffrxflr.exe
        39⤵
        Executes dropped EXE
        
        PID:2392
        
        \??\c:\llxxxrr.exe
        
        c:\llxxxrr.exe
        40⤵
        Executes dropped EXE
        
        PID:4620
        
        \??\c:\rlffflr.exe
        
        c:\rlffflr.exe
        41⤵
        Executes dropped EXE
        
        PID:4448
        
        \??\c:\xxxxrxx.exe
        
        c:\xxxxrxx.exe
        42⤵
        Executes dropped EXE
        
        PID:596
        
        \??\c:\xrrlllf.exe
        
        c:\xrrlllf.exe
        43⤵
        Executes dropped EXE
        
        PID:4456
        
        \??\c:\tnbbtt.exe
        
        c:\tnbbtt.exe
        44⤵
        Executes dropped EXE
        
        PID:1672
        
        \??\c:\thbbtb.exe
        
        c:\thbbtb.exe
        45⤵
        Executes dropped EXE
        
        PID:2924
        
        \??\c:\tnttnn.exe
        
        c:\tnttnn.exe
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        \??\c:\jvvpd.exe
        
        c:\jvvpd.exe
        47⤵
        Executes dropped EXE
        
        PID:3124
        
        \??\c:\dppjj.exe
        
        c:\dppjj.exe
        48⤵
        Executes dropped EXE
        
        PID:4868
        
        \??\c:\dpdpj.exe
        
        c:\dpdpj.exe
        49⤵
        Executes dropped EXE
        
        PID:2360
        
        \??\c:\jjjdv.exe
        
        c:\jjjdv.exe
        50⤵
        Executes dropped EXE
        
        PID:1468
        
        \??\c:\7pjdv.exe
        
        c:\7pjdv.exe
        51⤵
        Executes dropped EXE
        
        PID:1988
        
        \??\c:\ffxfxxl.exe
        
        c:\ffxfxxl.exe
        52⤵
        Executes dropped EXE
        
        PID:184
        
        \??\c:\xrrxflr.exe
        
        c:\xrrxflr.exe
        53⤵
        Executes dropped EXE
        
        PID:660
        
        \??\c:\rrrxrrr.exe
        
        c:\rrrxrrr.exe
        54⤵
        Executes dropped EXE
        
        PID:4200
        
        \??\c:\frflxfr.exe
        
        c:\frflxfr.exe
        55⤵
        Executes dropped EXE
        
        PID:552
        
        \??\c:\btthbh.exe
        
        c:\btthbh.exe
        56⤵
        Executes dropped EXE
        
        PID:2524
        
        \??\c:\thtnnn.exe
        
        c:\thtnnn.exe
        57⤵
        Executes dropped EXE
        
        PID:3420
        
        \??\c:\pjdvj.exe
        
        c:\pjdvj.exe
        58⤵
        Executes dropped EXE
        
        PID:368
        
        \??\c:\xrxlllf.exe
        
        c:\xrxlllf.exe
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        \??\c:\lrxlxrr.exe
        
        c:\lrxlxrr.exe
        60⤵
        Executes dropped EXE
        
        PID:4816
        
        \??\c:\btbttt.exe
        
        c:\btbttt.exe
        61⤵
        Executes dropped EXE
        
        PID:4812
        
        \??\c:\7thbnn.exe
        
        c:\7thbnn.exe
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:336
        
        \??\c:\bbhhnt.exe
        
        c:\bbhhnt.exe
        63⤵
        Executes dropped EXE
        
        PID:716
        
        \??\c:\jpvdd.exe
        
        c:\jpvdd.exe
        64⤵
        Executes dropped EXE
        
        PID:3172
        
        \??\c:\vppjd.exe
        
        c:\vppjd.exe
        65⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        \??\c:\vvdjd.exe
        
        c:\vvdjd.exe
        66⤵
        
        PID:1420
        
        \??\c:\jvjjj.exe
        
        c:\jvjjj.exe
        67⤵
        
        PID:1644
        
        \??\c:\pjjjj.exe
        
        c:\pjjjj.exe
        68⤵
        
        PID:740
        
        \??\c:\rxlflfl.exe
        
        c:\rxlflfl.exe
        69⤵
        
        PID:3332
        
        \??\c:\rrrrrff.exe
        
        c:\rrrrrff.exe
        70⤵
        
        PID:3736
        
        \??\c:\nhnhhh.exe
        
        c:\nhnhhh.exe
        71⤵
        
        PID:3680
        
        \??\c:\nbhnnh.exe
        
        c:\nbhnnh.exe
        72⤵
        
        PID:3864
        
        \??\c:\bhtttt.exe
        
        c:\bhtttt.exe
        73⤵
        
        PID:3080
        
        \??\c:\hbtbhh.exe
        
        c:\hbtbhh.exe
        74⤵
        
        PID:636
        
        \??\c:\vjpjd.exe
        
        c:\vjpjd.exe
        75⤵
        
        PID:1120
        
        \??\c:\jppjd.exe
        
        c:\jppjd.exe
        76⤵
        
        PID:3620
        
        \??\c:\dvpvv.exe
        
        c:\dvpvv.exe
        77⤵
        
        PID:5076
        
        \??\c:\xrffxff.exe
        
        c:\xrffxff.exe
        78⤵
        
        PID:1760
        
        \??\c:\rllfrfx.exe
        
        c:\rllfrfx.exe
        79⤵
        
        PID:2788
        
        \??\c:\rrfxrrr.exe
        
        c:\rrfxrrr.exe
        80⤵
        
        PID:3384
        
        \??\c:\xrxxrll.exe
        
        c:\xrxxrll.exe
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        \??\c:\nhtnnt.exe
        
        c:\nhtnnt.exe
        82⤵
        
        PID:940
        
        \??\c:\nbhhhh.exe
        
        c:\nbhhhh.exe
        83⤵
        
        PID:4368
        
        \??\c:\hhnhbb.exe
        
        c:\hhnhbb.exe
        84⤵
        
        PID:4756
        
        \??\c:\btntbh.exe
        
        c:\btntbh.exe
        85⤵
        
        PID:2808
        
        \??\c:\hhbhbh.exe
        
        c:\hhbhbh.exe
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        87⤵
        
        PID:5060
        
        \??\c:\hbtthh.exe
        
        c:\hbtthh.exe
        88⤵
        
        PID:3760
        
        \??\c:\ttbbtb.exe
        
        c:\ttbbtb.exe
        89⤵
        
        PID:1140
        
        \??\c:\ttttnt.exe
        
        c:\ttttnt.exe
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
        
        \??\c:\jjjjj.exe
        
        c:\jjjjj.exe
        91⤵
        
        PID:440
        
        \??\c:\vdjpp.exe
        
        c:\vdjpp.exe
        92⤵
        
        PID:956
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        93⤵
        
        PID:836
        
        \??\c:\jpdvd.exe
        
        c:\jpdvd.exe
        94⤵
        
        PID:1416
        
        \??\c:\rrlffxx.exe
        
        c:\rrlffxx.exe
        95⤵
        
        PID:980
        
        \??\c:\lxfrllf.exe
        
        c:\lxfrllf.exe
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        \??\c:\rrfffff.exe
        
        c:\rrfffff.exe
        97⤵
        
        PID:3884
        
        \??\c:\fflllll.exe
        
        c:\fflllll.exe
        98⤵
        
        PID:4924
        
        \??\c:\xfrrxxl.exe
        
        c:\xfrrxxl.exe
        99⤵
        
        PID:628
        
        \??\c:\fxxlxxx.exe
        
        c:\fxxlxxx.exe
        100⤵
        
        PID:412
        
        \??\c:\hnbtnh.exe
        
        c:\hnbtnh.exe
        101⤵
        
        PID:4364
        
        \??\c:\bnnttt.exe
        
        c:\bnnttt.exe
        102⤵
        
        PID:3668
        
        \??\c:\bbhhbb.exe
        
        c:\bbhhbb.exe
        103⤵
        
        PID:2932
        
        \??\c:\3hbhhn.exe
        
        c:\3hbhhn.exe
        104⤵
        
        PID:184
        
        \??\c:\hthbtt.exe
        
        c:\hthbtt.exe
        105⤵
        
        PID:3856
        
        \??\c:\thtttb.exe
        
        c:\thtttb.exe
        106⤵
        
        PID:1480
        
        \??\c:\bnnnbb.exe
        
        c:\bnnnbb.exe
        107⤵
        
        PID:3536
        
        \??\c:\bbhbbn.exe
        
        c:\bbhbbn.exe
        108⤵
        
        PID:2092
        
        \??\c:\hntnhh.exe
        
        c:\hntnhh.exe
        109⤵
        
        PID:2704
        
        \??\c:\vjddj.exe
        
        c:\vjddj.exe
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        \??\c:\vvdjv.exe
        
        c:\vvdjv.exe
        111⤵
        
        PID:3420
        
        \??\c:\jvjjd.exe
        
        c:\jvjjd.exe
        112⤵
        
        PID:2532
        
        \??\c:\jdddj.exe
        
        c:\jdddj.exe
        113⤵
        
        PID:368
        
        \??\c:\lrfxrrl.exe
        
        c:\lrfxrrl.exe
        114⤵
        
        PID:1964
        
        \??\c:\jjvpp.exe
        
        c:\jjvpp.exe
        115⤵
        
        PID:3144
        
        \??\c:\rfffflx.exe
        
        c:\rfffflx.exe
        116⤵
        
        PID:4812
        
        \??\c:\xxlxxrr.exe
        
        c:\xxlxxrr.exe
        117⤵
        
        PID:336
        
        \??\c:\jjddp.exe
        
        c:\jjddp.exe
        118⤵
        
        PID:3424
        
        \??\c:\5jvpp.exe
        
        c:\5jvpp.exe
        119⤵
        
        PID:2872
        
        \??\c:\vpppj.exe
        
        c:\vpppj.exe
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        \??\c:\xlrrrlf.exe
        
        c:\xlrrrlf.exe
        121⤵
        
        PID:1420
        
        \??\c:\llrrlrl.exe
        
        c:\llrrlrl.exe
        122⤵
        
        PID:1032
        
        \??\c:\fxxxxff.exe
        
        c:\fxxxxff.exe
        123⤵
        
        PID:5108
        
        \??\c:\1rllfrr.exe
        
        c:\1rllfrr.exe
        124⤵
        
        PID:3332
        
        \??\c:\xrlrrff.exe
        
        c:\xrlrrff.exe
        125⤵
        
        PID:3736
        
        \??\c:\lllrxfl.exe
        
        c:\lllrxfl.exe
        126⤵
        
        PID:5088
        
        \??\c:\rrlrfff.exe
        
        c:\rrlrfff.exe
        127⤵
        
        PID:908
        
        \??\c:\xfxxxfl.exe
        
        c:\xfxxxfl.exe
        128⤵
        
        PID:1372
        
        \??\c:\ffrxrxr.exe
        
        c:\ffrxrxr.exe
        129⤵
        
        PID:232
        
        \??\c:\3xrllrr.exe
        
        c:\3xrllrr.exe
        130⤵
        
        PID:2060
        
        \??\c:\fxffxfx.exe
        
        c:\fxffxfx.exe
        131⤵
        
        PID:4036
        
        \??\c:\lrfxrrl.exe
        
        c:\lrfxrrl.exe
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
        
        \??\c:\xrrxrrr.exe
        
        c:\xrrxrrr.exe
        133⤵
        
        PID:2920
        
        \??\c:\rrrrllr.exe
        
        c:\rrrrllr.exe
        134⤵
        
        PID:4492
        
        \??\c:\frllfff.exe
        
        c:\frllfff.exe
        135⤵
        
        PID:2788
        
        \??\c:\xrffxff.exe
        
        c:\xrffxff.exe
        136⤵
        
        PID:2416
        
        \??\c:\rxlrfxl.exe
        
        c:\rxlrfxl.exe
        137⤵
        
        PID:4004
        
        \??\c:\rrxlffl.exe
        
        c:\rrxlffl.exe
        138⤵
        
        PID:2816
        
        \??\c:\rrrlrrx.exe
        
        c:\rrrlrrx.exe
        139⤵
        
        PID:220
        
        \??\c:\1lrlllr.exe
        
        c:\1lrlllr.exe
        140⤵
        
        PID:1464
        
        \??\c:\pdppj.exe
        
        c:\pdppj.exe
        141⤵
        
        PID:2808
        
        \??\c:\9pjdv.exe
        
        c:\9pjdv.exe
        142⤵
        
        PID:1224
        
        \??\c:\ppdvp.exe
        
        c:\ppdvp.exe
        143⤵
        
        PID:4276
        
        \??\c:\ddjjd.exe
        
        c:\ddjjd.exe
        144⤵
        
        PID:4140
        
        \??\c:\dppjd.exe
        
        c:\dppjd.exe
        145⤵
        
        PID:4872
        
        \??\c:\dvjdv.exe
        
        c:\dvjdv.exe
        146⤵
        
        PID:4620
        
        \??\c:\jpjjp.exe
        
        c:\jpjjp.exe
        147⤵
        
        PID:4448
        
        \??\c:\pdpvj.exe
        
        c:\pdpvj.exe
        148⤵
        
        PID:4252
        
        \??\c:\pjppj.exe
        
        c:\pjppj.exe
        149⤵
        
        PID:596
        
        \??\c:\pvvpj.exe
        
        c:\pvvpj.exe
        150⤵
        
        PID:4120
        
        \??\c:\jdppv.exe
        
        c:\jdppv.exe
        151⤵
        
        PID:1380
        
        \??\c:\djppp.exe
        
        c:\djppp.exe
        152⤵
        
        PID:1640
        
        \??\c:\ppppp.exe
        
        c:\ppppp.exe
        153⤵
        
        PID:5112
        
        \??\c:\bntbbn.exe
        
        c:\bntbbn.exe
        154⤵
        
        PID:3124
        
        \??\c:\tbhnhh.exe
        
        c:\tbhnhh.exe
        155⤵
        
        PID:116
        
        \??\c:\thttnh.exe
        
        c:\thttnh.exe
        156⤵
        
        PID:316
        
        \??\c:\nbthhb.exe
        
        c:\nbthhb.exe
        157⤵
        
        PID:4216
        
        \??\c:\ttntbt.exe
        
        c:\ttntbt.exe
        158⤵
        
        PID:1796
        
        \??\c:\nhbbbh.exe
        
        c:\nhbbbh.exe
        159⤵
        
        PID:2708
        
        \??\c:\nhtttn.exe
        
        c:\nhtttn.exe
        160⤵
        
        PID:3880
        
        \??\c:\thtbtt.exe
        
        c:\thtbtt.exe
        161⤵
        
        PID:2012
        
        \??\c:\tthhbb.exe
        
        c:\tthhbb.exe
        162⤵
        
        PID:2524
        
        \??\c:\3nhbhn.exe
        
        c:\3nhbhn.exe
        163⤵
        
        PID:1836
        
        \??\c:\nbbttb.exe
        
        c:\nbbttb.exe
        164⤵
        
        PID:3636
        
        \??\c:\btbttt.exe
        
        c:\btbttt.exe
        165⤵
        
        PID:1260
        
        \??\c:\rrfxfrx.exe
        
        c:\rrfxfrx.exe
        166⤵
        
        PID:3924
        
        \??\c:\bnnnnt.exe
        
        c:\bnnnnt.exe
        167⤵
        
        PID:3960
        
        \??\c:\lfrfffr.exe
        
        c:\lfrfffr.exe
        168⤵
        
        PID:1488
        
        \??\c:\hbnntt.exe
        
        c:\hbnntt.exe
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        \??\c:\nhhbbb.exe
        
        c:\nhhbbb.exe
        170⤵
        
        PID:4320
        
        \??\c:\hnbhbb.exe
        
        c:\hnbhbb.exe
        171⤵
        
        PID:336
        
        \??\c:\thhbtt.exe
        
        c:\thhbtt.exe
        172⤵
        
        PID:3424
        
        \??\c:\bbttnn.exe
        
        c:\bbttnn.exe
        173⤵
        
        PID:2744
        
        \??\c:\btbbnn.exe
        
        c:\btbbnn.exe
        174⤵
        
        PID:1616
        
        \??\c:\thnnnn.exe
        
        c:\thnnnn.exe
        175⤵
        
        PID:2056
        
        \??\c:\bbhhbb.exe
        
        c:\bbhhbb.exe
        176⤵
        
        PID:4520
        
        \??\c:\3nbtbh.exe
        
        c:\3nbtbh.exe
        177⤵
        
        PID:3396
        
        \??\c:\nthbtt.exe
        
        c:\nthbtt.exe
        178⤵
        
        PID:1304
        
        \??\c:\nhbhnh.exe
        
        c:\nhbhnh.exe
        179⤵
        
        PID:1136
        
        \??\c:\3pdpj.exe
        
        c:\3pdpj.exe
        180⤵
        
        PID:1608
        
        \??\c:\dvvpp.exe
        
        c:\dvvpp.exe
        181⤵
        
        PID:2064
        
        \??\c:\vppdv.exe
        
        c:\vppdv.exe
        182⤵
        
        PID:232
        
        \??\c:\dpvvd.exe
        
        c:\dpvvd.exe
        183⤵
        
        PID:2060
        
        \??\c:\pvjjd.exe
        
        c:\pvjjd.exe
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
        
        \??\c:\jvdvp.exe
        
        c:\jvdvp.exe
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
        
        \??\c:\hbnhbb.exe
        
        c:\hbnhbb.exe
        186⤵
        
        PID:3584
        
        \??\c:\pjvpp.exe
        
        c:\pjvpp.exe
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
        
        \??\c:\jvjjd.exe
        
        c:\jvjjd.exe
        188⤵
        
        PID:3384
        
        \??\c:\bthbbb.exe
        
        c:\bthbbb.exe
        189⤵
        
        PID:4488
        
        \??\c:\tttttt.exe
        
        c:\tttttt.exe
        190⤵
        
        PID:940
        
        \??\c:\vvvjj.exe
        
        c:\vvvjj.exe
        191⤵
        
        PID:4368
        
        \??\c:\hnnnnn.exe
        
        c:\hnnnnn.exe
        192⤵
        
        PID:2156
        
        \??\c:\1bhbtn.exe
        
        c:\1bhbtn.exe
        193⤵
        
        PID:4300
        
        \??\c:\hbnnhh.exe
        
        c:\hbnnhh.exe
        194⤵
        
        PID:3168
        
        \??\c:\jjppj.exe
        
        c:\jjppj.exe
        195⤵
        
        PID:3760
        
        \??\c:\ttnnhb.exe
        
        c:\ttnnhb.exe
        196⤵
        
        PID:1140
        
        \??\c:\hhhhbh.exe
        
        c:\hhhhbh.exe
        197⤵
        
        PID:544
        
        \??\c:\5hhnhn.exe
        
        c:\5hhnhn.exe
        198⤵
        
        PID:3936
        
        \??\c:\bhnnht.exe
        
        c:\bhnnht.exe
        199⤵
        
        PID:540
        
        \??\c:\nhtnhh.exe
        
        c:\nhtnhh.exe
        200⤵
        
        PID:2276
        
        \??\c:\nbhhbb.exe
        
        c:\nbhhbb.exe
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
        
        \??\c:\tnbtnn.exe
        
        c:\tnbtnn.exe
        202⤵
        
        PID:4464
        
        \??\c:\nntbbn.exe
        
        c:\nntbbn.exe
        203⤵
        
        PID:2924
        
        \??\c:\nbttbh.exe
        
        c:\nbttbh.exe
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        \??\c:\lrrlflf.exe
        
        c:\lrrlflf.exe
        205⤵
        
        PID:1156
        
        \??\c:\rlxxrrl.exe
        
        c:\rlxxrrl.exe
        206⤵
        
        PID:4580
        
        \??\c:\lxfrllf.exe
        
        c:\lxfrllf.exe
        207⤵
        
        PID:1348
        
        \??\c:\rxxflrr.exe
        
        c:\rxxflrr.exe
        208⤵
        
        PID:2964
        
        \??\c:\xfxxxxx.exe
        
        c:\xfxxxxx.exe
        209⤵
        
        PID:3920
        
        \??\c:\xflllrr.exe
        
        c:\xflllrr.exe
        210⤵
        
        PID:4216
        
        \??\c:\llrlflr.exe
        
        c:\llrlflr.exe
        211⤵
        
        PID:2492
        
        \??\c:\7xxrllf.exe
        
        c:\7xxrllf.exe
        212⤵
        
        PID:1796
        
        \??\c:\llrrrrx.exe
        
        c:\llrrrrx.exe
        213⤵
        
        PID:5040
        
        \??\c:\ffrffll.exe
        
        c:\ffrffll.exe
        214⤵
        
        PID:3880
        
        \??\c:\xfffffr.exe
        
        c:\xfffffr.exe
        215⤵
        
        PID:2012
        
        \??\c:\lfrrxrx.exe
        
        c:\lfrrxrx.exe
        216⤵
        
        PID:2632
        
        \??\c:\rlrrlll.exe
        
        c:\rlrrlll.exe
        217⤵
        
        PID:2676
        
        \??\c:\rlxxffl.exe
        
        c:\rlxxffl.exe
        218⤵
        
        PID:1740
        
        \??\c:\lflxxxr.exe
        
        c:\lflxxxr.exe
        219⤵
        
        PID:3752
        
        \??\c:\rfrxrrr.exe
        
        c:\rfrxrrr.exe
        220⤵
        
        PID:3652
        
        \??\c:\xrfrxll.exe
        
        c:\xrfrxll.exe
        221⤵
        
        PID:3476
        
        \??\c:\xxrflll.exe
        
        c:\xxrflll.exe
        222⤵
        
        PID:4812
        
        \??\c:\1ffxrlf.exe
        
        c:\1ffxrlf.exe
        223⤵
        
        PID:3428
        
        \??\c:\9rfxxfx.exe
        
        c:\9rfxxfx.exe
        224⤵
        
        PID:3364
        
        \??\c:\rlxrrrl.exe
        
        c:\rlxrrrl.exe
        225⤵
        
        PID:2904
        
        \??\c:\lrlfxrf.exe
        
        c:\lrlfxrf.exe
        226⤵
        
        PID:4376
        
        \??\c:\3xffxrl.exe
        
        c:\3xffxrl.exe
        227⤵
        
        PID:3216
        
        \??\c:\dvvpp.exe
        
        c:\dvvpp.exe
        228⤵
        
        PID:3144
        
        \??\c:\3dvvp.exe
        
        c:\3dvvp.exe
        229⤵
        
        PID:3400
        
        \??\c:\lfflxxx.exe
        
        c:\lfflxxx.exe
        230⤵
        
        PID:4544
        
        \??\c:\jpjdv.exe
        
        c:\jpjdv.exe
        231⤵
        
        PID:3396
        
        \??\c:\9vjjd.exe
        
        c:\9vjjd.exe
        232⤵
        
        PID:3680
        
        \??\c:\frflflx.exe
        
        c:\frflflx.exe
        233⤵
        
        PID:1136
        
        \??\c:\vjppp.exe
        
        c:\vjppp.exe
        234⤵
        
        PID:1608
        
        \??\c:\ddjdv.exe
        
        c:\ddjdv.exe
        235⤵
        
        PID:1192
        
        \??\c:\7flfxfx.exe
        
        c:\7flfxfx.exe
        236⤵
        
        PID:2324
        
        \??\c:\rlllrrr.exe
        
        c:\rlllrrr.exe
        237⤵
        
        PID:516
        
        \??\c:\ffxrrrl.exe
        
        c:\ffxrrrl.exe
        238⤵
        
        PID:232
        
        \??\c:\flrrrff.exe
        
        c:\flrrrff.exe
        239⤵
        
        PID:2060
        
        \??\c:\3rlfllr.exe
        
        c:\3rlfllr.exe
        240⤵
        
        PID:2920
        
        \??\c:\nhhhhn.exe
        
        c:\nhhhhn.exe
        241⤵
        
        PID:1996
        
        \??\c:\btbhht.exe
        
        c:\btbhht.exe
        242⤵
        
        PID:812
        
        \??\c:\bthhbt.exe
        
        c:\bthhbt.exe
        243⤵
        
        PID:2416
        
        \??\c:\llrlffx.exe
        
        c:\llrlffx.exe
        244⤵
        
        PID:3948
        
        \??\c:\htbbbb.exe
        
        c:\htbbbb.exe
        245⤵
        
        PID:4156
        
        \??\c:\xrxxrrr.exe
        
        c:\xrxxrrr.exe
        246⤵
        
        PID:940
        
        \??\c:\lllxxxr.exe
        
        c:\lllxxxr.exe
        247⤵
        
        PID:4368
        
        \??\c:\rlrrrrr.exe
        
        c:\rlrrrrr.exe
        248⤵
        
        PID:4352
        
        \??\c:\thhnnn.exe
        
        c:\thhnnn.exe
        249⤵
        
        PID:4300
        
        \??\c:\nntnbh.exe
        
        c:\nntnbh.exe
        250⤵
        
        PID:3168
        
        \??\c:\7bhhhh.exe
        
        c:\7bhhhh.exe
        251⤵
        
        PID:4276
        
        \??\c:\bhnnnt.exe
        
        c:\bhnnnt.exe
        252⤵
        
        PID:4828
        
        \??\c:\bntbbh.exe
        
        c:\bntbbh.exe
        253⤵
        
        PID:4872
        
        \??\c:\ttbtnn.exe
        
        c:\ttbtnn.exe
        254⤵
        
        PID:744
        
        \??\c:\nbhbnn.exe
        
        c:\nbhbnn.exe
        255⤵
        
        PID:4448
        
        \??\c:\7bbbtt.exe
        
        c:\7bbbtt.exe
        256⤵
        
        PID:836
        
        \??\c:\hbnnnb.exe
        
        c:\hbnnnb.exe
        257⤵
        
        PID:4988
        
        \??\c:\hhnhhb.exe
        
        c:\hhnhhb.exe
        258⤵
        
        PID:4464
        
        \??\c:\lfxrlll.exe
        
        c:\lfxrlll.exe
        259⤵
        
        PID:4604
        
        \??\c:\hbbbtt.exe
        
        c:\hbbbtt.exe
        260⤵
        
        PID:4724
        
        \??\c:\bnhbnt.exe
        
        c:\bnhbnt.exe
        261⤵
        
        PID:4924
        
        \??\c:\xrxxrrl.exe
        
        c:\xrxxrrl.exe
        262⤵
        
        PID:412
        
        \??\c:\rxllxff.exe
        
        c:\rxllxff.exe
        263⤵
        
        PID:1348
        
        \??\c:\fxxxrlf.exe
        
        c:\fxxxrlf.exe
        264⤵
        
        PID:2452
        
        \??\c:\5flfrrl.exe
        
        c:\5flfrrl.exe
        265⤵
        
        PID:4668
        
        \??\c:\xxfflrx.exe
        
        c:\xxfflrx.exe
        266⤵
        
        PID:4256
        
        \??\c:\lfxrrrr.exe
        
        c:\lfxrrrr.exe
        267⤵
        
        PID:3668
        
        \??\c:\flrrllf.exe
        
        c:\flrrllf.exe
        268⤵
        
        PID:4504
        
        \??\c:\xrfxxxr.exe
        
        c:\xrfxxxr.exe
        269⤵
        
        PID:3536
        
        \??\c:\rllffxf.exe
        
        c:\rllffxf.exe
        270⤵
        
        PID:2092
        
        \??\c:\fxlffff.exe
        
        c:\fxlffff.exe
        271⤵
        
        PID:3644
        
        \??\c:\7xxrxxr.exe
        
        c:\7xxrxxr.exe
        272⤵
        
        PID:2280
        
        \??\c:\lfffxff.exe
        
        c:\lfffxff.exe
        273⤵
        
        PID:2000
        
        \??\c:\3rrlfxx.exe
        
        c:\3rrlfxx.exe
        274⤵
        
        PID:4060
        
        \??\c:\xxfxrxx.exe
        
        c:\xxfxrxx.exe
        275⤵
        
        PID:4608
        
        \??\c:\llffxlr.exe
        
        c:\llffxlr.exe
        276⤵
        
        PID:3488
        
        \??\c:\lrxfffl.exe
        
        c:\lrxfffl.exe
        277⤵
        
        PID:1612
        
        \??\c:\rlrlrrr.exe
        
        c:\rlrlrrr.exe
        278⤵
        
        PID:1488
        
        \??\c:\xrllflf.exe
        
        c:\xrllflf.exe
        279⤵
        
        PID:4860
        
        \??\c:\rxxxrrl.exe
        
        c:\rxxxrrl.exe
        280⤵
        
        PID:4320
        
        \??\c:\frlfffx.exe
        
        c:\frlfffx.exe
        281⤵
        
        PID:3292
        
        \??\c:\fxfxrrl.exe
        
        c:\fxfxrrl.exe
        282⤵
        
        PID:3096
        
        \??\c:\lrxrrrx.exe
        
        c:\lrxrrrx.exe
        283⤵
        
        PID:3508
        
        \??\c:\rfrlffx.exe
        
        c:\rfrlffx.exe
        284⤵
        
        PID:4904
        
        \??\c:\5rlxrlf.exe
        
        c:\5rlxrlf.exe
        285⤵
        
        PID:5012
        
        \??\c:\xfffffx.exe
        
        c:\xfffffx.exe
        286⤵
        
        PID:1028
        
        \??\c:\frxrlxl.exe
        
        c:\frxrlxl.exe
        287⤵
        
        PID:1304
        
        \??\c:\lrrllff.exe
        
        c:\lrrllff.exe
        288⤵
        
        PID:1200
        
        \??\c:\7fxrxxf.exe
        
        c:\7fxrxxf.exe
        289⤵
        
        PID:3088
        
        \??\c:\lfllllf.exe
        
        c:\lfllllf.exe
        290⤵
        
        PID:1172
        
        \??\c:\xrxxxxx.exe
        
        c:\xrxxxxx.exe
        291⤵
        
        PID:3420
        
        \??\c:\flrffxx.exe
        
        c:\flrffxx.exe
        292⤵
        
        PID:660
        
        \??\c:\7ffrflf.exe
        
        c:\7ffrflf.exe
        293⤵
        
        PID:1628
        
        \??\c:\xxlfxxr.exe
        
        c:\xxlfxxr.exe
        294⤵
        
        PID:1120
        
        \??\c:\xxfxfff.exe
        
        c:\xxfxfff.exe
        295⤵
        
        PID:3988
        
        \??\c:\ffxxflx.exe
        
        c:\ffxxflx.exe
        296⤵
        
        PID:460
        
        \??\c:\fxrlllf.exe
        
        c:\fxrlllf.exe
        297⤵
        
        PID:4224
        
        \??\c:\lrlrfll.exe
        
        c:\lrlrfll.exe
        298⤵
        
        PID:4112
        
        \??\c:\9fxrllx.exe
        
        c:\9fxrllx.exe
        299⤵
        
        PID:676
        
        \??\c:\lxlfxxr.exe
        
        c:\lxlfxxr.exe
        300⤵
        
        PID:4516
        
        \??\c:\fxxfllx.exe
        
        c:\fxxfllx.exe
        301⤵
        
        PID:2192
        
        \??\c:\lflfffl.exe
        
        c:\lflfffl.exe
        302⤵
        
        PID:2812
        
        \??\c:\7rxrllf.exe
        
        c:\7rxrllf.exe
        303⤵
        
        PID:4612
        
        \??\c:\lrrrllf.exe
        
        c:\lrrrllf.exe
        304⤵
        
        PID:2556
        
        \??\c:\jvdpp.exe
        
        c:\jvdpp.exe
        305⤵
        
        PID:2356
        
        \??\c:\1pdvp.exe
        
        c:\1pdvp.exe
        306⤵
        
        PID:3416
        
        \??\c:\5rlffff.exe
        
        c:\5rlffff.exe
        307⤵
        
        PID:4316
        
        \??\c:\ppdvv.exe
        
        c:\ppdvv.exe
        308⤵
        
        PID:4852
        
        \??\c:\dvvvp.exe
        
        c:\dvvvp.exe
        309⤵
        
        PID:1572
        
        \??\c:\ppddp.exe
        
        c:\ppddp.exe
        310⤵
        
        PID:4864
        
        \??\c:\ppjvj.exe
        
        c:\ppjvj.exe
        311⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
        
        \??\c:\ppdpp.exe
        
        c:\ppdpp.exe
        312⤵
        
        PID:2276
        
        \??\c:\vpddv.exe
        
        c:\vpddv.exe
        313⤵
        
        PID:4388
        
        \??\c:\dvpjp.exe
        
        c:\dvpjp.exe
        314⤵
        
        PID:4120
        
        \??\c:\jjpdd.exe
        
        c:\jjpdd.exe
        315⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        \??\c:\ddpvv.exe
        
        c:\ddpvv.exe
        316⤵
        
        PID:2136
        
        \??\c:\jjppp.exe
        
        c:\jjppp.exe
        317⤵
        
        PID:3884
        
        \??\c:\jjddd.exe
        
        c:\jjddd.exe
        318⤵
        
        PID:4596
        
        \??\c:\pjppj.exe
        
        c:\pjppj.exe
        319⤵
        
        PID:1988
        
        \??\c:\9jvpj.exe
        
        c:\9jvpj.exe
        320⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        \??\c:\hnbbhn.exe
        
        c:\hnbbhn.exe
        321⤵
        
        PID:3920
        
        \??\c:\vpdvv.exe
        
        c:\vpdvv.exe
        322⤵
        
        PID:184
        
        \??\c:\pdpdv.exe
        
        c:\pdpdv.exe
        323⤵
        
        PID:2400
        
        \??\c:\tnnhnt.exe
        
        c:\tnnhnt.exe
        324⤵
        
        PID:1356
        
        \??\c:\nhnnhh.exe
        
        c:\nhnnhh.exe
        325⤵
        
        PID:552
        
        \??\c:\jjdpp.exe
        
        c:\jjdpp.exe
        326⤵
        
        PID:1720
        
        \??\c:\ddddv.exe
        
        c:\ddddv.exe
        327⤵
        
        PID:3880
        
        \??\c:\ddjdv.exe
        
        c:\ddjdv.exe
        328⤵
        
        PID:1404
        
        \??\c:\tnhhbb.exe
        
        c:\tnhhbb.exe
        329⤵
        
        PID:3580
        
        \??\c:\nnnhbt.exe
        
        c:\nnnhbt.exe
        330⤵
        
        PID:2676
        
        \??\c:\nnhbnh.exe
        
        c:\nnhbnh.exe
        331⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        \??\c:\hhbbbh.exe
        
        c:\hhbbbh.exe
        332⤵
        
        PID:4228
        
        \??\c:\nthbbb.exe
        
        c:\nthbbb.exe
        333⤵
        
        PID:2620
        
        \??\c:\hthbbb.exe
        
        c:\hthbbb.exe
        334⤵
        
        PID:2440
        
        \??\c:\3hnnhn.exe
        
        c:\3hnnhn.exe
        335⤵
        
        PID:1612
        
        \??\c:\ttnhbb.exe
        
        c:\ttnhbb.exe
        336⤵
        
        PID:3428
        
        \??\c:\nbhttt.exe
        
        c:\nbhttt.exe
        337⤵
        
        PID:4848
        
        \??\c:\bbnhbt.exe
        
        c:\bbnhbt.exe
        338⤵
        
        PID:1780
        
        \??\c:\lrlfrrf.exe
        
        c:\lrlfrrf.exe
        339⤵
        
        PID:4484
        
        \??\c:\ttnntt.exe
        
        c:\ttnntt.exe
        340⤵
        
        PID:1984
        
        \??\c:\frxrxxr.exe
        
        c:\frxrxxr.exe
        341⤵
        
        PID:1032
        
        \??\c:\rflfxfx.exe
        
        c:\rflfxfx.exe
        342⤵
        
        PID:5000
        
        \??\c:\rlfrrrr.exe
        
        c:\rlfrrrr.exe
        343⤵
        
        PID:1816
        
        \??\c:\fflffxx.exe
        
        c:\fflffxx.exe
        344⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        \??\c:\rlxxrrr.exe
        
        c:\rlxxrrr.exe
        345⤵
        
        PID:1304
        
        \??\c:\dvpjd.exe
        
        c:\dvpjd.exe
        346⤵
        
        PID:1200
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        347⤵
        
        PID:4536
        
        \??\c:\1vpdv.exe
        
        c:\1vpdv.exe
        348⤵
        
        PID:472
        
        \??\c:\dddvv.exe
        
        c:\dddvv.exe
        349⤵
        
        PID:3980
        
        \??\c:\jdjvv.exe
        
        c:\jdjvv.exe
        350⤵
        
        PID:3048
        
        \??\c:\ddpjd.exe
        
        c:\ddpjd.exe
        351⤵
        
        PID:2868
        
        \??\c:\tnbtnn.exe
        
        c:\tnbtnn.exe
        352⤵
        
        PID:4636
        
        \??\c:\hnnhbh.exe
        
        c:\hnnhbh.exe
        353⤵
        
        PID:3988
        
        \??\c:\nbnhhb.exe
        
        c:\nbnhhb.exe
        354⤵
        
        PID:460
        
        \??\c:\nnnhhh.exe
        
        c:\nnnhhh.exe
        355⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
        
        \??\c:\bbttbh.exe
        
        c:\bbttbh.exe
        356⤵
        
        PID:1920
        
        \??\c:\ntbbtt.exe
        
        c:\ntbbtt.exe
        357⤵
        
        PID:1524
        
        \??\c:\1tbbhh.exe
        
        c:\1tbbhh.exe
        358⤵
        
        PID:4164
        
        \??\c:\hhntnn.exe
        
        c:\hhntnn.exe
        359⤵
        
        PID:3968
        
        \??\c:\xffxrrl.exe
        
        c:\xffxrrl.exe
        360⤵
        
        PID:2848
        
        \??\c:\lxlxrrl.exe
        
        c:\lxlxrrl.exe
        361⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
        
        \??\c:\rxfllrx.exe
        
        c:\rxfllrx.exe
        362⤵
        
        PID:2556
        
        \??\c:\xxrlxfr.exe
        
        c:\xxrlxfr.exe
        363⤵
        
        PID:3308
        
        \??\c:\lxrllxx.exe
        
        c:\lxrllxx.exe
        364⤵
        
        PID:3416
        
        \??\c:\tbbttn.exe
        
        c:\tbbttn.exe
        365⤵
        
        PID:1272
        
        \??\c:\btbbtt.exe
        
        c:\btbbtt.exe
        366⤵
        
        PID:4852
        
        \??\c:\ttnnhh.exe
        
        c:\ttnnhh.exe
        367⤵
        
        PID:956
        
        \??\c:\lxllfff.exe
        
        c:\lxllfff.exe
        368⤵
        
        PID:2068
        
        \??\c:\xlrrrrr.exe
        
        c:\xlrrrrr.exe
        369⤵
        
        PID:4252
        
        \??\c:\lxffxff.exe
        
        c:\lxffxff.exe
        370⤵
        
        PID:2276
        
        \??\c:\xxllflf.exe
        
        c:\xxllflf.exe
        371⤵
        
        PID:4388
        
        \??\c:\ntnbnh.exe
        
        c:\ntnbnh.exe
        372⤵
        
        PID:4120
        
        \??\c:\btbbhh.exe
        
        c:\btbbhh.exe
        373⤵
        
        PID:4604
        
        \??\c:\bnhhht.exe
        
        c:\bnhhht.exe
        374⤵
        
        PID:4724
        
        \??\c:\bhtttb.exe
        
        c:\bhtttb.exe
        375⤵
        
        PID:468
        
        \??\c:\tnbbbh.exe
        
        c:\tnbbbh.exe
        376⤵
        
        PID:4596
        
        \??\c:\rlxrlrr.exe
        
        c:\rlxrlrr.exe
        377⤵
        
        PID:1988
        
        \??\c:\hbnhbb.exe
        
        c:\hbnhbb.exe
        378⤵
        
        PID:3848
        
        \??\c:\5fxrrrl.exe
        
        c:\5fxrrrl.exe
        379⤵
        
        PID:3528
        
        \??\c:\ttbhhh.exe
        
        c:\ttbhhh.exe
        380⤵
        
        PID:4668
        
        \??\c:\bbtnhb.exe
        
        c:\bbtnhb.exe
        381⤵
        
        PID:388
        
        \??\c:\lxrrrrr.exe
        
        c:\lxrrrrr.exe
        382⤵
        
        PID:3120
        
        \??\c:\bbhhhn.exe
        
        c:\bbhhhn.exe
        383⤵
        
        PID:5040
        
        \??\c:\xxrrflx.exe
        
        c:\xxrrflx.exe
        384⤵
        
        PID:3992
        
        \??\c:\xxffxxx.exe
        
        c:\xxffxxx.exe
        385⤵
        
        PID:1600
        
        \??\c:\lrrrllr.exe
        
        c:\lrrrllr.exe
        386⤵
        
        PID:3644
        
        \??\c:\xlxxrrl.exe
        
        c:\xlxxrrl.exe
        387⤵
        
        PID:3464
        
        \??\c:\7ffffll.exe
        
        c:\7ffffll.exe
        388⤵
        
        PID:3012
        
        \??\c:\5lffxfx.exe
        
        c:\5lffxfx.exe
        389⤵
        
        PID:4736
        
        \??\c:\xrrllrr.exe
        
        c:\xrrllrr.exe
        390⤵
        
        PID:3652
        
        \??\c:\flxxfff.exe
        
        c:\flxxfff.exe
        391⤵
        
        PID:420
        
        \??\c:\xxllllr.exe
        
        c:\xxllllr.exe
        392⤵
        
        PID:4728
        
        \??\c:\rfrrlrr.exe
        
        c:\rfrrlrr.exe
        393⤵
        
        PID:3068
        
        \??\c:\flxllrr.exe
        
        c:\flxllrr.exe
        394⤵
        
        PID:4476
        
        \??\c:\rrllfff.exe
        
        c:\rrllfff.exe
        395⤵
        
        PID:2172
        
        \??\c:\vvjvd.exe
        
        c:\vvjvd.exe
        396⤵
        
        PID:4916
        
        \??\c:\pvppd.exe
        
        c:\pvppd.exe
        397⤵
        
        PID:3096
        
        \??\c:\pppjd.exe
        
        c:\pppjd.exe
        398⤵
        
        PID:3144
        
        \??\c:\jdvdj.exe
        
        c:\jdvdj.exe
        399⤵
        
        PID:3656
        
        \??\c:\djdjj.exe
        
        c:\djdjj.exe
        400⤵
        
        PID:4544
        
        \??\c:\vdpjd.exe
        
        c:\vdpjd.exe
        401⤵
        
        PID:2996
        
        \??\c:\vpvpp.exe
        
        c:\vpvpp.exe
        402⤵
        
        PID:3356
        
        \??\c:\tbbttt.exe
        
        c:\tbbttt.exe
        403⤵
        
        PID:1304
        
        \??\c:\jjppp.exe
        
        c:\jjppp.exe
        404⤵
        
        PID:1608
        
        \??\c:\vvppj.exe
        
        c:\vvppj.exe
        405⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
        
        \??\c:\tbnnnn.exe
        
        c:\tbnnnn.exe
        406⤵
        
        PID:1248
        
        \??\c:\vvvvd.exe
        
        c:\vvvvd.exe
        407⤵
        
        PID:1036
        
        \??\c:\pvvpj.exe
        
        c:\pvvpj.exe
        408⤵
        
        PID:232
        
        \??\c:\bthhnt.exe
        
        c:\bthhnt.exe
        409⤵
        
        PID:4900
        
        \??\c:\jddpj.exe
        
        c:\jddpj.exe
        410⤵
        
        PID:4188
        
        \??\c:\dvdvv.exe
        
        c:\dvdvv.exe
        411⤵
        
        PID:1768
        
        \??\c:\xlffrxf.exe
        
        c:\xlffrxf.exe
        412⤵
        
        PID:4940
        
        \??\c:\lxxrllf.exe
        
        c:\lxxrllf.exe
        413⤵
        
        PID:4492
        
        \??\c:\lxrrlfx.exe
        
        c:\lxrrlfx.exe
        414⤵
        
        PID:4748
        
        \??\c:\1pdvj.exe
        
        c:\1pdvj.exe
        415⤵
        
        PID:4876
        
        \??\c:\jvdpj.exe
        
        c:\jvdpj.exe
        416⤵
        
        PID:1716
        
        \??\c:\djvvd.exe
        
        c:\djvvd.exe
        417⤵
        
        PID:4368
        
        \??\c:\jpddv.exe
        
        c:\jpddv.exe
        418⤵
        
        PID:5060
        
        \??\c:\xrxrlxr.exe
        
        c:\xrxrlxr.exe
        419⤵
        
        PID:4340
        
        \??\c:\jvjdv.exe
        
        c:\jvjdv.exe
        420⤵
        
        PID:1140
        
        \??\c:\lxfxxxr.exe
        
        c:\lxfxxxr.exe
        421⤵
        
        PID:4508
        
        \??\c:\rrxxffx.exe
        
        c:\rrxxffx.exe
        422⤵
        
        PID:3200
        
        \??\c:\9xxrrrl.exe
        
        c:\9xxrrrl.exe
        423⤵
        
        PID:4872
        
        \??\c:\lrffxfx.exe
        
        c:\lrffxfx.exe
        424⤵
        
        PID:4824
        
        \??\c:\rfrlllf.exe
        
        c:\rfrlllf.exe
        425⤵
        
        PID:3408
        
        \??\c:\rlrlffx.exe
        
        c:\rlrlffx.exe
        426⤵
        
        PID:1516
        
        \??\c:\fxlllrl.exe
        
        c:\fxlllrl.exe
        427⤵
        
        PID:4988
        
        \??\c:\llrfxff.exe
        
        c:\llrfxff.exe
        428⤵
        
        PID:4464
        
        \??\c:\rxffxxl.exe
        
        c:\rxffxxl.exe
        429⤵
        
        PID:1656
        
        \??\c:\lllffff.exe
        
        c:\lllffff.exe
        430⤵
        
        PID:4212
        
        \??\c:\lrffxxx.exe
        
        c:\lrffxxx.exe
        431⤵
        
        PID:628
        
        \??\c:\rllllfx.exe
        
        c:\rllllfx.exe
        432⤵
        
        PID:412
        
        \??\c:\rflffxr.exe
        
        c:\rflffxr.exe
        433⤵
        
        PID:4000
        
        \??\c:\lrxlrrr.exe
        
        c:\lrxlrrr.exe
        434⤵
        
        PID:4216
        
        \??\c:\5fxrrrl.exe
        
        c:\5fxrrrl.exe
        435⤵
        
        PID:4892
        
        \??\c:\dddvp.exe
        
        c:\dddvp.exe
        436⤵
        
        PID:2596
        
        \??\c:\xllxffx.exe
        
        c:\xllxffx.exe
        437⤵
        
        PID:3668
        
        \??\c:\rfrrllf.exe
        
        c:\rfrrllf.exe
        438⤵
        
        PID:4504
        
        \??\c:\rlrrlfx.exe
        
        c:\rlrrlfx.exe
        439⤵
        
        PID:2524
        
        \??\c:\1lffllx.exe
        
        c:\1lffllx.exe
        440⤵
        
        PID:3100
        
        \??\c:\frxfxfx.exe
        
        c:\frxfxfx.exe
        441⤵
        
        PID:4984
        
        \??\c:\xlxllfx.exe
        
        c:\xlxllfx.exe
        442⤵
        
        PID:3880
        
        \??\c:\3flffff.exe
        
        c:\3flffff.exe
        443⤵
        
        PID:3636
        
        \??\c:\lfllfxr.exe
        
        c:\lfllfxr.exe
        444⤵
        
        PID:2240
        
        \??\c:\lfxxlfx.exe
        
        c:\lfxxlfx.exe
        445⤵
        
        PID:368
        
        \??\c:\rfrrllf.exe
        
        c:\rfrrllf.exe
        446⤵
        
        PID:2940
        
        \??\c:\ddpdp.exe
        
        c:\ddpdp.exe
        447⤵
        
        PID:3488
        
        \??\c:\7xxrxrr.exe
        
        c:\7xxrxrr.exe
        448⤵
        
        PID:4812
        
        \??\c:\xrrxfrx.exe
        
        c:\xrrxfrx.exe
        449⤵
        
        PID:3172
        
        \??\c:\lflrrrr.exe
        
        c:\lflrrrr.exe
        450⤵
        
        PID:3612
        
        \??\c:\fxfxrxx.exe
        
        c:\fxfxrxx.exe
        451⤵
        
        PID:4320
        
        \??\c:\flfxxrx.exe
        
        c:\flfxxrx.exe
        452⤵
        
        PID:4376
        
        \??\c:\llffxfr.exe
        
        c:\llffxfr.exe
        453⤵
        
        PID:2056
        
        \??\c:\jpppj.exe
        
        c:\jpppj.exe
        454⤵
        
        PID:4484
        
        \??\c:\ddddd.exe
        
        c:\ddddd.exe
        455⤵
        
        PID:1984
        
        \??\c:\pjdjj.exe
        
        c:\pjdjj.exe
        456⤵
        
        PID:5012
        
        \??\c:\vpppj.exe
        
        c:\vpppj.exe
        457⤵
        
        PID:1028
        
        \??\c:\3vvvj.exe
        
        c:\3vvvj.exe
        458⤵
        
        PID:2680
        
        \??\c:\jjppj.exe
        
        c:\jjppj.exe
        459⤵
        
        PID:4496
        
        \??\c:\jdjpv.exe
        
        c:\jdjpv.exe
        460⤵
        
        PID:1204
        
        \??\c:\jdpvp.exe
        
        c:\jdpvp.exe
        461⤵
        
        PID:1172
        
        \??\c:\pjvpp.exe
        
        c:\pjvpp.exe
        462⤵
        
        PID:1608
        
        \??\c:\djpjd.exe
        
        c:\djpjd.exe
        463⤵
        
        PID:4536
        
        \??\c:\pvjjd.exe
        
        c:\pvjjd.exe
        464⤵
        
        PID:1248
        
        \??\c:\vvvvp.exe
        
        c:\vvvvp.exe
        465⤵
        
        PID:1036
        
        \??\c:\1vdvp.exe
        
        c:\1vdvp.exe
        466⤵
        
        PID:3080
        
        \??\c:\hhhbhb.exe
        
        c:\hhhbhb.exe
        467⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
        
        \??\c:\htbtnn.exe
        
        c:\htbtnn.exe
        468⤵
        
        PID:3988
        
        \??\c:\tnnnhh.exe
        
        c:\tnnnhh.exe
        469⤵
        
        PID:1684
        
        \??\c:\bnbtbt.exe
        
        c:\bnbtbt.exe
        470⤵
        
        PID:1432
        
        \??\c:\bbtttt.exe
        
        c:\bbtttt.exe
        471⤵
        
        PID:4516
        
        \??\c:\bttnhb.exe
        
        c:\bttnhb.exe
        472⤵
        
        PID:1524
        
        \??\c:\nhnnhh.exe
        
        c:\nhnnhh.exe
        473⤵
        
        PID:4308
        
        \??\c:\bhnnhh.exe
        
        c:\bhnnhh.exe
        474⤵
        
        PID:3968
        
        \??\c:\bnttbh.exe
        
        c:\bnttbh.exe
        475⤵
        
        PID:4392
        
        \??\c:\hbhbtt.exe
        
        c:\hbhbtt.exe
        476⤵
        
        PID:4304
        
        \??\c:\ttbbbb.exe
        
        c:\ttbbbb.exe
        477⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        \??\c:\hnnnnt.exe
        
        c:\hnnnnt.exe
        478⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        \??\c:\hhtnhn.exe
        
        c:\hhtnhn.exe
        479⤵
        
        PID:1272
        
        \??\c:\ttntnt.exe
        
        c:\ttntnt.exe
        480⤵
        
        PID:4852
        
        \??\c:\nhnhnh.exe
        
        c:\nhnhnh.exe
        481⤵
        
        PID:1008
        
        \??\c:\ttbbbt.exe
        
        c:\ttbbbt.exe
        482⤵
        
        PID:596
        
        \??\c:\tthnht.exe
        
        c:\tthnht.exe
        483⤵
        
        PID:836
        
        \??\c:\bttbhn.exe
        
        c:\bttbhn.exe
        484⤵
        
        PID:2276
        
        \??\c:\btnhbn.exe
        
        c:\btnhbn.exe
        485⤵
        
        PID:2444
        
        \??\c:\nnbbbb.exe
        
        c:\nnbbbb.exe
        486⤵
        
        PID:4988
        
        \??\c:\bbnnnt.exe
        
        c:\bbnnnt.exe
        487⤵
        
        PID:4464
        
        \??\c:\hnnbtn.exe
        
        c:\hnnbtn.exe
        488⤵
        
        PID:1656
        
        \??\c:\hnnhbb.exe
        
        c:\hnnhbb.exe
        489⤵
        
        PID:4212
        
        \??\c:\tnnhbn.exe
        
        c:\tnnhbn.exe
        490⤵
        
        PID:732
        
        \??\c:\jdvpd.exe
        
        c:\jdvpd.exe
        491⤵
        
        PID:4328
        
        \??\c:\pdjjj.exe
        
        c:\pdjjj.exe
        492⤵
        
        PID:3708
        
        \??\c:\djjpv.exe
        
        c:\djjpv.exe
        493⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
        
        \??\c:\dvjpj.exe
        
        c:\dvjpj.exe
        494⤵
        
        PID:4256
        
        \??\c:\jjjjd.exe
        
        c:\jjjjd.exe
        495⤵
        
        PID:3588
        
        \??\c:\jdpvv.exe
        
        c:\jdpvv.exe
        496⤵
        
        PID:3516
        
        \??\c:\dpvpp.exe
        
        c:\dpvpp.exe
        497⤵
        
        PID:3668
        
        \??\c:\jppjd.exe
        
        c:\jppjd.exe
        498⤵
        
        PID:2728
        
        \??\c:\pjppj.exe
        
        c:\pjppj.exe
        499⤵
        
        PID:2012
        
        \??\c:\ppjdd.exe
        
        c:\ppjdd.exe
        500⤵
        
        PID:3100
        
        \??\c:\5jppj.exe
        
        c:\5jppj.exe
        501⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
        
        \??\c:\jpddd.exe
        
        c:\jpddd.exe
        502⤵
        
        PID:840
        
        \??\c:\9pjdv.exe
        
        c:\9pjdv.exe
        503⤵
        
        PID:2000
        
        \??\c:\jdddv.exe
        
        c:\jdddv.exe
        504⤵
        
        PID:3960
        
        \??\c:\dvddd.exe
        
        c:\dvddd.exe
        505⤵
        
        PID:4060
        
        \??\c:\vpjjj.exe
        
        c:\vpjjj.exe
        506⤵
        
        PID:1720
        
        \??\c:\vjvvd.exe
        
        c:\vjvvd.exe
        507⤵
        
        PID:2620
        
        \??\c:\vvppv.exe
        
        c:\vvppv.exe
        508⤵
        
        PID:2692
        
        \??\c:\9jjdv.exe
        
        c:\9jjdv.exe
        509⤵
        
        PID:4588
        
        \??\c:\pdpvv.exe
        
        c:\pdpvv.exe
        510⤵
        
        PID:3068
        
        \??\c:\vpdjj.exe
        
        c:\vpdjj.exe
        511⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        \??\c:\nbbntt.exe
        
        c:\nbbntt.exe
        512⤵
        
        PID:3216
        
        \??\c:\1bhbbh.exe
        
        c:\1bhbbh.exe
        513⤵
        
        PID:2336
        
        \??\c:\htbttn.exe
        
        c:\htbttn.exe
        514⤵
        
        PID:3500
        
        \??\c:\hbnhbb.exe
        
        c:\hbnhbb.exe
        515⤵
        
        PID:3864
        
        \??\c:\lfxrllf.exe
        
        c:\lfxrllf.exe
        516⤵
        
        PID:3316
        
        \??\c:\hhhbbt.exe
        
        c:\hhhbbt.exe
        517⤵
        
        PID:908
        
        \??\c:\1bbtnt.exe
        
        c:\1bbtnt.exe
        518⤵
        
        PID:1028
        
        \??\c:\7frrrxr.exe
        
        c:\7frrrxr.exe
        519⤵
        
        PID:3356
        
        \??\c:\rrrrllf.exe
        
        c:\rrrrllf.exe
        520⤵
        
        PID:4496
        
        \??\c:\xlxrrrr.exe
        
        c:\xlxrrrr.exe
        521⤵
        
        PID:1204
        
        \??\c:\rxrxrxx.exe
        
        c:\rxrxrxx.exe
        522⤵
        
        PID:1172
        
        \??\c:\xrxrrrl.exe
        
        c:\xrxrrrl.exe
        523⤵
        
        PID:3048
        
        \??\c:\xrfrlrr.exe
        
        c:\xrfrlrr.exe
        524⤵
        
        PID:4536
        
        \??\c:\rllrrxr.exe
        
        c:\rllrrxr.exe
        525⤵
        
        PID:4840
        
        \??\c:\fflfxxx.exe
        
        c:\fflfxxx.exe
        526⤵
        
        PID:1036
        
        \??\c:\flrrrrr.exe
        
        c:\flrrrrr.exe
        527⤵
        
        PID:3080
        
        \??\c:\jvdvp.exe
        
        c:\jvdvp.exe
        528⤵
        
        PID:3204
        
        \??\c:\jjpjd.exe
        
        c:\jjpjd.exe
        529⤵
        
        PID:2416
        
        \??\c:\vddvv.exe
        
        c:\vddvv.exe
        530⤵
        
        PID:220
        
        \??\c:\dvddd.exe
        
        c:\dvddd.exe
        531⤵
        
        PID:1432
        
        \??\c:\jjddj.exe
        
        c:\jjddj.exe
        532⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
        
        \??\c:\pjvvp.exe
        
        c:\pjvvp.exe
        533⤵
        
        PID:1524
        
        \??\c:\jpvvv.exe
        
        c:\jpvvv.exe
        534⤵
        
        PID:2848
        
        \??\c:\jpjjd.exe
        
        c:\jpjjd.exe
        535⤵
        
        PID:2764
        
        \??\c:\pdppd.exe
        
        c:\pdppd.exe
        536⤵
        
        PID:5008
        
        \??\c:\1vvvj.exe
        
        c:\1vvvj.exe
        537⤵
        
        PID:2724
        
        \??\c:\vjppd.exe
        
        c:\vjppd.exe
        538⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        \??\c:\ddjjj.exe
        
        c:\ddjjj.exe
        539⤵
        
        PID:4316
        
        \??\c:\7pdvv.exe
        
        c:\7pdvv.exe
        540⤵
        
        PID:4508
        
        \??\c:\jvpjd.exe
        
        c:\jvpjd.exe
        541⤵
        
        PID:4456
        
        \??\c:\jvpvv.exe
        
        c:\jvpvv.exe
        542⤵
        
        PID:4852
        
        \??\c:\dvddv.exe
        
        c:\dvddv.exe
        543⤵
        
        PID:4448
        
        \??\c:\5bhhbh.exe
        
        c:\5bhhbh.exe
        544⤵
        
        PID:4676
        
        \??\c:\bnhhtt.exe
        
        c:\bnhhtt.exe
        545⤵
        System Location Discovery: System Language Discovery
        
        PID:836
        
        \??\c:\nntbbt.exe
        
        c:\nntbbt.exe
        546⤵
        
        PID:2276
        
        \??\c:\dvjjp.exe
        
        c:\dvjjp.exe
        547⤵
        
        PID:4868
        
        \??\c:\rllfrfr.exe
        
        c:\rllfrfr.exe
        548⤵
        
        PID:4988
        
        \??\c:\frxxxfx.exe
        
        c:\frxxxfx.exe
        549⤵
        
        PID:4464
        
        \??\c:\djjpp.exe
        
        c:\djjpp.exe
        550⤵
        
        PID:1656
        
        \??\c:\fxxllxx.exe
        
        c:\fxxllxx.exe
        551⤵
        
        PID:436
        
        \??\c:\jdpvv.exe
        
        c:\jdpvv.exe
        552⤵
        
        PID:732
        
        \??\c:\ppjjj.exe
        
        c:\ppjjj.exe
        553⤵
        
        PID:968
        
        \??\c:\djdvd.exe
        
        c:\djdvd.exe
        554⤵
        
        PID:3708
        
        \??\c:\pdjpp.exe
        
        c:\pdjpp.exe
        555⤵
        
        PID:768
        
        \??\c:\5vjpj.exe
        
        c:\5vjpj.exe
        556⤵
        
        PID:4256
        
        \??\c:\ttnnnn.exe
        
        c:\ttnnnn.exe
        557⤵
        
        PID:3588
        
        \??\c:\tbbtnh.exe
        
        c:\tbbtnh.exe
        558⤵
        
        PID:3516
        
        \??\c:\nnnhbt.exe
        
        c:\nnnhbt.exe
        559⤵
        
        PID:3668
        
        \??\c:\nhbttn.exe
        
        c:\nhbttn.exe
        560⤵
        
        PID:2728
        
        \??\c:\ttnnhh.exe
        
        c:\ttnnhh.exe
        561⤵
        
        PID:1260
        
        \??\c:\9ttttb.exe
        
        c:\9ttttb.exe
        562⤵
        
        PID:3100
        
        \??\c:\hbbttt.exe
        
        c:\hbbttt.exe
        563⤵
        
        PID:2400
        
        \??\c:\hthbtt.exe
        
        c:\hthbtt.exe
        564⤵
        System Location Discovery: System Language Discovery
        
        PID:840
        
        \??\c:\xrxxxxx.exe
        
        c:\xrxxxxx.exe
        565⤵
        
        PID:2000
        
        \??\c:\5llllxl.exe
        
        c:\5llllxl.exe
        566⤵
        
        PID:2616
        
        \??\c:\ffffffx.exe
        
        c:\ffffffx.exe
        567⤵
        
        PID:1004
        
        \??\c:\9lrlrrx.exe
        
        c:\9lrlrrx.exe
        568⤵
        
        PID:4744
        
        \??\c:\jvddp.exe
        
        c:\jvddp.exe
        569⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        \??\c:\pvppj.exe
        
        c:\pvppj.exe
        570⤵
        
        PID:2440
        
        \??\c:\xlrlxrl.exe
        
        c:\xlrlxrl.exe
        571⤵
        
        PID:1488
        
        \??\c:\lxfxrrl.exe
        
        c:\lxfxrrl.exe
        572⤵
        
        PID:4476
        
        \??\c:\ddjjj.exe
        
        c:\ddjjj.exe
        573⤵
        
        PID:1420
        
        \??\c:\vvvpp.exe
        
        c:\vvvpp.exe
        574⤵
        
        PID:1780
        
        \??\c:\pvjvp.exe
        
        c:\pvjvp.exe
        575⤵
        
        PID:2792
        
        \??\c:\vvdjj.exe
        
        c:\vvdjj.exe
        576⤵
        
        PID:4520
        
        \??\c:\vjvvv.exe
        
        c:\vjvvv.exe
        577⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
        
        \??\c:\tnttbb.exe
        
        c:\tnttbb.exe
        578⤵
        
        PID:5000
        
        \??\c:\hhnnnn.exe
        
        c:\hhnnnn.exe
        579⤵
        
        PID:4544
        
        \??\c:\hnbhtt.exe
        
        c:\hnbhtt.exe
        580⤵
        
        PID:2804
        
        \??\c:\xxfxxxr.exe
        
        c:\xxfxxxr.exe
        581⤵
        
        PID:2104
        
        \??\c:\7xfffrr.exe
        
        c:\7xfffrr.exe
        582⤵
        
        PID:1236
        
        \??\c:\llxrllf.exe
        
        c:\llxrllf.exe
        583⤵
        
        PID:3680
        
        \??\c:\rllfxxx.exe
        
        c:\rllfxxx.exe
        584⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
        
        \??\c:\vpvvp.exe
        
        c:\vpvvp.exe
        585⤵
        
        PID:5108
        
        \??\c:\ddvdp.exe
        
        c:\ddvdp.exe
        586⤵
        
        PID:1608
        
        \??\c:\pjppp.exe
        
        c:\pjppp.exe
        587⤵
        
        PID:1172
        
        \??\c:\vpjdp.exe
        
        c:\vpjdp.exe
        588⤵
        
        PID:3048
        
        \??\c:\pvjjd.exe
        
        c:\pvjjd.exe
        589⤵
        
        PID:4536
        
        \??\c:\3ttntt.exe
        
        c:\3ttntt.exe
        590⤵
        
        PID:5076
        
        \??\c:\1bbtnt.exe
        
        c:\1bbtnt.exe
        591⤵
        
        PID:2788
        
        \??\c:\7ffxrrl.exe
        
        c:\7ffxrrl.exe
        592⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        \??\c:\rfxrrfx.exe
        
        c:\rfxrrfx.exe
        593⤵
        
        PID:1996
        
        \??\c:\frxrllf.exe
        
        c:\frxrllf.exe
        594⤵
        
        PID:4156
        
        \??\c:\9lrrrxr.exe
        
        c:\9lrrrxr.exe
        595⤵
        
        PID:1920
        
        \??\c:\frfffxx.exe
        
        c:\frfffxx.exe
        596⤵
        
        PID:4756
        
        \??\c:\lflllll.exe
        
        c:\lflllll.exe
        597⤵
        
        PID:2156
        
        \??\c:\rrffxxx.exe
        
        c:\rrffxxx.exe
        598⤵
        
        PID:4004
        
        \??\c:\rrfffff.exe
        
        c:\rrfffff.exe
        599⤵
        
        PID:5060
        
        \??\c:\jddvj.exe
        
        c:\jddvj.exe
        600⤵
        
        PID:4340
        
        \??\c:\1vvvj.exe
        
        c:\1vvvj.exe
        601⤵
        
        PID:2356
        
        \??\c:\ddjdv.exe
        
        c:\ddjdv.exe
        602⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        \??\c:\pvppv.exe
        
        c:\pvppv.exe
        603⤵
        
        PID:1572
        
        \??\c:\vvddv.exe
        
        c:\vvddv.exe
        604⤵
        
        PID:4308
        
        \??\c:\vvpjd.exe
        
        c:\vvpjd.exe
        605⤵
        
        PID:2244
        
        \??\c:\nnhthn.exe
        
        c:\nnhthn.exe
        606⤵
        
        PID:744
        
        \??\c:\7tbbbt.exe
        
        c:\7tbbbt.exe
        607⤵
        
        PID:5068
        
        \??\c:\1hnhbb.exe
        
        c:\1hnhbb.exe
        608⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
        
        \??\c:\hnbhhh.exe
        
        c:\hnbhhh.exe
        609⤵
        
        PID:980
        
        \??\c:\thtttt.exe
        
        c:\thtttt.exe
        610⤵
        
        PID:1500
        
        \??\c:\bbhbbb.exe
        
        c:\bbhbbb.exe
        611⤵
        
        PID:4620
        
        \??\c:\tbhbtt.exe
        
        c:\tbhbtt.exe
        612⤵
        
        PID:1468
        
        \??\c:\hhhbtt.exe
        
        c:\hhhbtt.exe
        613⤵
        
        PID:3380
        
        \??\c:\bbthnb.exe
        
        c:\bbthnb.exe
        614⤵
        
        PID:1264
        
        \??\c:\nnnhtb.exe
        
        c:\nnnhtb.exe
        615⤵
        
        PID:628
        
        \??\c:\ttnntb.exe
        
        c:\ttnntb.exe
        616⤵
        
        PID:4364
        
        \??\c:\nnnnbb.exe
        
        c:\nnnnbb.exe
        617⤵
        
        PID:2892
        
        \??\c:\7rfxfff.exe
        
        c:\7rfxfff.exe
        618⤵
        
        PID:3920
        
        \??\c:\7fffllx.exe
        
        c:\7fffllx.exe
        619⤵
        
        PID:3528
        
        \??\c:\rrxxrxx.exe
        
        c:\rrxxrxx.exe
        620⤵
        
        PID:4668
        
        \??\c:\5vdjj.exe
        
        c:\5vdjj.exe
        621⤵
        
        PID:2372
        
        \??\c:\dpjdd.exe
        
        c:\dpjdd.exe
        622⤵
        
        PID:552
        
        \??\c:\jddvv.exe
        
        c:\jddvv.exe
        623⤵
        
        PID:2012
        
        \??\c:\ddvpv.exe
        
        c:\ddvpv.exe
        624⤵
        
        PID:2980
        
        \??\c:\jdddv.exe
        
        c:\jdddv.exe
        625⤵
        
        PID:4984
        
        \??\c:\9pjjp.exe
        
        c:\9pjjp.exe
        626⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        \??\c:\vvjdj.exe
        
        c:\vvjdj.exe
        627⤵
        
        PID:3580
        
        \??\c:\vpjdd.exe
        
        c:\vpjdd.exe
        628⤵
        
        PID:4608
        
        \??\c:\pppjv.exe
        
        c:\pppjv.exe
        629⤵
        
        PID:4412
        
        \??\c:\jpdvj.exe
        
        c:\jpdvj.exe
        630⤵
        
        PID:4780
        
        \??\c:\bhbbbh.exe
        
        c:\bhbbbh.exe
        631⤵
        
        PID:3476
        
        \??\c:\9nbbtt.exe
        
        c:\9nbbtt.exe
        632⤵
        
        PID:2940
        
        \??\c:\nhnhbb.exe
        
        c:\nhnhbb.exe
        633⤵
        
        PID:420
        
        \??\c:\thbtbh.exe
        
        c:\thbtbh.exe
        634⤵
        
        PID:2624
        
        \??\c:\bhhbtt.exe
        
        c:\bhhbtt.exe
        635⤵
        
        PID:4848
        
        \??\c:\hnnhbb.exe
        
        c:\hnnhbb.exe
        636⤵
        
        PID:4228
        
        \??\c:\hhhtbb.exe
        
        c:\hhhtbb.exe
        637⤵
        
        PID:3292
        
        \??\c:\1btntt.exe
        
        c:\1btntt.exe
        638⤵
        
        PID:2336
        
        \??\c:\7nhnnt.exe
        
        c:\7nhnnt.exe
        639⤵
        
        PID:3500
        
        \??\c:\xfxxllr.exe
        
        c:\xfxxllr.exe
        640⤵
        
        PID:2448
        
        \??\c:\5xlflll.exe
        
        c:\5xlflll.exe
        641⤵
        
        PID:2872
        
        \??\c:\xfxrxfx.exe
        
        c:\xfxrxfx.exe
        642⤵
        
        PID:1960
        
        \??\c:\flllfll.exe
        
        c:\flllfll.exe
        643⤵
        
        PID:908
        
        \??\c:\5rxfxxr.exe
        
        c:\5rxfxxr.exe
        644⤵
        
        PID:2992
        
        \??\c:\pjppv.exe
        
        c:\pjppv.exe
        645⤵
        
        PID:1792
        
        \??\c:\pjdvp.exe
        
        c:\pjdvp.exe
        646⤵
        
        PID:2704
        
        \??\c:\vvdvv.exe
        
        c:\vvdvv.exe
        647⤵
        
        PID:1192
        
        \??\c:\dpddd.exe
        
        c:\dpddd.exe
        648⤵
        
        PID:2324
        
        \??\c:\1jvvj.exe
        
        c:\1jvvj.exe
        649⤵
        
        PID:1120
        
        \??\c:\vdvvv.exe
        
        c:\vdvvv.exe
        650⤵
        
        PID:1248
        
        \??\c:\vvdvp.exe
        
        c:\vvdvp.exe
        651⤵
        
        PID:3352
        
        \??\c:\thnhnn.exe
        
        c:\thnhnn.exe
        652⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        \??\c:\nbbttt.exe
        
        c:\nbbttt.exe
        653⤵
        
        PID:4900
        
        \??\c:\hbnntb.exe
        
        c:\hbnntb.exe
        654⤵
        
        PID:460
        
        \??\c:\htnbnt.exe
        
        c:\htnbnt.exe
        655⤵
        
        PID:812
        
        \??\c:\nntbbb.exe
        
        c:\nntbbb.exe
        656⤵
        
        PID:3800
        
        \??\c:\ttnnnt.exe
        
        c:\ttnnnt.exe
        657⤵
        
        PID:3948
        
        \??\c:\hnhbbb.exe
        
        c:\hnhbbb.exe
        658⤵
        
        PID:2812
        
        \??\c:\bnbbhh.exe
        
        c:\bnbbhh.exe
        659⤵
        
        PID:4876
        
        \??\c:\tntnnn.exe
        
        c:\tntnnn.exe
        660⤵
        
        PID:4232
        
        \??\c:\5bnnnt.exe
        
        c:\5bnnnt.exe
        661⤵
        
        PID:392
        
        \??\c:\9bnhhh.exe
        
        c:\9bnhhh.exe
        662⤵
        
        PID:4352
        
        \??\c:\7tttnt.exe
        
        c:\7tttnt.exe
        663⤵
        
        PID:2424
        
        \??\c:\tbhhhn.exe
        
        c:\tbhhhn.exe
        664⤵
        
        PID:4764
        
        \??\c:\nnhthb.exe
        
        c:\nnhthb.exe
        665⤵
        
        PID:1140
        
        \??\c:\tttnnh.exe
        
        c:\tttnnh.exe
        666⤵
        
        PID:4864
        
        \??\c:\vddvv.exe
        
        c:\vddvv.exe
        667⤵
        
        PID:4912
        
        \??\c:\tbbtnn.exe
        
        c:\tbbtnn.exe
        668⤵
        
        PID:1068
        
        \??\c:\htbbtt.exe
        
        c:\htbbtt.exe
        669⤵
        
        PID:4832
        
        \??\c:\htnhhn.exe
        
        c:\htnhhn.exe
        670⤵
        
        PID:1380
        
        \??\c:\rflrrrr.exe
        
        c:\rflrrrr.exe
        671⤵
        
        PID:440
        
        \??\c:\5lffxfx.exe
        
        c:\5lffxfx.exe
        672⤵
        
        PID:1640
        
        \??\c:\ffxrfll.exe
        
        c:\ffxrfll.exe
        673⤵
        
        PID:4604
        
        \??\c:\llxxffl.exe
        
        c:\llxxffl.exe
        674⤵
        
        PID:4580
        
        \??\c:\jddvp.exe
        
        c:\jddvp.exe
        675⤵
        
        PID:1156
        
        \??\c:\dpvpp.exe
        
        c:\dpvpp.exe
        676⤵
        
        PID:4924
        
        \??\c:\jdjdd.exe
        
        c:\jdjdd.exe
        677⤵
        
        PID:520
        
        \??\c:\dvjdv.exe
        
        c:\dvjdv.exe
        678⤵
        
        PID:4384
        
        \??\c:\vvpjj.exe
        
        c:\vvpjj.exe
        679⤵
        
        PID:3848
        
        \??\c:\jppjv.exe
        
        c:\jppjv.exe
        680⤵
        
        PID:5096
        
        \??\c:\jjvvj.exe
        
        c:\jjvvj.exe
        681⤵
        
        PID:1680
        
        \??\c:\ddpjj.exe
        
        c:\ddpjj.exe
        682⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        \??\c:\3dvvv.exe
        
        c:\3dvvv.exe
        683⤵
        
        PID:5016
        
        \??\c:\vpvvp.exe
        
        c:\vpvvp.exe
        684⤵
        
        PID:1428
        
        \??\c:\hnbhhn.exe
        
        c:\hnbhhn.exe
        685⤵
        
        PID:5032
        
        \??\c:\bnhbtt.exe
        
        c:\bnhbtt.exe
        686⤵
        
        PID:3828
        
        \??\c:\bhtttn.exe
        
        c:\bhtttn.exe
        687⤵
        
        PID:3716
        
        \??\c:\tbbbbt.exe
        
        c:\tbbbbt.exe
        688⤵
        
        PID:4652
        
        \??\c:\bbtttt.exe
        
        c:\bbtttt.exe
        689⤵
        
        PID:2380
        
        \??\c:\rrrrrrr.exe
        
        c:\rrrrrrr.exe
        690⤵
        
        PID:2236
        
        \??\c:\xrlflrx.exe
        
        c:\xrlflrx.exe
        691⤵
        
        PID:3636
        
        \??\c:\xxfffll.exe
        
        c:\xxfffll.exe
        692⤵
        
        PID:4060
        
        \??\c:\lxlxflx.exe
        
        c:\lxlxflx.exe
        693⤵
        
        PID:2000
        
        \??\c:\xxxxrxr.exe
        
        c:\xxxxrxr.exe
        694⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        \??\c:\fflrrrl.exe
        
        c:\fflrrrl.exe
        695⤵
        
        PID:3652
        
        \??\c:\rrllfff.exe
        
        c:\rrllfff.exe
        696⤵
        
        PID:868
        
        \??\c:\5pvvv.exe
        
        c:\5pvvv.exe
        697⤵
        
        PID:4588
        
        \??\c:\dpjjd.exe
        
        c:\dpjjd.exe
        698⤵
        
        PID:2904
        
        \??\c:\fllllrr.exe
        
        c:\fllllrr.exe
        699⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        \??\c:\lrrlxrl.exe
        
        c:\lrrlxrl.exe
        700⤵
        
        PID:740
        
        \??\c:\3lllllf.exe
        
        c:\3lllllf.exe
        701⤵
        
        PID:3512
        
        \??\c:\pjvvp.exe
        
        c:\pjvvp.exe
        702⤵
        
        PID:864
        
        \??\c:\1vdvv.exe
        
        c:\1vdvv.exe
        703⤵
        
        PID:2336
        
        \??\c:\pvvvp.exe
        
        c:\pvvvp.exe
        704⤵
        
        PID:3500
        
        \??\c:\jvppp.exe
        
        c:\jvppp.exe
        705⤵
        
        PID:2448
        
        \??\c:\nnthbh.exe
        
        c:\nnthbh.exe
        706⤵
        
        PID:2872
        
        \??\c:\hbhbtt.exe
        
        c:\hbhbtt.exe
        707⤵
        
        PID:1960
        
        \??\c:\hhnhht.exe
        
        c:\hhnhht.exe
        708⤵
        
        PID:908
        
        \??\c:\1nbhhn.exe
        
        c:\1nbhhn.exe
        709⤵
        
        PID:1304
        
        \??\c:\nnnhbh.exe
        
        c:\nnnhbh.exe
        710⤵
        
        PID:3620
        
        \??\c:\bhnnhn.exe
        
        c:\bhnnhn.exe
        711⤵
        
        PID:2704
        
        \??\c:\rlrllxr.exe
        
        c:\rlrllxr.exe
        712⤵
        
        PID:1192
        
        \??\c:\frxlfxr.exe
        
        c:\frxlfxr.exe
        713⤵
        
        PID:2500
        
        \??\c:\lflfxxr.exe
        
        c:\lflfxxr.exe
        714⤵
        
        PID:1760
        
        \??\c:\llrlfxl.exe
        
        c:\llrlfxl.exe
        715⤵
        
        PID:2040
        
        \??\c:\vdjjj.exe
        
        c:\vdjjj.exe
        716⤵
        
        PID:4720
        
        \??\c:\vvjpv.exe
        
        c:\vvjpv.exe
        717⤵
        
        PID:676
        
        \??\c:\5dppd.exe
        
        c:\5dppd.exe
        718⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        \??\c:\pvpjv.exe
        
        c:\pvpjv.exe
        719⤵
        
        PID:920
        
        \??\c:\dvvvp.exe
        
        c:\dvvvp.exe
        720⤵
        
        PID:1996
        
        \??\c:\ppdpj.exe
        
        c:\ppdpj.exe
        721⤵
        
        PID:4156
        
        \??\c:\pvvdd.exe
        
        c:\pvvdd.exe
        722⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        \??\c:\dvdpp.exe
        
        c:\dvdpp.exe
        723⤵
        
        PID:2812
        
        \??\c:\htbhnh.exe
        
        c:\htbhnh.exe
        724⤵
        
        PID:4392
        
        \??\c:\hhtnhh.exe
        
        c:\hhtnhh.exe
        725⤵
        
        PID:4004
        
        \??\c:\tttbtt.exe
        
        c:\tttbtt.exe
        726⤵
        
        PID:5060
        
        \??\c:\thnhhh.exe
        
        c:\thnhhh.exe
        727⤵
        
        PID:4352
        
        \??\c:\htbhbb.exe
        
        c:\htbhbb.exe
        728⤵
        
        PID:2424
        
        \??\c:\hhbbtt.exe
        
        c:\hhbbtt.exe
        729⤵
        
        PID:4140
        
        \??\c:\xffxxxr.exe
        
        c:\xffxxxr.exe
        730⤵
        
        PID:1548
        
        \??\c:\lrffrrx.exe
        
        c:\lrffrrx.exe
        731⤵
        
        PID:4316
        
        \??\c:\lllfxfx.exe
        
        c:\lllfxfx.exe
        732⤵
        
        PID:1572
        
        \??\c:\fxlfxfx.exe
        
        c:\fxlfxfx.exe
        733⤵
        
        PID:4872
        
        \??\c:\rlrrlrr.exe
        
        c:\rlrrlrr.exe
        734⤵
        
        PID:4852
        
        \??\c:\5fllfxr.exe
        
        c:\5fllfxr.exe
        735⤵
        
        PID:4448
        
        \??\c:\frfxrrl.exe
        
        c:\frfxrrl.exe
        736⤵
        
        PID:4676
        
        \??\c:\lfllffx.exe
        
        c:\lfllffx.exe
        737⤵
        
        PID:836
        
        \??\c:\lllffff.exe
        
        c:\lllffff.exe
        738⤵
        
        PID:3128
        
        \??\c:\ppjpp.exe
        
        c:\ppjpp.exe
        739⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
        
        \??\c:\xrfffll.exe
        
        c:\xrfffll.exe
        740⤵
        
        PID:4620
        
        \??\c:\ddvpd.exe
        
        c:\ddvpd.exe
        741⤵
        
        PID:4464
        
        \??\c:\pdddv.exe
        
        c:\pdddv.exe
        742⤵
        
        PID:1656
        
        \??\c:\jvdvv.exe
        
        c:\jvdvv.exe
        743⤵
        
        PID:4328
        
        \??\c:\pjjdd.exe
        
        c:\pjjdd.exe
        744⤵
        
        PID:3596
        
        \??\c:\9pjdd.exe
        
        c:\9pjdd.exe
        745⤵
        
        PID:4216
        
        \??\c:\bbttbb.exe
        
        c:\bbttbb.exe
        746⤵
        
        PID:3708
        
        \??\c:\ththnt.exe
        
        c:\ththnt.exe
        747⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        \??\c:\nthhhn.exe
        
        c:\nthhhn.exe
        748⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        \??\c:\htnhhb.exe
        
        c:\htnhhb.exe
        749⤵
        
        PID:1480
        
        \??\c:\tnnnbb.exe
        
        c:\tnnnbb.exe
        750⤵
        
        PID:2524
        
        \??\c:\nhnhbb.exe
        
        c:\nhnhbb.exe
        751⤵
        
        PID:3120
        
        \??\c:\thbhtt.exe
        
        c:\thbhtt.exe
        752⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        \??\c:\tnbtnh.exe
        
        c:\tnbtnh.exe
        753⤵
        
        PID:2280
        
        \??\c:\xlxrllx.exe
        
        c:\xlxrllx.exe
        754⤵
        
        PID:1600
        
        \??\c:\fxxrrll.exe
        
        c:\fxxrrll.exe
        755⤵
        
        PID:1404
        
        \??\c:\xrxxrrr.exe
        
        c:\xrxxrrr.exe
        756⤵
        
        PID:3692
        
        \??\c:\9lrxrrx.exe
        
        c:\9lrxrrx.exe
        757⤵
        
        PID:3464
        
        \??\c:\ffrlrrr.exe
        
        c:\ffrlrrr.exe
        758⤵
        
        PID:5040
        
        \??\c:\ffrrrrx.exe
        
        c:\ffrrrrx.exe
        759⤵
        
        PID:368
        
        \??\c:\ppddj.exe
        
        c:\ppddj.exe
        760⤵
        
        PID:2000
        
        \??\c:\3ppvp.exe
        
        c:\3ppvp.exe
        761⤵
        
        PID:3488
        
        \??\c:\djpjj.exe
        
        c:\djpjj.exe
        762⤵
        
        PID:2620
        
        \??\c:\vjppv.exe
        
        c:\vjppv.exe
        763⤵
        
        PID:868
        
        \??\c:\vpvjp.exe
        
        c:\vpvjp.exe
        764⤵
        
        PID:3068
        
        \??\c:\7hnhht.exe
        
        c:\7hnhht.exe
        765⤵
        
        PID:1420
        
        \??\c:\tnnnnh.exe
        
        c:\tnnnnh.exe
        766⤵
        
        PID:3616
        
        \??\c:\hnbtnh.exe
        
        c:\hnbtnh.exe
        767⤵
        
        PID:740
        
        \??\c:\nhbbtt.exe
        
        c:\nhbbtt.exe
        768⤵
        
        PID:1816
        
        \??\c:\bbbbtt.exe
        
        c:\bbbbtt.exe
        769⤵
        
        PID:864
        
        \??\c:\nhhhhb.exe
        
        c:\nhhhhb.exe
        770⤵
        
        PID:2336
        
        \??\c:\ffxrrrr.exe
        
        c:\ffxrrrr.exe
        771⤵
        
        PID:2680
        
        \??\c:\rrxrrrr.exe
        
        c:\rrxrrrr.exe
        772⤵
        
        PID:3624
        
        \??\c:\xxflllf.exe
        
        c:\xxflllf.exe
        773⤵
        
        PID:2872
        
        \??\c:\rrrxrrr.exe
        
        c:\rrrxrrr.exe
        774⤵
        
        PID:2992
        
        \??\c:\pvjjp.exe
        
        c:\pvjjp.exe
        775⤵
        
        PID:4424
        
        \??\c:\vddvv.exe
        
        c:\vddvv.exe
        776⤵
        
        PID:4036
        
        \??\c:\7jvpj.exe
        
        c:\7jvpj.exe
        777⤵
        
        PID:4616
        
        \??\c:\jppjd.exe
        
        c:\jppjd.exe
        778⤵
        
        PID:2704
        
        \??\c:\ttbbnn.exe
        
        c:\ttbbnn.exe
        779⤵
        
        PID:1192
        
        \??\c:\jdpjj.exe
        
        c:\jdpjj.exe
        780⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        \??\c:\jdppj.exe
        
        c:\jdppj.exe
        781⤵
        
        PID:1236
        
        \??\c:\thtnbb.exe
        
        c:\thtnbb.exe
        782⤵
        
        PID:5076
        
        \??\c:\9bbtnn.exe
        
        c:\9bbtnn.exe
        783⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
        
        \??\c:\httnhh.exe
        
        c:\httnhh.exe
        784⤵
        
        PID:460
        
        \??\c:\9htnhh.exe
        
        c:\9htnhh.exe
        785⤵
        
        PID:1684
        
        \??\c:\nhbtnn.exe
        
        c:\nhbtnn.exe
        786⤵
        
        PID:920
        
        \??\c:\rlxlfxl.exe
        
        c:\rlxlfxl.exe
        787⤵
        
        PID:1996
        
        \??\c:\bbntbt.exe
        
        c:\bbntbt.exe
        788⤵
        
        PID:4156
        
        \??\c:\hthhbt.exe
        
        c:\hthhbt.exe
        789⤵
        
        PID:1920
        
        \??\c:\hbtnbh.exe
        
        c:\hbtnbh.exe
        790⤵
        
        PID:2848
        
        \??\c:\hhbntt.exe
        
        c:\hhbntt.exe
        791⤵
        
        PID:2764
        
        \??\c:\bthhhh.exe
        
        c:\bthhhh.exe
        792⤵
        
        PID:4300
        
        \??\c:\bhttnh.exe
        
        c:\bhttnh.exe
        793⤵
        
        PID:4276
        
        \??\c:\7nntnt.exe
        
        c:\7nntnt.exe
        794⤵
        
        PID:3936
        
        \??\c:\1nnnnt.exe
        
        c:\1nnnnt.exe
        795⤵
        
        PID:764
        
        \??\c:\5tnhhh.exe
        
        c:\5tnhhh.exe
        796⤵
        
        PID:4140
        
        \??\c:\tnnnnn.exe
        
        c:\tnnnnn.exe
        797⤵
        
        PID:1548
        
        \??\c:\hbhhbb.exe
        
        c:\hbhhbb.exe
        798⤵
        
        PID:4316
        
        \??\c:\rffxxff.exe
        
        c:\rffxxff.exe
        799⤵
        
        PID:596
        
        \??\c:\xrrrlll.exe
        
        c:\xrrrlll.exe
        800⤵
        
        PID:2724
        
        \??\c:\rrrrrrx.exe
        
        c:\rrrrrrx.exe
        801⤵
        
        PID:1520
        
        \??\c:\lfrrrxf.exe
        
        c:\lfrrrxf.exe
        802⤵
        
        PID:2436
        
        \??\c:\llrlrff.exe
        
        c:\llrlrff.exe
        803⤵
        
        PID:440
        
        \??\c:\lflfxrr.exe
        
        c:\lflfxrr.exe
        804⤵
        
        PID:1640
        
        \??\c:\rrxllrf.exe
        
        c:\rrxllrf.exe
        805⤵
        
        PID:4724
        
        \??\c:\xfrrlrx.exe
        
        c:\xfrrlrx.exe
        806⤵
        
        PID:2136
        
        \??\c:\fllrrrr.exe
        
        c:\fllrrrr.exe
        807⤵
        
        PID:1156
        
        \??\c:\llfflxr.exe
        
        c:\llfflxr.exe
        808⤵
        
        PID:412
        
        \??\c:\fxxrllf.exe
        
        c:\fxxrllf.exe
        809⤵
        
        PID:4000
        
        \??\c:\rffxxxl.exe
        
        c:\rffxxxl.exe
        810⤵
        
        PID:980
        
        \??\c:\nbbbhn.exe
        
        c:\nbbbhn.exe
        811⤵
        System Location Discovery: System Language Discovery
        
        PID:968
        
        \??\c:\flxxrfl.exe
        
        c:\flxxrfl.exe
        812⤵
        
        PID:2076
        
        \??\c:\5xxrffx.exe
        
        c:\5xxrffx.exe
        813⤵
        
        PID:2452
        
        \??\c:\1xrlllf.exe
        
        c:\1xrlllf.exe
        814⤵
        
        PID:316
        
        \??\c:\llfxllx.exe
        
        c:\llfxllx.exe
        815⤵
        
        PID:1480
        
        \??\c:\lfrrrxf.exe
        
        c:\lfrrrxf.exe
        816⤵
        
        PID:5032
        
        \??\c:\xfxrfxr.exe
        
        c:\xfxrfxr.exe
        817⤵
        
        PID:3120
        
        \??\c:\djjjd.exe
        
        c:\djjjd.exe
        818⤵
        
        PID:3600
        
        \??\c:\dvpjd.exe
        
        c:\dvpjd.exe
        819⤵
        
        PID:2280
        
        \??\c:\7pvvp.exe
        
        c:\7pvvp.exe
        820⤵
        
        PID:3100
        
        \??\c:\dpppv.exe
        
        c:\dpppv.exe
        821⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        \??\c:\pvjdd.exe
        
        c:\pvjdd.exe
        822⤵
        
        PID:4608
        
        \??\c:\bthntb.exe
        
        c:\bthntb.exe
        823⤵
        
        PID:4060
        
        \??\c:\bnbnnn.exe
        
        c:\bnbnnn.exe
        824⤵
        
        PID:4204
        
        \??\c:\bhnhbb.exe
        
        c:\bhnhbb.exe
        825⤵
        
        PID:368
        
        \??\c:\1tnhtt.exe
        
        c:\1tnhtt.exe
        826⤵
        
        PID:2000
        
        \??\c:\btttnh.exe
        
        c:\btttnh.exe
        827⤵
        
        PID:420
        
        \??\c:\9jvpj.exe
        
        c:\9jvpj.exe
        828⤵
        
        PID:4588
        
        \??\c:\bbtnnt.exe
        
        c:\bbtnnt.exe
        829⤵
        
        PID:3236
        
        \??\c:\btbbbh.exe
        
        c:\btbbbh.exe
        830⤵
        
        PID:3068
        
        \??\c:\nhnhbb.exe
        
        c:\nhnhbb.exe
        831⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
        
        \??\c:\tttttt.exe
        
        c:\tttttt.exe
        832⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        \??\c:\tthttt.exe
        
        c:\tthttt.exe
        833⤵
        
        PID:740
        
        \??\c:\xxrfffx.exe
        
        c:\xxrfffx.exe
        834⤵
        
        PID:1816
        
        \??\c:\tnbbnh.exe
        
        c:\tnbbnh.exe
        835⤵
        
        PID:864
        
        \??\c:\xxrffff.exe
        
        c:\xxrffff.exe
        836⤵
        
        PID:2336
        
        \??\c:\hhttnt.exe
        
        c:\hhttnt.exe
        837⤵
        
        PID:2448
        
        \??\c:\tbhhnn.exe
        
        c:\tbhhnn.exe
        838⤵
        
        PID:4376
        
        \??\c:\nhbtbb.exe
        
        c:\nhbtbb.exe
        839⤵
        
        PID:1960
        
        \??\c:\hhhhhn.exe
        
        c:\hhhhhn.exe
        840⤵
        
        PID:1792
        
        \??\c:\rxrlffx.exe
        
        c:\rxrlffx.exe
        841⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        \??\c:\fxrrllf.exe
        
        c:\fxrrllf.exe
        842⤵
        
        PID:2640
        
        \??\c:\xlrlffx.exe
        
        c:\xlrlffx.exe
        843⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
        
        \??\c:\rffxxxx.exe
        
        c:\rffxxxx.exe
        844⤵
        
        PID:2032
        
        \??\c:\dpjvv.exe
        
        c:\dpjvv.exe
        845⤵
        
        PID:2880
        
        \??\c:\jvppp.exe
        
        c:\jvppp.exe
        846⤵
        
        PID:232
        
        \??\c:\ppvpp.exe
        
        c:\ppvpp.exe
        847⤵
        
        PID:4536
        
        \??\c:\3jpdv.exe
        
        c:\3jpdv.exe
        848⤵
        
        PID:4720
        
        \??\c:\ffffrfr.exe
        
        c:\ffffrfr.exe
        849⤵
        
        PID:676
        
        \??\c:\pvjjv.exe
        
        c:\pvjjv.exe
        850⤵
        
        PID:812
        
        \??\c:\vdpjp.exe
        
        c:\vdpjp.exe
        851⤵
        
        PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7ppjv.exe

Filesize
3.7MB

MD5
d2b92bf51e51b70e5f71f7808c5ca6cf

SHA1
da45c29f4711d81667097eeb356a58c35ae08ee7

SHA256
9f74041fbc61734db5cc6a537aa0a0dc650505486bf33c8bd9af9749c8a3f387

SHA512
80bf2b24042dfc78d56934e63023184300e8326926e98f28acf6f3963c2cea0424d76a33a69353de44487e462ed1d60e1b4757b5cd03ff9932c6e5b324da52f7

Download Submit
C:\bbnhhn.exe

Filesize
3.7MB

MD5
8019a25efc1be9272575dd82dc4a6f28

SHA1
a682b9638fa1b50ad3c070c6fdd873a32be451b0

SHA256
4a9d419ec74a47eded4e509fc55fa0570ead0da32b51e763ba5ddbcbb60d2eb5

SHA512
f31afb8fcb477f734b35bab1abb7f8130a9d262f4773daec09d88906b27cae6bc04eca9918273086eb33a8406f48fc09a286c78a89673458d06c369feb1445ea

Download Submit
C:\bbtbhh.exe

Filesize
3.7MB

MD5
145f032cf3a8e82f1e60736a76a0ce3d

SHA1
7bb1c33ffa7d53f6c6c8e15acb24158d430995c2

SHA256
f7a8259579df18fec991d1f1070a70467d6c7b212b0901c757909cd5ad3804e8

SHA512
2a74072be32f730d76257c718c39cfa0a8d032f38ae94028099aa1f8545253864ebd0cde42670c2f0bb065f7d114b72b65a20e29d6005f57d643e434d4a75092

Download Submit
C:\bntttb.exe

Filesize
3.7MB

MD5
e646d1929a4a3ae1189407b2ba1c405b

SHA1
a3a8f95b7301ea9cf255dfefc32faa2569acdbf1

SHA256
398c4b01afd6193613b227a320863d736ef2e44c107cae0a73b75c6bbfa35fe6

SHA512
3b7e75e6e8b01f20d800405599e3b1bcc13ba00bc2f95f469eaaec82c1bb076341b0916b328e65ca49492d0db1b42944646f3e7179b0286f80851762ec215f34

Download Submit
C:\bthntt.exe

Filesize
3.7MB

MD5
f26fb8f67c74acb3f1a6bb44118872d2

SHA1
208a4a4d7e637c98b15659169e345a9813dd488d

SHA256
e9308962426d20fdf63e7903f62115f40838aeaaa21df746844a3ae8b538b0b1

SHA512
b2197769d4d426b0f3fe7e09e7c2c7227b73b072db868a594558709e540e5997b214eb8fdaeec64397bdc6f3f343deab16c3e3517731d937d5c96818b262fbf8

Download Submit
C:\ddjvd.exe

Filesize
3.7MB

MD5
343a7e6abea4060f1a6ffd265bd313f3

SHA1
1aa15e182d917cdced5a02c8966deaa8a17ce713

SHA256
f0a5027b03652c93ea6560db35e53903e453b8e980d1333995beb27efa92b511

SHA512
0cfe9c321755dce47af0d1ae958729541dce2a7721302f213b6e942d6d88e69ed6b567201adf2dd03666d5f437b4e8b09f35b7168ab138289dc55f872e6bcd09

Download Submit
C:\djjjj.exe

Filesize
3.7MB

MD5
6a9168205af8fff4e9a5cf596fe4644f

SHA1
357dc9ac136038e45a4a75cffd0dad07319a83f1

SHA256
97fd8e53b9ad59c240b60c509d47a0317fe58f07f634db0d2dbfa5fc2b4a1cf7

SHA512
89d2af600081ac1b0bc51ae77715f19454ed76e3a1b10dafc887b5ce1c159adb471f5bc17c8252c373b8c14846a0af4c13357f5211ea2a695e3103bd0ffcbb80

Download Submit
C:\ffxxrfr.exe

Filesize
3.7MB

MD5
84a02e2245fc71ca952bfa69972ac491

SHA1
f5a0f608ae2386168f21ab7a8f1db53dd40776cb

SHA256
3031034cc2d7354194446b4697723fc8dbe76db1117889636bba37020c66acc6

SHA512
aba52a62a0fb6fa7fd0b1a55306a92b514efc8f36276295b3cbfad228b2a19d8b6ca669502498a9038c8fdff338f75ec21750848b29855a4595c766a0f8fa02c

Download Submit
C:\frlrxxr.exe

Filesize
3.7MB

MD5
ce9ccc7f2b167014c255468b42cdf262

SHA1
d9aaf8aeb6a6ccc2d90a448d52f64d326cb13d35

SHA256
e9d349b8a1b741d762da468fa91174aad0c8219aa2041cf9a4313f713c337719

SHA512
4af7f3c23e18be16c24f928670753b649cf15e5bc3ed309806a40e8f57063bdf492db52c1db68a56d746c1c8a6790aeb8a2fb4a174bd1c2a384386d7ba22bfd5

Download Submit
C:\lrxxlll.exe

Filesize
3.7MB

MD5
18b648533a48d51c30812b0b6ba642ec

SHA1
45993395cc6d5f5d4acc90f91bf387021b3cbd0b

SHA256
73c9bb532cd3b7697cbe9634eac14815651e7ceb1cb71b3c1815a202d1e5fea7

SHA512
681c7136ed137ad059217a0619de2fab7a71ebaa6b4377f0536b75eaa6d201d7ed1aebba4424bfe5aafd47aec49ee6cb0626d4bd6e38fae750f02b5154af8204

Download Submit
C:\lrxxxrf.exe

Filesize
3.7MB

MD5
e321633952f5eaf1ad67a33de7306eb5

SHA1
2772efa890e5ab7e6a0af9c3b10af716c731276c

SHA256
7da9177ed2480da33075864f57502ebf41573797cc629b0223bd72c16538c717

SHA512
5a79e9d59b266fca664d88075b438964868a510d92c34e42073eaf416a1f8533b4f0811277ac639d42432b1fa27263dcda60f886b0c37747770aa6d02ae20534

Download Submit
C:\nbtthn.exe

Filesize
3.7MB

MD5
12ee3aedb35769b6413b28353b9eb0f0

SHA1
16d07c4e44dad41f7138dd3445ac6c2620875886

SHA256
94b2cd2b5905ea46235f1eea8b0d7cafed282efdf653ec1ca6e5a6d08e13c07c

SHA512
04196262978f7fcf0d28ec9de59aa09b25583a1887b3ccbe599964abe52df03fa577e18471523d6e66d67b62e08427a30d411bf4b4d3e18abd8a906fbf8e1c3f

Download Submit
C:\rlrrflr.exe

Filesize
3.7MB

MD5
aa7362b4b6aedd16fbf1dd4666d07809

SHA1
ea45674d4b3fde46f7a32a0d842fa73325329eab

SHA256
09d49b25840b4e1e62327f813b6802d6c6b6e0f6f53d5057a3704016848da549

SHA512
add6789504b003b4399fadc434633478e59215b46f22077008e5fb285625e0f656e905a631846c58f7191a97e8f4f55925a072be33be5e230fb5ff427e42d621

Download Submit
C:\rlrrrff.exe

Filesize
3.7MB

MD5
3f508586f70521e639df19e36da610fa

SHA1
e105198c1dfd1718c6dfaaf5bcc799490ff4ad3c

SHA256
7b4b23b0e5849366d6ca72660b2b563df43e9bafec47fcfa274d0f61a65631f1

SHA512
56ac3e0b31408deed5dc92f0db0050b384ee0cb7ae8c8ca86f71b00a4227f964e9acaaf591bc38d1b1c5458a207d243d6abbfe9d213e753ce8f5679e4db8ca07

Download Submit
C:\rrllffl.exe

Filesize
3.7MB

MD5
2a5668cf8dd19b8440116e6b212361cb

SHA1
82154079c083231cc1ad5dc6b2ea00c3bb31f195

SHA256
4be54598bcdb26c1ee635ba0e43ca2e235332611f1975247c33b5e05739cebb4

SHA512
4d4caaff5678cb3883b8550f61ecaa8bad9d01b822ee3040dfa8b8cb8cc09ab02f51e5b7dd4fc4a712a22bb4a412f1e6c1aed29c1a2102785fdad1b0200ed647

Download Submit
C:\tntttb.exe

Filesize
3.7MB

MD5
a89c10f90b76e290bb598fb53f7e8a1d

SHA1
efebd7601b90478dca1176c1a69d65a974fe349d

SHA256
16a0bccfe323da1d9a2e93b82bab7ccc8b3fb0df3ecfac337ab1f1a438eaac79

SHA512
a7fb4c704845b9045e9a769d5115e5bf6ebfc3648ccd6dcf4414bdcc76f40095f45ddb17b40ebdb892be04e2af0eaec2d1ac6a1c73761e91c518065315ddca01

Download Submit
C:\ttbnnh.exe

Filesize
3.7MB

MD5
9c90f331e4f8e48a1a01af42f9115383

SHA1
e11fc86ea3106d73b33c4a3ab0f74bda4acbd612

SHA256
3e9bf982dc08e80f08e2f04ca7cf6d8c2473c4799768b20f1edff465d73d8ffe

SHA512
0f7f444d6cc7c99595c31884b6f3bbd04cc8a968712a7de9ab71ed1caee59e2be2aec81c2aff844c2ae2eeef654d2d3f66d0f4711489a31f2963ae6041e0e2b3

Download Submit
C:\tthnnn.exe

Filesize
3.7MB

MD5
20aa10ea7be0d60d677144b64c84f6be

SHA1
ca86c7481cc6aa99544d42b68d2d8e7bd0eb5fdd

SHA256
d3a333b66c37a956fa6584d45a3c7a784caae7a6cedaf8c535ab18a661983657

SHA512
7f6a3b2dd97753a509752b3d2cab845948256fdace109aa2cc2b9be48dd9719e4af5a11055108c204545783add014a2f44509b690e148da17f3a5e0d12fad510

Download Submit
C:\vdppj.exe

Filesize
3.7MB

MD5
70809d5de50edaa511c9a71923922a48

SHA1
b059ae6ecc66f4e554e2bb9a4ebed6d3ec97605e

SHA256
3387dec43ad9f96de90d9ce3210293c2bbbcd78c981868b95beda93f53105ff8

SHA512
d36fe4994794e8640fdd8121c0a5182facbf60a4cc2d01840290fc6ad10de02f1809f31f0ad9b398c45031543c09aba454dedd48f60905879005dda4eec18ef6

Download Submit
C:\vjjpp.exe

Filesize
3.7MB

MD5
17aea61ab0bcf1d6c70ca8b0567480a9

SHA1
ef4443f63bece2afdcb25676c687ef988b652a5b

SHA256
deed5a498eaf862bcc2d048f12a3eaa07ef53f9cb45524e75ff5014b80a586af

SHA512
d81f1d772e77c146d790ebbff12bd1b68cc590af65f1af7504fa7c354e055dbfafd3a7c085124a97e3d470d4cf5cd9bf01f00d266783d1666c3abd75ad65d735

Download Submit
C:\vjvvj.exe

Filesize
3.7MB

MD5
c5685f3882e507379309ee4fa7a87397

SHA1
597e5128c2644fcdf215b5583523c27df7727d16

SHA256
e31b6452e13a75111f2247ecd1c0c624a904bac0a8e7ddfe6448623d1706d1f7

SHA512
8c64354839baf418ec8dada9532081d4a3cc905c066b079d278477cac44ef08f04c56d8083259ff538ca1e5e8781f0080c6a00f6a708dd0d573ca3775638f792

Download Submit
C:\vppjv.exe

Filesize
3.7MB

MD5
3404e0197a58399bb3944990b4ce372d

SHA1
12a2eb8837f80e3a0505dc5f38763da5f21f4fa5

SHA256
1f6d662d0d35612f9906214807341571528b971aec607f092b806fd23fddcace

SHA512
2f5cef4a605e751be091e05e94dd49413d01bba339878328d91af3453a80d0b0349848f8c12a9d83231e645bfc717ab8144c2b4425f42e9778d08996e4ded20f

Download Submit
C:\vvppj.exe

Filesize
3.7MB

MD5
093eea28fcd84e9e9d5d70b4ca85efa8

SHA1
ed8b349f9b7b9dbd91545c5397f6de22216211bb

SHA256
d664ea2819588ca1f8e3866b77197fae04ceb8e0aab9fc6270de2a40e5e88e41

SHA512
675164506a49dd0491e34bd52bc1acaf1f86ba53bc231fa42ddb4ba0e62bce43dc5bcc17db7f2384d2a818dc647ae9c2668dad76354581e8d396f9e87ef6bbf2

Download Submit
C:\xffrfrx.exe

Filesize
3.7MB

MD5
eab01cd65a3c07709d7d5a99d9e30cdb

SHA1
c8a29300ee00a202ad674352d486509dff9e24a5

SHA256
8f6324b55400d88e8299a4c36b3df184c5720dc8452541d1fcc4d51518b16fa0

SHA512
fb7b3e97e522057adbe84af96a4da63fb47dd73dd649241344969252f62924c876410b4032903a1e6869958cb654ce635a74146e8f968e87e2762e395773c31d

Download Submit
C:\xfllflf.exe

Filesize
3.7MB

MD5
7ba488ed0afa1cf288b9160bbcf613bc

SHA1
fdea80430333395623a8174627aa30119e9ef136

SHA256
e63a9f4d9c9ff8e5fc758013e62feabe54e57885997228a7c99e824e9b0da7c5

SHA512
7438be36ee5455354efeb281fc06cef9420fd8873aafb6e0d37b883df394eebc717b43905bf9dd857630f4cfef15ec1727784a5d5c24f33b2e59eeee2a88e3d8

Download Submit
C:\xrrxflf.exe

Filesize
3.7MB

MD5
a536ab694a3e10296fc7c0fb9e5f4d31

SHA1
098ba873036c731f930b98871ea621503732f829

SHA256
7a71870b4c58508869c126607b85cb4bb6f624a454c2375243917d025479dc54

SHA512
80d5edfa76a593221f7d0157cb46dae3fbd72cb4771902e24544d177f4976d64493bf32ec2d2286d959c5dc1700169f8ced6c3f5c023cd45d67dd0dbd69eba9d

Download Submit
C:\xxlrrxx.exe

Filesize
3.7MB

MD5
09719fcbe62d64eba86b5d6302b2a681

SHA1
89cc2bcdb75a17511d05839d71eaf52ed54b10f6

SHA256
6adcae525b21b26f44217303f384bd1160df6be1a9e7aa9c88489223f1d99f17

SHA512
7a898e700e3604437efcf94be0a84cad0314db70c522e4d60641aeb04b49369d87090ed4f146aa48e7cc723de9a8ace5805b4818de6c1644a3985f7161c16414

Download Submit
\??\c:\jdvdv.exe

Filesize
3.7MB

MD5
04b1fca61f46f8e14c74932b784457c9

SHA1
206ed7dda496929c19ae1de4a52272124c79610a

SHA256
785728099ed63be65a6aff7696697d749cd5d3a7ecc43504c8b53a97f28d5bc3

SHA512
af7cdf28bbb176286d7cdd0f652c001c5d16842695970996516884dad1be305c308e909e1a25da96f912512f86ddf82afa78ec5270e60022700df23052691024

Download Submit
\??\c:\lfrrrrr.exe

Filesize
3.7MB

MD5
f0cde8601a8b1ebe394cd48cbff4b153

SHA1
548b7ae4bf025472162d511da31f499d0ef6f7cd

SHA256
768ad54c84823e117e8c00e5c4faa5f8a729d69f5550b797d77f618a25b178f6

SHA512
1392af9a8cc250e5cd6598089c3493bfddadb09db42c8da1dd16a4ad57858c5dd716fed3a01edf84301df7a9accf2755f3642a374a7afeb27b14241e1a020551

Download Submit
\??\c:\llffxxx.exe

Filesize
3.7MB

MD5
fa0c0c41730f1f0686a4e6c5942ebff9

SHA1
f4d3c37e1a0740171caff1af47201b78e6f39034

SHA256
cc3666d28701515fcc2f5775a5c7375f52bbba0e589b2d7bac610f6c5ed76c80

SHA512
2e53fbfc0a8795d2abf3c1b2e274066de2ab2536c5c760a4848092287326cd80cac93694813831f9a2348586cec417175bdc9ce81ff6e4407fc9273dedccfc5f

Download Submit
\??\c:\nbnnnb.exe

Filesize
3.7MB

MD5
2c98a668941ef8b659ea36af64e9f98b

SHA1
295e53814169226ae8ff7ccd1aa739d2b71e7a7f

SHA256
92e2c14077a6cdca87cc0822575dece489e9959ff17a443ce52b57a233a78b48

SHA512
2f396ac09364ba239ca83e148d1b683472f051f405c7aafe8d8c23df1d7f5b274783e7fe78912972a56abd8a413ab916d2fc67b26a36c6880802241edd7994fd

Download Submit
\??\c:\pdjpp.exe

Filesize
3.7MB

MD5
093baaae0550a502df70fb856112d59d

SHA1
0a9844ebf98059af1a07983ff9095effe4e1be50

SHA256
5ca23ab014b21e199863a3d5f98990290b9016a4c340b5636268d0a73699aaea

SHA512
aa195923aee91839073b706402ff9e4e7bfdb7146ff4054e3ac589cb5edc5147361047ae3e638b719031da56760ec18ce88a4ec970d17311b7f4ffee262a39cc

Download Submit
memory/184-1089-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/184-256-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/232-502-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/316-19-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/336-287-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/392-186-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/412-43-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/440-381-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/552-265-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/596-222-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/716-291-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/740-307-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/812-180-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1032-129-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1468-249-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1480-428-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1488-622-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1608-659-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1616-123-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1644-333-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1672-229-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1760-341-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1812-17-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1960-473-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1988-1079-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1996-1897-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2060-156-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2136-25-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2136-31-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2324-2066-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2392-210-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2432-11-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2524-68-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2524-268-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2724-5-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2724-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2868-167-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2872-469-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2904-116-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2920-515-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2924-233-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3068-101-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3316-140-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3420-271-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3500-134-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3536-432-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3544-172-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3680-317-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3708-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3760-203-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3800-190-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3856-67-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3864-321-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3996-397-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4060-943-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4252-561-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4368-690-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4448-218-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4480-94-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4512-32-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4536-1165-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4620-214-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4868-242-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4932-44-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5072-59-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5088-492-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download