blackmoon | 0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe
Size

3.7MB
MD5

b4b7e930ecbb6afa203edfa78465486c
SHA1

cbd1ecbb960f51deaa4380bdf1f8ca4084360ba0
SHA256

0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47
SHA512

9acf8a1c0397d6f884257cc5af9085492adad9bba46dcf0c9e33ba02193bf07d860cce4455dbc7ff4d9864aebd4ea062cff18b0589a1de50fa71316ec711a45f
SSDEEP

49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98H:U6XLq/qPPslzKx/dJg1ErmNg

Score

10^/10

blackmoon njrat banker discovery trojan upx

Malware Config

Signatures

Blackmoon family
blackmoon
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 64 IoCs

resource	yara_rule
behavioral2/memory/632-6-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4876-13-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4088-11-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1408-19-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3040-25-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1712-35-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1632-41-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/860-47-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/812-55-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1036-54-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2968-65-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2156-77-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3016-88-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3540-93-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3564-100-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4060-105-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4984-111-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4760-117-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3936-128-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1344-134-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3004-141-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/5016-152-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/5080-160-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4160-159-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3332-185-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2952-190-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4636-194-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4428-207-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3528-211-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/864-226-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4840-245-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1096-250-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4496-261-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4708-260-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3208-274-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2648-284-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/868-294-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3440-313-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2084-323-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4956-339-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/368-349-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3048-353-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4388-378-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3092-394-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3952-407-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2072-433-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3912-461-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4300-468-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3132-472-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/780-521-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4012-549-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2192-559-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1320-578-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/1040-615-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3024-637-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2276-707-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3240-727-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3112-746-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4984-765-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2360-775-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2120-779-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/3564-921-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/4592-1205-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon
behavioral2/memory/2292-1221-0x0000000000400000-0x0000000000427000-memory.dmp	family_blackmoon

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Executes dropped EXE 64 IoCs

pid	Process
4088	hnbtbb.exe
4876	hbnnhh.exe
1408	3xllflr.exe
3040	1nbtnn.exe
1712	lrxrrrl.exe
1632	bhnnnn.exe
860	bhbthh.exe
1036	xxllxrf.exe
812	vdvvj.exe
2968	jvjjd.exe
4988	flrrlrr.exe
2156	hhnnnn.exe
3112	bbnbhh.exe
3016	xrrffff.exe
3540	jvppp.exe
3564	htbtnt.exe
4060	ntbbnn.exe
4984	djvvd.exe
4760	rrllffx.exe
4300	tnbhbh.exe
3936	lfrfxll.exe
1344	lllrlxx.exe
3004	rlllfll.exe
4420	lrfffff.exe
5016	vpvvv.exe
4160	3bnnhn.exe
5080	thbtnt.exe
3272	jpjjj.exe
2704	lfffrfl.exe
2512	pjpvj.exe
3332	7jvvp.exe
2952	hntnnt.exe
4636	9dppp.exe
2912	tbnbtt.exe
3748	bnbbhh.exe
4388	bbnnnh.exe
4428	nbbbtt.exe
3528	vppjd.exe
3256	jpvvv.exe
468	vdddd.exe
1916	vvpdj.exe
2844	dvdjd.exe
864	ddjvd.exe
724	vdpdp.exe
3740	bbntbt.exe
2192	hhtnbh.exe
3944	ntnbtn.exe
4336	bbhnnt.exe
4840	nbhnnn.exe
1096	nnhhnt.exe
3708	btbbtn.exe
2188	hbhnnn.exe
4708	bnnhbh.exe
4496	nnhhhh.exe
1560	hbbbbt.exe
3352	tnnnnn.exe
3208	hbnntb.exe
1304	vjjdd.exe
2412	frfffll.exe
2648	xxllffx.exe
556	lflxrxf.exe
1648	rfllffl.exe
868	rfrlfff.exe
1436	rllfxxr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/632-0-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/632-6-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023ba4-4.dat	upx
behavioral2/files/0x000a000000023ba8-10.dat	upx
behavioral2/memory/4876-13-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4088-11-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-14.dat	upx
behavioral2/memory/1408-19-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023ba5-22.dat	upx
behavioral2/memory/3040-25-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023bab-28.dat	upx
behavioral2/files/0x000a000000023bac-33.dat	upx
behavioral2/memory/1712-35-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-38.dat	upx
behavioral2/memory/1632-41-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023bae-45.dat	upx
behavioral2/memory/860-47-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023baf-51.dat	upx
behavioral2/memory/812-55-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/1036-54-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000b000000023bb0-58.dat	upx
behavioral2/files/0x000a000000023bb8-63.dat	upx
behavioral2/memory/2968-65-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000e000000023bbf-69.dat	upx
behavioral2/files/0x0008000000023bc8-74.dat	upx
behavioral2/memory/2156-77-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0009000000023bcd-80.dat	upx
behavioral2/files/0x0009000000023bce-85.dat	upx
behavioral2/memory/3016-88-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0009000000023bcf-91.dat	upx
behavioral2/memory/3540-93-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x000e000000023bd3-98.dat	upx
behavioral2/memory/3564-100-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023bd5-103.dat	upx
behavioral2/memory/4060-105-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023bd8-109.dat	upx
behavioral2/memory/4984-111-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023bd9-115.dat	upx
behavioral2/memory/4760-117-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023bda-121.dat	upx
behavioral2/files/0x0008000000023bdb-126.dat	upx
behavioral2/memory/3936-128-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/1344-134-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023c0a-135.dat	upx
behavioral2/memory/4420-142-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3004-141-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023c0b-139.dat	upx
behavioral2/files/0x0008000000023c0c-145.dat	upx
behavioral2/files/0x0008000000023c0d-150.dat	upx
behavioral2/memory/5016-152-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023c0e-157.dat	upx
behavioral2/memory/5080-160-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4160-159-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0008000000023c0f-163.dat	upx
behavioral2/files/0x0008000000023c14-168.dat	upx
behavioral2/files/0x0008000000023c15-173.dat	upx
behavioral2/files/0x0008000000023c16-178.dat	upx
behavioral2/files/0x0008000000023c28-183.dat	upx
behavioral2/memory/3332-185-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2952-190-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4636-194-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4428-207-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3528-211-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/864-226-0x0000000000400000-0x0000000000427000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rllffll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xfxllrr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xflrflr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lrrrxrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbhbbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbnttn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vjjdv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tnnttn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xxlllfl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1llfxfl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vvvjd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tnbbtb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nttttb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xxxllrl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	thbhnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xrrffff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	htnhbb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lfffxxr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfrrlll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9dddv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tnnhhh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ppppp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vppvp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hbnnhh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9flfffx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vppvd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hhtbbt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tbbhhn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ddjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbbbtt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rrrxxrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	djppp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfllrfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ppppp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lflllxx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jjvpp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rrllflr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xrxxrxl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bhnnnh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfrlfff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	thbtnt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ffxffrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bhnnbn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9dddd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rxllflr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dvddd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rxxxxxf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fxxrllf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nbnnhn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hntnnh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lfffxxr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	frxxxxx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bnnbnb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xlllxrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bbttnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rlrxflf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ffxfxfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3xrlllf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lrlffrf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rrlrxll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rffxxfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jjvvd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hhnnnn.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 4088	632	0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe	83
PID 632 wrote to memory of 4088	632	0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe	83
PID 632 wrote to memory of 4088	632	0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe	83
PID 4088 wrote to memory of 4876	4088	hnbtbb.exe	84
PID 4088 wrote to memory of 4876	4088	hnbtbb.exe	84
PID 4088 wrote to memory of 4876	4088	hnbtbb.exe	84
PID 4876 wrote to memory of 1408	4876	hbnnhh.exe	85
PID 4876 wrote to memory of 1408	4876	hbnnhh.exe	85
PID 4876 wrote to memory of 1408	4876	hbnnhh.exe	85
PID 1408 wrote to memory of 3040	1408	3xllflr.exe	86
PID 1408 wrote to memory of 3040	1408	3xllflr.exe	86
PID 1408 wrote to memory of 3040	1408	3xllflr.exe	86
PID 3040 wrote to memory of 1712	3040	1nbtnn.exe	87
PID 3040 wrote to memory of 1712	3040	1nbtnn.exe	87
PID 3040 wrote to memory of 1712	3040	1nbtnn.exe	87
PID 1712 wrote to memory of 1632	1712	lrxrrrl.exe	88
PID 1712 wrote to memory of 1632	1712	lrxrrrl.exe	88
PID 1712 wrote to memory of 1632	1712	lrxrrrl.exe	88
PID 1632 wrote to memory of 860	1632	bhnnnn.exe	89
PID 1632 wrote to memory of 860	1632	bhnnnn.exe	89
PID 1632 wrote to memory of 860	1632	bhnnnn.exe	89
PID 860 wrote to memory of 1036	860	bhbthh.exe	90
PID 860 wrote to memory of 1036	860	bhbthh.exe	90
PID 860 wrote to memory of 1036	860	bhbthh.exe	90
PID 1036 wrote to memory of 812	1036	xxllxrf.exe	91
PID 1036 wrote to memory of 812	1036	xxllxrf.exe	91
PID 1036 wrote to memory of 812	1036	xxllxrf.exe	91
PID 812 wrote to memory of 2968	812	vdvvj.exe	92
PID 812 wrote to memory of 2968	812	vdvvj.exe	92
PID 812 wrote to memory of 2968	812	vdvvj.exe	92
PID 2968 wrote to memory of 4988	2968	jvjjd.exe	93
PID 2968 wrote to memory of 4988	2968	jvjjd.exe	93
PID 2968 wrote to memory of 4988	2968	jvjjd.exe	93
PID 4988 wrote to memory of 2156	4988	flrrlrr.exe	94
PID 4988 wrote to memory of 2156	4988	flrrlrr.exe	94
PID 4988 wrote to memory of 2156	4988	flrrlrr.exe	94
PID 2156 wrote to memory of 3112	2156	hhnnnn.exe	95
PID 2156 wrote to memory of 3112	2156	hhnnnn.exe	95
PID 2156 wrote to memory of 3112	2156	hhnnnn.exe	95
PID 3112 wrote to memory of 3016	3112	bbnbhh.exe	96
PID 3112 wrote to memory of 3016	3112	bbnbhh.exe	96
PID 3112 wrote to memory of 3016	3112	bbnbhh.exe	96
PID 3016 wrote to memory of 3540	3016	xrrffff.exe	97
PID 3016 wrote to memory of 3540	3016	xrrffff.exe	97
PID 3016 wrote to memory of 3540	3016	xrrffff.exe	97
PID 3540 wrote to memory of 3564	3540	jvppp.exe	98
PID 3540 wrote to memory of 3564	3540	jvppp.exe	98
PID 3540 wrote to memory of 3564	3540	jvppp.exe	98
PID 3564 wrote to memory of 4060	3564	htbtnt.exe	99
PID 3564 wrote to memory of 4060	3564	htbtnt.exe	99
PID 3564 wrote to memory of 4060	3564	htbtnt.exe	99
PID 4060 wrote to memory of 4984	4060	ntbbnn.exe	100
PID 4060 wrote to memory of 4984	4060	ntbbnn.exe	100
PID 4060 wrote to memory of 4984	4060	ntbbnn.exe	100
PID 4984 wrote to memory of 4760	4984	djvvd.exe	101
PID 4984 wrote to memory of 4760	4984	djvvd.exe	101
PID 4984 wrote to memory of 4760	4984	djvvd.exe	101
PID 4760 wrote to memory of 4300	4760	rrllffx.exe	102
PID 4760 wrote to memory of 4300	4760	rrllffx.exe	102
PID 4760 wrote to memory of 4300	4760	rrllffx.exe	102
PID 4300 wrote to memory of 3936	4300	tnbhbh.exe	103
PID 4300 wrote to memory of 3936	4300	tnbhbh.exe	103
PID 4300 wrote to memory of 3936	4300	tnbhbh.exe	103
PID 3936 wrote to memory of 1344	3936	lfrfxll.exe	104

C:\Users\Admin\AppData\Local\Temp\0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe
"C:\Users\Admin\AppData\Local\Temp\0a78ee83b6099a9e752a2c9f58c48f3d7ad34a92b4a2019eb50821eee327ee47.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:632
- \??\c:\hnbtbb.exe
  c:\hnbtbb.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4088
- - \??\c:\hbnnhh.exe
    c:\hbnnhh.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - \??\c:\3xllflr.exe
      c:\3xllflr.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1408
    - - \??\c:\1nbtnn.exe
        
        c:\1nbtnn.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3040
      - \??\c:\lrxrrrl.exe
        
        c:\lrxrrrl.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1712
        
        \??\c:\bhnnnn.exe
        
        c:\bhnnnn.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        \??\c:\bhbthh.exe
        
        c:\bhbthh.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:860
        
        \??\c:\xxllxrf.exe
        
        c:\xxllxrf.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1036
        
        \??\c:\vdvvj.exe
        
        c:\vdvvj.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:812
        
        \??\c:\jvjjd.exe
        
        c:\jvjjd.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        \??\c:\flrrlrr.exe
        
        c:\flrrlrr.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4988
        
        \??\c:\hhnnnn.exe
        
        c:\hhnnnn.exe
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2156
        
        \??\c:\bbnbhh.exe
        
        c:\bbnbhh.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3112
        
        \??\c:\xrrffff.exe
        
        c:\xrrffff.exe
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        \??\c:\jvppp.exe
        
        c:\jvppp.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3540
        
        \??\c:\htbtnt.exe
        
        c:\htbtnt.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3564
        
        \??\c:\ntbbnn.exe
        
        c:\ntbbnn.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4060
        
        \??\c:\djvvd.exe
        
        c:\djvvd.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4984
        
        \??\c:\rrllffx.exe
        
        c:\rrllffx.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4760
        
        \??\c:\tnbhbh.exe
        
        c:\tnbhbh.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4300
        
        \??\c:\lfrfxll.exe
        
        c:\lfrfxll.exe
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3936
        
        \??\c:\lllrlxx.exe
        
        c:\lllrlxx.exe
        23⤵
        Executes dropped EXE
        
        PID:1344
        
        \??\c:\rlllfll.exe
        
        c:\rlllfll.exe
        24⤵
        Executes dropped EXE
        
        PID:3004
        
        \??\c:\lrfffff.exe
        
        c:\lrfffff.exe
        25⤵
        Executes dropped EXE
        
        PID:4420
        
        \??\c:\vpvvv.exe
        
        c:\vpvvv.exe
        26⤵
        Executes dropped EXE
        
        PID:5016
        
        \??\c:\3bnnhn.exe
        
        c:\3bnnhn.exe
        27⤵
        Executes dropped EXE
        
        PID:4160
        
        \??\c:\thbtnt.exe
        
        c:\thbtnt.exe
        28⤵
        Executes dropped EXE
        
        PID:5080
        
        \??\c:\jpjjj.exe
        
        c:\jpjjj.exe
        29⤵
        Executes dropped EXE
        
        PID:3272
        
        \??\c:\lfffrfl.exe
        
        c:\lfffrfl.exe
        30⤵
        Executes dropped EXE
        
        PID:2704
        
        \??\c:\pjpvj.exe
        
        c:\pjpvj.exe
        31⤵
        Executes dropped EXE
        
        PID:2512
        
        \??\c:\7jvvp.exe
        
        c:\7jvvp.exe
        32⤵
        Executes dropped EXE
        
        PID:3332
        
        \??\c:\hntnnt.exe
        
        c:\hntnnt.exe
        33⤵
        Executes dropped EXE
        
        PID:2952
        
        \??\c:\9dppp.exe
        
        c:\9dppp.exe
        34⤵
        Executes dropped EXE
        
        PID:4636
        
        \??\c:\tbnbtt.exe
        
        c:\tbnbtt.exe
        35⤵
        Executes dropped EXE
        
        PID:2912
        
        \??\c:\bnbbhh.exe
        
        c:\bnbbhh.exe
        36⤵
        Executes dropped EXE
        
        PID:3748
        
        \??\c:\bbnnnh.exe
        
        c:\bbnnnh.exe
        37⤵
        Executes dropped EXE
        
        PID:4388
        
        \??\c:\nbbbtt.exe
        
        c:\nbbbtt.exe
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4428
        
        \??\c:\vppjd.exe
        
        c:\vppjd.exe
        39⤵
        Executes dropped EXE
        
        PID:3528
        
        \??\c:\jpvvv.exe
        
        c:\jpvvv.exe
        40⤵
        Executes dropped EXE
        
        PID:3256
        
        \??\c:\vdddd.exe
        
        c:\vdddd.exe
        41⤵
        Executes dropped EXE
        
        PID:468
        
        \??\c:\vvpdj.exe
        
        c:\vvpdj.exe
        42⤵
        Executes dropped EXE
        
        PID:1916
        
        \??\c:\dvdjd.exe
        
        c:\dvdjd.exe
        43⤵
        Executes dropped EXE
        
        PID:2844
        
        \??\c:\ddjvd.exe
        
        c:\ddjvd.exe
        44⤵
        Executes dropped EXE
        
        PID:864
        
        \??\c:\vdpdp.exe
        
        c:\vdpdp.exe
        45⤵
        Executes dropped EXE
        
        PID:724
        
        \??\c:\bbntbt.exe
        
        c:\bbntbt.exe
        46⤵
        Executes dropped EXE
        
        PID:3740
        
        \??\c:\hhtnbh.exe
        
        c:\hhtnbh.exe
        47⤵
        Executes dropped EXE
        
        PID:2192
        
        \??\c:\ntnbtn.exe
        
        c:\ntnbtn.exe
        48⤵
        Executes dropped EXE
        
        PID:3944
        
        \??\c:\bbhnnt.exe
        
        c:\bbhnnt.exe
        49⤵
        Executes dropped EXE
        
        PID:4336
        
        \??\c:\nbhnnn.exe
        
        c:\nbhnnn.exe
        50⤵
        Executes dropped EXE
        
        PID:4840
        
        \??\c:\nnhhnt.exe
        
        c:\nnhhnt.exe
        51⤵
        Executes dropped EXE
        
        PID:1096
        
        \??\c:\btbbtn.exe
        
        c:\btbbtn.exe
        52⤵
        Executes dropped EXE
        
        PID:3708
        
        \??\c:\hbhnnn.exe
        
        c:\hbhnnn.exe
        53⤵
        Executes dropped EXE
        
        PID:2188
        
        \??\c:\bnnhbh.exe
        
        c:\bnnhbh.exe
        54⤵
        Executes dropped EXE
        
        PID:4708
        
        \??\c:\nnhhhh.exe
        
        c:\nnhhhh.exe
        55⤵
        Executes dropped EXE
        
        PID:4496
        
        \??\c:\hbbbbt.exe
        
        c:\hbbbbt.exe
        56⤵
        Executes dropped EXE
        
        PID:1560
        
        \??\c:\tnnnnn.exe
        
        c:\tnnnnn.exe
        57⤵
        Executes dropped EXE
        
        PID:3352
        
        \??\c:\hbnntb.exe
        
        c:\hbnntb.exe
        58⤵
        Executes dropped EXE
        
        PID:3208
        
        \??\c:\vjjdd.exe
        
        c:\vjjdd.exe
        59⤵
        Executes dropped EXE
        
        PID:1304
        
        \??\c:\frfffll.exe
        
        c:\frfffll.exe
        60⤵
        Executes dropped EXE
        
        PID:2412
        
        \??\c:\xxllffx.exe
        
        c:\xxllffx.exe
        61⤵
        Executes dropped EXE
        
        PID:2648
        
        \??\c:\lflxrxf.exe
        
        c:\lflxrxf.exe
        62⤵
        Executes dropped EXE
        
        PID:556
        
        \??\c:\rfllffl.exe
        
        c:\rfllffl.exe
        63⤵
        Executes dropped EXE
        
        PID:1648
        
        \??\c:\rfrlfff.exe
        
        c:\rfrlfff.exe
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:868
        
        \??\c:\rllfxxr.exe
        
        c:\rllfxxr.exe
        65⤵
        Executes dropped EXE
        
        PID:1436
        
        \??\c:\rrllflx.exe
        
        c:\rrllflx.exe
        66⤵
        
        PID:3564
        
        \??\c:\frllrrx.exe
        
        c:\frllrrx.exe
        67⤵
        
        PID:3832
        
        \??\c:\xrfffll.exe
        
        c:\xrfffll.exe
        68⤵
        
        PID:5116
        
        \??\c:\nnnnhb.exe
        
        c:\nnnnhb.exe
        69⤵
        
        PID:4816
        
        \??\c:\hhnnhh.exe
        
        c:\hhnnhh.exe
        70⤵
        
        PID:3440
        
        \??\c:\xrflrrf.exe
        
        c:\xrflrrf.exe
        71⤵
        
        PID:3132
        
        \??\c:\htnhbb.exe
        
        c:\htnhbb.exe
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:672
        
        \??\c:\tbtbtb.exe
        
        c:\tbtbtb.exe
        73⤵
        
        PID:2084
        
        \??\c:\nbbbth.exe
        
        c:\nbbbth.exe
        74⤵
        
        PID:2628
        
        \??\c:\9bnhnt.exe
        
        c:\9bnhnt.exe
        75⤵
        
        PID:1396
        
        \??\c:\nnnbbh.exe
        
        c:\nnnbbh.exe
        76⤵
        
        PID:1348
        
        \??\c:\ntnnnt.exe
        
        c:\ntnnnt.exe
        77⤵
        
        PID:3024
        
        \??\c:\bhntbh.exe
        
        c:\bhntbh.exe
        78⤵
        
        PID:4956
        
        \??\c:\hbnnhh.exe
        
        c:\hbnnhh.exe
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
        
        \??\c:\thhbhn.exe
        
        c:\thhbhn.exe
        80⤵
        
        PID:4224
        
        \??\c:\btbttn.exe
        
        c:\btbttn.exe
        81⤵
        
        PID:368
        
        \??\c:\9dddv.exe
        
        c:\9dddv.exe
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        \??\c:\djddj.exe
        
        c:\djddj.exe
        83⤵
        
        PID:4936
        
        \??\c:\pjdvv.exe
        
        c:\pjdvv.exe
        84⤵
        
        PID:1768
        
        \??\c:\jjddd.exe
        
        c:\jjddd.exe
        85⤵
        
        PID:2052
        
        \??\c:\ppjjp.exe
        
        c:\ppjjp.exe
        86⤵
        
        PID:952
        
        \??\c:\vjpjd.exe
        
        c:\vjpjd.exe
        87⤵
        
        PID:5072
        
        \??\c:\jvpjj.exe
        
        c:\jvpjj.exe
        88⤵
        
        PID:2132
        
        \??\c:\jdppv.exe
        
        c:\jdppv.exe
        89⤵
        
        PID:4716
        
        \??\c:\rllffff.exe
        
        c:\rllffff.exe
        90⤵
        
        PID:4388
        
        \??\c:\xllrrrr.exe
        
        c:\xllrrrr.exe
        91⤵
        
        PID:4144
        
        \??\c:\llrllll.exe
        
        c:\llrllll.exe
        92⤵
        
        PID:1656
        
        \??\c:\xxfffll.exe
        
        c:\xxfffll.exe
        93⤵
        
        PID:4576
        
        \??\c:\1lrrxfl.exe
        
        c:\1lrrxfl.exe
        94⤵
        
        PID:3904
        
        \??\c:\lrlllrx.exe
        
        c:\lrlllrx.exe
        95⤵
        
        PID:3092
        
        \??\c:\rfrrffl.exe
        
        c:\rfrrffl.exe
        96⤵
        
        PID:2196
        
        \??\c:\ntbbbb.exe
        
        c:\ntbbbb.exe
        97⤵
        
        PID:3020
        
        \??\c:\nnhhnt.exe
        
        c:\nnhhnt.exe
        98⤵
        
        PID:1752
        
        \??\c:\lxrlffx.exe
        
        c:\lxrlffx.exe
        99⤵
        
        PID:3952
        
        \??\c:\hnnnnt.exe
        
        c:\hnnnnt.exe
        100⤵
        
        PID:624
        
        \??\c:\hnbnhb.exe
        
        c:\hnbnhb.exe
        101⤵
        
        PID:3620
        
        \??\c:\5bnhbb.exe
        
        c:\5bnhbb.exe
        102⤵
        
        PID:3868
        
        \??\c:\btnntb.exe
        
        c:\btnntb.exe
        103⤵
        
        PID:3040
        
        \??\c:\hbhhnn.exe
        
        c:\hbhhnn.exe
        104⤵
        
        PID:3328
        
        \??\c:\xffffrr.exe
        
        c:\xffffrr.exe
        105⤵
        
        PID:4068
        
        \??\c:\rxffrxx.exe
        
        c:\rxffrxx.exe
        106⤵
        
        PID:2640
        
        \??\c:\frxflrr.exe
        
        c:\frxflrr.exe
        107⤵
        
        PID:2072
        
        \??\c:\llrxllr.exe
        
        c:\llrxllr.exe
        108⤵
        
        PID:4400
        
        \??\c:\9hnhnn.exe
        
        c:\9hnhnn.exe
        109⤵
        
        PID:2932
        
        \??\c:\bhtthn.exe
        
        c:\bhtthn.exe
        110⤵
        
        PID:3448
        
        \??\c:\tbnhhb.exe
        
        c:\tbnhhb.exe
        111⤵
        
        PID:1976
        
        \??\c:\nhttbb.exe
        
        c:\nhttbb.exe
        112⤵
        
        PID:1172
        
        \??\c:\thhnhn.exe
        
        c:\thhnhn.exe
        113⤵
        
        PID:644
        
        \??\c:\1tttnt.exe
        
        c:\1tttnt.exe
        114⤵
        
        PID:3128
        
        \??\c:\thnnbt.exe
        
        c:\thnnbt.exe
        115⤵
        
        PID:1224
        
        \??\c:\thbtnt.exe
        
        c:\thbtnt.exe
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        \??\c:\nhtnnh.exe
        
        c:\nhtnnh.exe
        117⤵
        
        PID:4816
        
        \??\c:\rffrlxx.exe
        
        c:\rffrlxx.exe
        118⤵
        
        PID:4300
        
        \??\c:\rlrllff.exe
        
        c:\rlrllff.exe
        119⤵
        
        PID:3132
        
        \??\c:\5frrlrr.exe
        
        c:\5frrlrr.exe
        120⤵
        
        PID:4712
        
        \??\c:\hhnnhb.exe
        
        c:\hhnnhb.exe
        121⤵
        
        PID:2792
        
        \??\c:\rllrllr.exe
        
        c:\rllrllr.exe
        122⤵
        
        PID:1520
        
        \??\c:\rlxrxrr.exe
        
        c:\rlxrxrr.exe
        123⤵
        
        PID:3688
        
        \??\c:\ffxlfff.exe
        
        c:\ffxlfff.exe
        124⤵
        
        PID:1636
        
        \??\c:\frffflf.exe
        
        c:\frffflf.exe
        125⤵
        
        PID:4168
        
        \??\c:\dvjpd.exe
        
        c:\dvjpd.exe
        126⤵
        
        PID:3412
        
        \??\c:\1jjdd.exe
        
        c:\1jjdd.exe
        127⤵
        
        PID:4812
        
        \??\c:\vvvjd.exe
        
        c:\vvvjd.exe
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        \??\c:\9djdj.exe
        
        c:\9djdj.exe
        129⤵
        
        PID:1260
        
        \??\c:\bhbtbb.exe
        
        c:\bhbtbb.exe
        130⤵
        
        PID:2208
        
        \??\c:\ddpjd.exe
        
        c:\ddpjd.exe
        131⤵
        
        PID:944
        
        \??\c:\nbhbbb.exe
        
        c:\nbhbbb.exe
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        \??\c:\bthhhb.exe
        
        c:\bthhhb.exe
        133⤵
        
        PID:2952
        
        \??\c:\httthn.exe
        
        c:\httthn.exe
        134⤵
        
        PID:2052
        
        \??\c:\ttbtbh.exe
        
        c:\ttbtbh.exe
        135⤵
        
        PID:780
        
        \??\c:\nbtttb.exe
        
        c:\nbtttb.exe
        136⤵
        
        PID:2912
        
        \??\c:\tntthb.exe
        
        c:\tntthb.exe
        137⤵
        
        PID:3000
        
        \??\c:\thtnnn.exe
        
        c:\thtnnn.exe
        138⤵
        
        PID:4716
        
        \??\c:\nbnttn.exe
        
        c:\nbnttn.exe
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        \??\c:\nhnnnn.exe
        
        c:\nhnnnn.exe
        140⤵
        
        PID:3256
        
        \??\c:\nhttbh.exe
        
        c:\nhttbh.exe
        141⤵
        
        PID:3140
        
        \??\c:\bhnhhn.exe
        
        c:\bhnhhn.exe
        142⤵
        
        PID:1988
        
        \??\c:\3hhhbb.exe
        
        c:\3hhhbb.exe
        143⤵
        
        PID:3940
        
        \??\c:\rrrrrxx.exe
        
        c:\rrrrrxx.exe
        144⤵
        
        PID:4012
        
        \??\c:\llllffl.exe
        
        c:\llllffl.exe
        145⤵
        
        PID:2888
        
        \??\c:\lfrlllx.exe
        
        c:\lfrlllx.exe
        146⤵
        
        PID:3548
        
        \??\c:\fxxrllf.exe
        
        c:\fxxrllf.exe
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        \??\c:\lfffxxr.exe
        
        c:\lfffxxr.exe
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
        
        \??\c:\5ntnhh.exe
        
        c:\5ntnhh.exe
        149⤵
        
        PID:4536
        
        \??\c:\lllfffl.exe
        
        c:\lllfffl.exe
        150⤵
        
        PID:4088
        
        \??\c:\xlrrlrl.exe
        
        c:\xlrrlrl.exe
        151⤵
        
        PID:4592
        
        \??\c:\rfrrlll.exe
        
        c:\rfrrlll.exe
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        \??\c:\xrffxff.exe
        
        c:\xrffxff.exe
        153⤵
        
        PID:1320
        
        \??\c:\5rfxffr.exe
        
        c:\5rfxffr.exe
        154⤵
        
        PID:1476
        
        \??\c:\rlxrlrx.exe
        
        c:\rlxrlrx.exe
        155⤵
        
        PID:1772
        
        \??\c:\fflxfff.exe
        
        c:\fflxfff.exe
        156⤵
        
        PID:4072
        
        \??\c:\5lrrlxx.exe
        
        c:\5lrrlxx.exe
        157⤵
        
        PID:2416
        
        \??\c:\9dvvp.exe
        
        c:\9dvvp.exe
        158⤵
        
        PID:1936
        
        \??\c:\jvddd.exe
        
        c:\jvddd.exe
        159⤵
        
        PID:2648
        
        \??\c:\xrrlrrx.exe
        
        c:\xrrlrrx.exe
        160⤵
        
        PID:5064
        
        \??\c:\rrrrxfl.exe
        
        c:\rrrrxfl.exe
        161⤵
        
        PID:4516
        
        \??\c:\xxrxfff.exe
        
        c:\xxrxfff.exe
        162⤵
        
        PID:2176
        
        \??\c:\lrllrrl.exe
        
        c:\lrllrrl.exe
        163⤵
        
        PID:3500
        
        \??\c:\xrxxxff.exe
        
        c:\xrxxxff.exe
        164⤵
        
        PID:2684
        
        \??\c:\pvvvv.exe
        
        c:\pvvvv.exe
        165⤵
        
        PID:1040
        
        \??\c:\ppjpj.exe
        
        c:\ppjpj.exe
        166⤵
        
        PID:1012
        
        \??\c:\5rfflrr.exe
        
        c:\5rfflrr.exe
        167⤵
        
        PID:440
        
        \??\c:\xrxxxxx.exe
        
        c:\xrxxxxx.exe
        168⤵
        
        PID:2808
        
        \??\c:\frrrrfx.exe
        
        c:\frrrrfx.exe
        169⤵
        
        PID:1312
        
        \??\c:\fxllflf.exe
        
        c:\fxllflf.exe
        170⤵
        
        PID:4784
        
        \??\c:\frlxflx.exe
        
        c:\frlxflx.exe
        171⤵
        
        PID:4128
        
        \??\c:\xxlllll.exe
        
        c:\xxlllll.exe
        172⤵
        
        PID:3024
        
        \??\c:\rlllflf.exe
        
        c:\rlllflf.exe
        173⤵
        
        PID:3932
        
        \??\c:\rfrrlxl.exe
        
        c:\rfrrlxl.exe
        174⤵
        
        PID:3924
        
        \??\c:\lffllrr.exe
        
        c:\lffllrr.exe
        175⤵
        
        PID:3532
        
        \??\c:\lrrrrxr.exe
        
        c:\lrrrrxr.exe
        176⤵
        
        PID:2724
        
        \??\c:\flrrfrr.exe
        
        c:\flrrfrr.exe
        177⤵
        
        PID:684
        
        \??\c:\rlxffff.exe
        
        c:\rlxffff.exe
        178⤵
        
        PID:4224
        
        \??\c:\xllfxrl.exe
        
        c:\xllfxrl.exe
        179⤵
        
        PID:368
        
        \??\c:\ppppp.exe
        
        c:\ppppp.exe
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        \??\c:\9dddd.exe
        
        c:\9dddd.exe
        181⤵
        
        PID:4416
        
        \??\c:\3djdd.exe
        
        c:\3djdd.exe
        182⤵
        
        PID:3652
        
        \??\c:\jpppj.exe
        
        c:\jpppj.exe
        183⤵
        
        PID:3664
        
        \??\c:\djppp.exe
        
        c:\djppp.exe
        184⤵
        
        PID:1840
        
        \??\c:\vddpp.exe
        
        c:\vddpp.exe
        185⤵
        
        PID:4636
        
        \??\c:\hthhtt.exe
        
        c:\hthhtt.exe
        186⤵
        
        PID:2216
        
        \??\c:\hhbthb.exe
        
        c:\hhbthb.exe
        187⤵
        
        PID:1340
        
        \??\c:\tbhnhb.exe
        
        c:\tbhnhb.exe
        188⤵
        
        PID:4388
        
        \??\c:\3ntnhb.exe
        
        c:\3ntnhb.exe
        189⤵
        
        PID:3096
        
        \??\c:\tnbbtb.exe
        
        c:\tnbbtb.exe
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
        
        \??\c:\hnnnhn.exe
        
        c:\hnnnhn.exe
        191⤵
        
        PID:3808
        
        \??\c:\nbnnhn.exe
        
        c:\nbnnhn.exe
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        \??\c:\nhbntb.exe
        
        c:\nhbntb.exe
        193⤵
        
        PID:2844
        
        \??\c:\thnbbb.exe
        
        c:\thnbbb.exe
        194⤵
        
        PID:3204
        
        \??\c:\hbttnt.exe
        
        c:\hbttnt.exe
        195⤵
        
        PID:2276
        
        \??\c:\bnhtnn.exe
        
        c:\bnhtnn.exe
        196⤵
        
        PID:968
        
        \??\c:\htbttt.exe
        
        c:\htbttt.exe
        197⤵
        
        PID:2948
        
        \??\c:\tthbtt.exe
        
        c:\tthbtt.exe
        198⤵
        
        PID:2472
        
        \??\c:\bthhhn.exe
        
        c:\bthhhn.exe
        199⤵
        
        PID:2556
        
        \??\c:\ffllllr.exe
        
        c:\ffllllr.exe
        200⤵
        
        PID:4496
        
        \??\c:\rlllflf.exe
        
        c:\rlllflf.exe
        201⤵
        
        PID:3240
        
        \??\c:\jdjdj.exe
        
        c:\jdjdj.exe
        202⤵
        
        PID:3040
        
        \??\c:\xxffffx.exe
        
        c:\xxffffx.exe
        203⤵
        
        PID:540
        
        \??\c:\7xfffxx.exe
        
        c:\7xfffxx.exe
        204⤵
        
        PID:2292
        
        \??\c:\jpddd.exe
        
        c:\jpddd.exe
        205⤵
        
        PID:2156
        
        \??\c:\ddddv.exe
        
        c:\ddddv.exe
        206⤵
        
        PID:2240
        
        \??\c:\jvvpp.exe
        
        c:\jvvpp.exe
        207⤵
        
        PID:3112
        
        \??\c:\vdpjp.exe
        
        c:\vdpjp.exe
        208⤵
        
        PID:4620
        
        \??\c:\ppdvv.exe
        
        c:\ppdvv.exe
        209⤵
        
        PID:5064
        
        \??\c:\nhttth.exe
        
        c:\nhttth.exe
        210⤵
        
        PID:2256
        
        \??\c:\nttnhh.exe
        
        c:\nttnhh.exe
        211⤵
        
        PID:1852
        
        \??\c:\nnnhbb.exe
        
        c:\nnnhbb.exe
        212⤵
        
        PID:3832
        
        \??\c:\nhntnt.exe
        
        c:\nhntnt.exe
        213⤵
        
        PID:4984
        
        \??\c:\jjvdv.exe
        
        c:\jjvdv.exe
        214⤵
        
        PID:5116
        
        \??\c:\rlflrxf.exe
        
        c:\rlflrxf.exe
        215⤵
        
        PID:4228
        
        \??\c:\lrxxxxx.exe
        
        c:\lrxxxxx.exe
        216⤵
        
        PID:2360
        
        \??\c:\xxxxxxx.exe
        
        c:\xxxxxxx.exe
        217⤵
        
        PID:2120
        
        \??\c:\rrlfxxr.exe
        
        c:\rrlfxxr.exe
        218⤵
        
        PID:4980
        
        \??\c:\7rxffxf.exe
        
        c:\7rxffxf.exe
        219⤵
        
        PID:3028
        
        \??\c:\xflllrr.exe
        
        c:\xflllrr.exe
        220⤵
        
        PID:1396
        
        \??\c:\vdjjj.exe
        
        c:\vdjjj.exe
        221⤵
        
        PID:4120
        
        \??\c:\llfllrx.exe
        
        c:\llfllrx.exe
        222⤵
        
        PID:4600
        
        \??\c:\lrlrfff.exe
        
        c:\lrlrfff.exe
        223⤵
        
        PID:1820
        
        \??\c:\rrfrrff.exe
        
        c:\rrfrrff.exe
        224⤵
        
        PID:1328
        
        \??\c:\fxffrrf.exe
        
        c:\fxffrrf.exe
        225⤵
        
        PID:2204
        
        \??\c:\llfxllx.exe
        
        c:\llfxllx.exe
        226⤵
        
        PID:3136
        
        \??\c:\xrllrll.exe
        
        c:\xrllrll.exe
        227⤵
        
        PID:3412
        
        \??\c:\llrxrxl.exe
        
        c:\llrxrxl.exe
        228⤵
        
        PID:2328
        
        \??\c:\hhbttb.exe
        
        c:\hhbttb.exe
        229⤵
        
        PID:1260
        
        \??\c:\1rlllrr.exe
        
        c:\1rlllrr.exe
        230⤵
        
        PID:3048
        
        \??\c:\rfxrllf.exe
        
        c:\rfxrllf.exe
        231⤵
        
        PID:2208
        
        \??\c:\xflxrll.exe
        
        c:\xflxrll.exe
        232⤵
        
        PID:944
        
        \??\c:\rflffff.exe
        
        c:\rflffff.exe
        233⤵
        
        PID:2952
        
        \??\c:\xflffff.exe
        
        c:\xflffff.exe
        234⤵
        
        PID:2052
        
        \??\c:\rrllrfl.exe
        
        c:\rrllrfl.exe
        235⤵
        
        PID:4248
        
        \??\c:\7fxxrrr.exe
        
        c:\7fxxrrr.exe
        236⤵
        
        PID:4124
        
        \??\c:\llrllll.exe
        
        c:\llrllll.exe
        237⤵
        
        PID:3444
        
        \??\c:\xxxlrfl.exe
        
        c:\xxxlrfl.exe
        238⤵
        
        PID:4860
        
        \??\c:\ttthhh.exe
        
        c:\ttthhh.exe
        239⤵
        
        PID:4144
        
        \??\c:\bthhtb.exe
        
        c:\bthhtb.exe
        240⤵
        
        PID:4136
        
        \??\c:\xlrrlxr.exe
        
        c:\xlrrlxr.exe
        241⤵
        
        PID:3972
        
        \??\c:\xllrfff.exe
        
        c:\xllrfff.exe
        242⤵
        
        PID:3400
        
        \??\c:\rlrxxxf.exe
        
        c:\rlrxxxf.exe
        243⤵
        
        PID:3904
        
        \??\c:\xrfffxf.exe
        
        c:\xrfffxf.exe
        244⤵
        
        PID:2332
        
        \??\c:\hhtnhb.exe
        
        c:\hhtnhb.exe
        245⤵
        
        PID:2888
        
        \??\c:\bbhhbb.exe
        
        c:\bbhhbb.exe
        246⤵
        
        PID:2844
        
        \??\c:\7nhbtt.exe
        
        c:\7nhbtt.exe
        247⤵
        
        PID:3204
        
        \??\c:\htbtht.exe
        
        c:\htbtht.exe
        248⤵
        
        PID:4280
        
        \??\c:\bthbhh.exe
        
        c:\bthbhh.exe
        249⤵
        
        PID:968
        
        \??\c:\lrxrllf.exe
        
        c:\lrxrllf.exe
        250⤵
        
        PID:2948
        
        \??\c:\1thbtt.exe
        
        c:\1thbtt.exe
        251⤵
        
        PID:1964
        
        \??\c:\tthhhh.exe
        
        c:\tthhhh.exe
        252⤵
        
        PID:3020
        
        \??\c:\thttnn.exe
        
        c:\thttnn.exe
        253⤵
        
        PID:3600
        
        \??\c:\tnbttt.exe
        
        c:\tnbttt.exe
        254⤵
        
        PID:1460
        
        \??\c:\9hhhbb.exe
        
        c:\9hhhbb.exe
        255⤵
        
        PID:1188
        
        \??\c:\nttttb.exe
        
        c:\nttttb.exe
        256⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        \??\c:\ffllfrr.exe
        
        c:\ffllfrr.exe
        257⤵
        
        PID:1844
        
        \??\c:\rlrlfff.exe
        
        c:\rlrlfff.exe
        258⤵
        
        PID:1408
        
        \??\c:\flrrllr.exe
        
        c:\flrrllr.exe
        259⤵
        
        PID:1304
        
        \??\c:\lrlffll.exe
        
        c:\lrlffll.exe
        260⤵
        
        PID:3616
        
        \??\c:\tnhhtt.exe
        
        c:\tnhhtt.exe
        261⤵
        
        PID:452
        
        \??\c:\xlxrrrr.exe
        
        c:\xlxrrrr.exe
        262⤵
        
        PID:4516
        
        \??\c:\ffffxxf.exe
        
        c:\ffffxxf.exe
        263⤵
        
        PID:4068
        
        \??\c:\ttnnhh.exe
        
        c:\ttnnhh.exe
        264⤵
        
        PID:3564
        
        \??\c:\hbhbbb.exe
        
        c:\hbhbbb.exe
        265⤵
        
        PID:644
        
        \??\c:\rffllrf.exe
        
        c:\rffllrf.exe
        266⤵
        
        PID:3912
        
        \??\c:\llfxlrl.exe
        
        c:\llfxlrl.exe
        267⤵
        
        PID:1040
        
        \??\c:\rfxfffx.exe
        
        c:\rfxfffx.exe
        268⤵
        
        PID:4112
        
        \??\c:\hnntnb.exe
        
        c:\hnntnb.exe
        269⤵
        
        PID:2808
        
        \??\c:\5nnnhh.exe
        
        c:\5nnnhh.exe
        270⤵
        
        PID:1756
        
        \??\c:\hnhhtt.exe
        
        c:\hnhhtt.exe
        271⤵
        
        PID:2120
        
        \??\c:\hnbbnn.exe
        
        c:\hnbbnn.exe
        272⤵
        
        PID:4980
        
        \??\c:\ntbbbb.exe
        
        c:\ntbbbb.exe
        273⤵
        
        PID:4432
        
        \??\c:\bnhbbb.exe
        
        c:\bnhbbb.exe
        274⤵
        
        PID:1928
        
        \??\c:\tthhbt.exe
        
        c:\tthhbt.exe
        275⤵
        
        PID:456
        
        \??\c:\bhtntt.exe
        
        c:\bhtntt.exe
        276⤵
        
        PID:4600
        
        \??\c:\ntnhhn.exe
        
        c:\ntnhhn.exe
        277⤵
        
        PID:1820
        
        \??\c:\nbhhhh.exe
        
        c:\nbhhhh.exe
        278⤵
        
        PID:1328
        
        \??\c:\hbbhnn.exe
        
        c:\hbbhnn.exe
        279⤵
        
        PID:4108
        
        \??\c:\tbtnhh.exe
        
        c:\tbtnhh.exe
        280⤵
        
        PID:3136
        
        \??\c:\dpjdj.exe
        
        c:\dpjdj.exe
        281⤵
        
        PID:5016
        
        \??\c:\1jvpp.exe
        
        c:\1jvpp.exe
        282⤵
        
        PID:3332
        
        \??\c:\jvvpp.exe
        
        c:\jvvpp.exe
        283⤵
        
        PID:4936
        
        \??\c:\tnnhhh.exe
        
        c:\tnnhhh.exe
        284⤵
        System Location Discovery: System Language Discovery
        
        PID:116
        
        \??\c:\thbbbb.exe
        
        c:\thbbbb.exe
        285⤵
        
        PID:4416
        
        \??\c:\nhnttn.exe
        
        c:\nhnttn.exe
        286⤵
        
        PID:2300
        
        \??\c:\bnnhhh.exe
        
        c:\bnnhhh.exe
        287⤵
        
        PID:3748
        
        \??\c:\nnbttt.exe
        
        c:\nnbttt.exe
        288⤵
        
        PID:780
        
        \??\c:\hbtttb.exe
        
        c:\hbtttb.exe
        289⤵
        
        PID:884
        
        \??\c:\pdvpj.exe
        
        c:\pdvpj.exe
        290⤵
        
        PID:3144
        
        \??\c:\pvvvp.exe
        
        c:\pvvvp.exe
        291⤵
        
        PID:4716
        
        \??\c:\xxxllrl.exe
        
        c:\xxxllrl.exe
        292⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        \??\c:\xllrlll.exe
        
        c:\xllrlll.exe
        293⤵
        
        PID:3520
        
        \??\c:\lxlrfxx.exe
        
        c:\lxlrfxx.exe
        294⤵
        
        PID:3096
        
        \??\c:\lfrxfrx.exe
        
        c:\lfrxfrx.exe
        295⤵
        
        PID:3808
        
        \??\c:\vpdvv.exe
        
        c:\vpdvv.exe
        296⤵
        
        PID:4656
        
        \??\c:\vvppv.exe
        
        c:\vvppv.exe
        297⤵
        
        PID:4712
        
        \??\c:\vjvdj.exe
        
        c:\vjvdj.exe
        298⤵
        
        PID:640
        
        \??\c:\djjjp.exe
        
        c:\djjjp.exe
        299⤵
        
        PID:1688
        
        \??\c:\dddjd.exe
        
        c:\dddjd.exe
        300⤵
        
        PID:724
        
        \??\c:\bnhbbb.exe
        
        c:\bnhbbb.exe
        301⤵
        
        PID:2904
        
        \??\c:\hbttnn.exe
        
        c:\hbttnn.exe
        302⤵
        
        PID:2276
        
        \??\c:\vjjdv.exe
        
        c:\vjjdv.exe
        303⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        \??\c:\1jddd.exe
        
        c:\1jddd.exe
        304⤵
        
        PID:968
        
        \??\c:\jjjjd.exe
        
        c:\jjjjd.exe
        305⤵
        
        PID:2472
        
        \??\c:\dvjjj.exe
        
        c:\dvjjj.exe
        306⤵
        
        PID:1560
        
        \??\c:\pjvvp.exe
        
        c:\pjvvp.exe
        307⤵
        
        PID:4532
        
        \??\c:\lrfffrl.exe
        
        c:\lrfffrl.exe
        308⤵
        
        PID:1320
        
        \??\c:\xxfflll.exe
        
        c:\xxfflll.exe
        309⤵
        
        PID:1460
        
        \??\c:\rrrxxrx.exe
        
        c:\rrrxxrx.exe
        310⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        \??\c:\llflxrl.exe
        
        c:\llflxrl.exe
        311⤵
        
        PID:4908
        
        \??\c:\rxffxxf.exe
        
        c:\rxffxxf.exe
        312⤵
        
        PID:1844
        
        \??\c:\rlxxxrr.exe
        
        c:\rlxxxrr.exe
        313⤵
        
        PID:1936
        
        \??\c:\rrrrxxl.exe
        
        c:\rrrrxxl.exe
        314⤵
        
        PID:1792
        
        \??\c:\lflfffl.exe
        
        c:\lflfffl.exe
        315⤵
        
        PID:3616
        
        \??\c:\xrxxlrr.exe
        
        c:\xrxxlrr.exe
        316⤵
        
        PID:452
        
        \??\c:\9lxxlll.exe
        
        c:\9lxxlll.exe
        317⤵
        
        PID:4516
        
        \??\c:\lfllxxr.exe
        
        c:\lfllxxr.exe
        318⤵
        
        PID:1852
        
        \??\c:\flrxrrf.exe
        
        c:\flrxrrf.exe
        319⤵
        
        PID:4060
        
        \??\c:\rllfrxl.exe
        
        c:\rllfrxl.exe
        320⤵
        
        PID:2236
        
        \??\c:\xflfflf.exe
        
        c:\xflfflf.exe
        321⤵
        
        PID:3844
        
        \??\c:\7jdjv.exe
        
        c:\7jdjv.exe
        322⤵
        
        PID:4064
        
        \??\c:\vpdvv.exe
        
        c:\vpdvv.exe
        323⤵
        
        PID:2360
        
        \??\c:\7djjp.exe
        
        c:\7djjp.exe
        324⤵
        
        PID:1312
        
        \??\c:\ppppp.exe
        
        c:\ppppp.exe
        325⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        \??\c:\jjvvp.exe
        
        c:\jjvvp.exe
        326⤵
        
        PID:3688
        
        \??\c:\pvjvp.exe
        
        c:\pvjvp.exe
        327⤵
        
        PID:4324
        
        \??\c:\vpjdj.exe
        
        c:\vpjdj.exe
        328⤵
        
        PID:2964
        
        \??\c:\ttttnn.exe
        
        c:\ttttnn.exe
        329⤵
        
        PID:1640
        
        \??\c:\tnnnhh.exe
        
        c:\tnnnhh.exe
        330⤵
        
        PID:2988
        
        \??\c:\nthbbb.exe
        
        c:\nthbbb.exe
        331⤵
        
        PID:3168
        
        \??\c:\thnnhh.exe
        
        c:\thnnhh.exe
        332⤵
        
        PID:3516
        
        \??\c:\nhtnhh.exe
        
        c:\nhtnhh.exe
        333⤵
        
        PID:1212
        
        \??\c:\nhnnhh.exe
        
        c:\nhnnhh.exe
        334⤵
        
        PID:3928
        
        \??\c:\tntnnn.exe
        
        c:\tntnnn.exe
        335⤵
        
        PID:4812
        
        \??\c:\nbbttn.exe
        
        c:\nbbttn.exe
        336⤵
        
        PID:1100
        
        \??\c:\thttnn.exe
        
        c:\thttnn.exe
        337⤵
        
        PID:4224
        
        \??\c:\bbhbtn.exe
        
        c:\bbhbtn.exe
        338⤵
        
        PID:2592
        
        \??\c:\ttbtnn.exe
        
        c:\ttbtnn.exe
        339⤵
        
        PID:1600
        
        \??\c:\hnhhnn.exe
        
        c:\hnhhnn.exe
        340⤵
        
        PID:3308
        
        \??\c:\tnbttb.exe
        
        c:\tnbttb.exe
        341⤵
        
        PID:1584
        
        \??\c:\nnnhbb.exe
        
        c:\nnnhbb.exe
        342⤵
        
        PID:1816
        
        \??\c:\1bnnnt.exe
        
        c:\1bnnnt.exe
        343⤵
        
        PID:2912
        
        \??\c:\nbtntn.exe
        
        c:\nbtntn.exe
        344⤵
        
        PID:4636
        
        \??\c:\htnnnt.exe
        
        c:\htnnnt.exe
        345⤵
        
        PID:5060
        
        \??\c:\9bnhhb.exe
        
        c:\9bnhhb.exe
        346⤵
        
        PID:4080
        
        \??\c:\bthbbn.exe
        
        c:\bthbbn.exe
        347⤵
        
        PID:2760
        
        \??\c:\bbnbtt.exe
        
        c:\bbnbtt.exe
        348⤵
        
        PID:952
        
        \??\c:\fxxxfxf.exe
        
        c:\fxxxfxf.exe
        349⤵
        
        PID:1916
        
        \??\c:\ffrlfff.exe
        
        c:\ffrlfff.exe
        350⤵
        
        PID:5024
        
        \??\c:\flllffx.exe
        
        c:\flllffx.exe
        351⤵
        
        PID:4252
        
        \??\c:\fxffxxx.exe
        
        c:\fxffxxx.exe
        352⤵
        
        PID:2108
        
        \??\c:\hntnnh.exe
        
        c:\hntnnh.exe
        353⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        \??\c:\nntnnh.exe
        
        c:\nntnnh.exe
        354⤵
        
        PID:3944
        
        \??\c:\tnnttn.exe
        
        c:\tnnttn.exe
        355⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        \??\c:\nnhntb.exe
        
        c:\nnhntb.exe
        356⤵
        
        PID:3952
        
        \??\c:\pjvjd.exe
        
        c:\pjvjd.exe
        357⤵
        
        PID:2192
        
        \??\c:\vvjdd.exe
        
        c:\vvjdd.exe
        358⤵
        
        PID:4088
        
        \??\c:\vvvjv.exe
        
        c:\vvvjv.exe
        359⤵
        
        PID:4592
        
        \??\c:\djvdv.exe
        
        c:\djvdv.exe
        360⤵
        
        PID:1972
        
        \??\c:\9dddd.exe
        
        c:\9dddd.exe
        361⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        \??\c:\vdvvv.exe
        
        c:\vdvvv.exe
        362⤵
        
        PID:4848
        
        \??\c:\lfrrrrr.exe
        
        c:\lfrrrrr.exe
        363⤵
        
        PID:2284
        
        \??\c:\fxlffll.exe
        
        c:\fxlffll.exe
        364⤵
        
        PID:2296
        
        \??\c:\llxxflr.exe
        
        c:\llxxflr.exe
        365⤵
        
        PID:2292
        
        \??\c:\lrflrxx.exe
        
        c:\lrflrxx.exe
        366⤵
        
        PID:2240
        
        \??\c:\tttbbb.exe
        
        c:\tttbbb.exe
        367⤵
        
        PID:2156
        
        \??\c:\vpddj.exe
        
        c:\vpddj.exe
        368⤵
        
        PID:2864
        
        \??\c:\jpjjd.exe
        
        c:\jpjjd.exe
        369⤵
        
        PID:2720
        
        \??\c:\xxxflff.exe
        
        c:\xxxflff.exe
        370⤵
        
        PID:1172
        
        \??\c:\xrxxflr.exe
        
        c:\xrxxflr.exe
        371⤵
        
        PID:2256
        
        \??\c:\lflllxx.exe
        
        c:\lflllxx.exe
        372⤵
        System Location Discovery: System Language Discovery
        
        PID:212
        
        \??\c:\flflflf.exe
        
        c:\flflflf.exe
        373⤵
        
        PID:3128
        
        \??\c:\rrxxrlr.exe
        
        c:\rrxxrlr.exe
        374⤵
        
        PID:2736
        
        \??\c:\ttnnnt.exe
        
        c:\ttnnnt.exe
        375⤵
        
        PID:4984
        
        \??\c:\fllxxfx.exe
        
        c:\fllxxfx.exe
        376⤵
        
        PID:4508
        
        \??\c:\bbbbnn.exe
        
        c:\bbbbnn.exe
        377⤵
        
        PID:3936
        
        \??\c:\hbbttn.exe
        
        c:\hbbttn.exe
        378⤵
        
        PID:2972
        
        \??\c:\nhtnhn.exe
        
        c:\nhtnhn.exe
        379⤵
        
        PID:4832
        
        \??\c:\hnbtbb.exe
        
        c:\hnbtbb.exe
        380⤵
        
        PID:1348
        
        \??\c:\thbnnt.exe
        
        c:\thbnnt.exe
        381⤵
        
        PID:3004
        
        \??\c:\dvdpv.exe
        
        c:\dvdpv.exe
        382⤵
        
        PID:4980
        
        \??\c:\lflxxff.exe
        
        c:\lflxxff.exe
        383⤵
        
        PID:3172
        
        \??\c:\lxffffx.exe
        
        c:\lxffffx.exe
        384⤵
        
        PID:3024
        
        \??\c:\xfxrlll.exe
        
        c:\xfxrlll.exe
        385⤵
        
        PID:1640
        
        \??\c:\djppp.exe
        
        c:\djppp.exe
        386⤵
        
        PID:3924
        
        \??\c:\jdppp.exe
        
        c:\jdppp.exe
        387⤵
        
        PID:5100
        
        \??\c:\9flrxfx.exe
        
        c:\9flrxfx.exe
        388⤵
        
        PID:3532
        
        \??\c:\pdddd.exe
        
        c:\pdddd.exe
        389⤵
        
        PID:684
        
        \??\c:\pdvvp.exe
        
        c:\pdvvp.exe
        390⤵
        
        PID:3136
        
        \??\c:\jpppj.exe
        
        c:\jpppj.exe
        391⤵
        
        PID:5068
        
        \??\c:\frrrrrx.exe
        
        c:\frrrrrx.exe
        392⤵
        
        PID:5012
        
        \??\c:\nbnttt.exe
        
        c:\nbnttt.exe
        393⤵
        
        PID:368
        
        \??\c:\bntttt.exe
        
        c:\bntttt.exe
        394⤵
        
        PID:4476
        
        \??\c:\nbbtnb.exe
        
        c:\nbbtnb.exe
        395⤵
        
        PID:2952
        
        \??\c:\3lfxrrx.exe
        
        c:\3lfxrrx.exe
        396⤵
        
        PID:4356
        
        \??\c:\rxllflr.exe
        
        c:\rxllflr.exe
        397⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        \??\c:\5llfflf.exe
        
        c:\5llfflf.exe
        398⤵
        
        PID:780
        
        \??\c:\lffrllf.exe
        
        c:\lffrllf.exe
        399⤵
        
        PID:4772
        
        \??\c:\rxfflrx.exe
        
        c:\rxfflrx.exe
        400⤵
        
        PID:3144
        
        \??\c:\frrrrrl.exe
        
        c:\frrrrrl.exe
        401⤵
        
        PID:3632
        
        \??\c:\rlxfllr.exe
        
        c:\rlxfllr.exe
        402⤵
        
        PID:4576
        
        \??\c:\fxfffff.exe
        
        c:\fxfffff.exe
        403⤵
        
        PID:3096
        
        \??\c:\rrrxrrl.exe
        
        c:\rrrxrrl.exe
        404⤵
        
        PID:1916
        
        \??\c:\lfrffff.exe
        
        c:\lfrffff.exe
        405⤵
        
        PID:3376
        
        \??\c:\xxlllll.exe
        
        c:\xxlllll.exe
        406⤵
        
        PID:4252
        
        \??\c:\xrxxxxx.exe
        
        c:\xrxxxxx.exe
        407⤵
        
        PID:2108
        
        \??\c:\lrfxffx.exe
        
        c:\lrfxffx.exe
        408⤵
        
        PID:3452
        
        \??\c:\ntnnbn.exe
        
        c:\ntnnbn.exe
        409⤵
        
        PID:1480
        
        \??\c:\frllffr.exe
        
        c:\frllffr.exe
        410⤵
        
        PID:344
        
        \??\c:\ffxffll.exe
        
        c:\ffxffll.exe
        411⤵
        
        PID:4536
        
        \??\c:\nnhbbh.exe
        
        c:\nnhbbh.exe
        412⤵
        
        PID:2676
        
        \??\c:\fxlllrx.exe
        
        c:\fxlllrx.exe
        413⤵
        
        PID:4320
        
        \??\c:\nhnhbb.exe
        
        c:\nhnhbb.exe
        414⤵
        
        PID:2500
        
        \??\c:\nnbttb.exe
        
        c:\nnbttb.exe
        415⤵
        
        PID:1712
        
        \??\c:\hnhhtn.exe
        
        c:\hnhhtn.exe
        416⤵
        
        PID:4564
        
        \??\c:\1xxrxxl.exe
        
        c:\1xxrxxl.exe
        417⤵
        
        PID:5104
        
        \??\c:\frflxfl.exe
        
        c:\frflxfl.exe
        418⤵
        
        PID:2072
        
        \??\c:\rfrrllr.exe
        
        c:\rfrrllr.exe
        419⤵
        
        PID:3540
        
        \??\c:\bnbbtb.exe
        
        c:\bnbbtb.exe
        420⤵
        
        PID:436
        
        \??\c:\xxlllfl.exe
        
        c:\xxlllfl.exe
        421⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        \??\c:\hhnnnn.exe
        
        c:\hhnnnn.exe
        422⤵
        
        PID:1648
        
        \??\c:\bhhnnn.exe
        
        c:\bhhnnn.exe
        423⤵
        
        PID:2864
        
        \??\c:\bbnnnt.exe
        
        c:\bbnnnt.exe
        424⤵
        
        PID:2720
        
        \??\c:\vpvpv.exe
        
        c:\vpvpv.exe
        425⤵
        
        PID:1172
        
        \??\c:\dvddd.exe
        
        c:\dvddd.exe
        426⤵
        
        PID:3500
        
        \??\c:\vpjdd.exe
        
        c:\vpjdd.exe
        427⤵
        
        PID:212
        
        \??\c:\dvddv.exe
        
        c:\dvddv.exe
        428⤵
        
        PID:2008
        
        \??\c:\dddjd.exe
        
        c:\dddjd.exe
        429⤵
        
        PID:440
        
        \??\c:\ddppp.exe
        
        c:\ddppp.exe
        430⤵
        
        PID:4984
        
        \??\c:\flxfxxf.exe
        
        c:\flxfxxf.exe
        431⤵
        
        PID:4508
        
        \??\c:\rfxfffl.exe
        
        c:\rfxfffl.exe
        432⤵
        
        PID:3936
        
        \??\c:\lrlfxxr.exe
        
        c:\lrlfxxr.exe
        433⤵
        
        PID:2972
        
        \??\c:\ffxffrx.exe
        
        c:\ffxffrx.exe
        434⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
        
        \??\c:\ffxlfff.exe
        
        c:\ffxlfff.exe
        435⤵
        
        PID:3688
        
        \??\c:\flrrrff.exe
        
        c:\flrrrff.exe
        436⤵
        
        PID:4324
        
        \??\c:\hhhhnn.exe
        
        c:\hhhhnn.exe
        437⤵
        
        PID:4980
        
        \??\c:\rflllfl.exe
        
        c:\rflllfl.exe
        438⤵
        
        PID:4380
        
        \??\c:\hthtnn.exe
        
        c:\hthtnn.exe
        439⤵
        
        PID:912
        
        \??\c:\hthbhb.exe
        
        c:\hthbhb.exe
        440⤵
        
        PID:3168
        
        \??\c:\ntttbb.exe
        
        c:\ntttbb.exe
        441⤵
        
        PID:3924
        
        \??\c:\bthntb.exe
        
        c:\bthntb.exe
        442⤵
        
        PID:5100
        
        \??\c:\djppp.exe
        
        c:\djppp.exe
        443⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        \??\c:\jjpvv.exe
        
        c:\jjpvv.exe
        444⤵
        
        PID:4812
        
        \??\c:\rxfllll.exe
        
        c:\rxfllll.exe
        445⤵
        
        PID:3692
        
        \??\c:\rrrrxxr.exe
        
        c:\rrrrxxr.exe
        446⤵
        
        PID:1100
        
        \??\c:\lxlffff.exe
        
        c:\lxlffff.exe
        447⤵
        
        PID:232
        
        \??\c:\rllffll.exe
        
        c:\rllffll.exe
        448⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        \??\c:\bbhbbb.exe
        
        c:\bbhbbb.exe
        449⤵
        
        PID:3872
        
        \??\c:\bbthnt.exe
        
        c:\bbthnt.exe
        450⤵
        
        PID:3748
        
        \??\c:\tbhbbh.exe
        
        c:\tbhbbh.exe
        451⤵
        
        PID:3000
        
        \??\c:\djpdd.exe
        
        c:\djpdd.exe
        452⤵
        
        PID:884
        
        \??\c:\pjvjp.exe
        
        c:\pjvjp.exe
        453⤵
        
        PID:1340
        
        \??\c:\vvjdd.exe
        
        c:\vvjdd.exe
        454⤵
        
        PID:5060
        
        \??\c:\3tthbb.exe
        
        c:\3tthbb.exe
        455⤵
        
        PID:4772
        
        \??\c:\dvjdv.exe
        
        c:\dvjdv.exe
        456⤵
        
        PID:3144
        
        \??\c:\dpjjp.exe
        
        c:\dpjjp.exe
        457⤵
        
        PID:3520
        
        \??\c:\tthhbh.exe
        
        c:\tthhbh.exe
        458⤵
        
        PID:3140
        
        \??\c:\pvdjd.exe
        
        c:\pvdjd.exe
        459⤵
        
        PID:3996
        
        \??\c:\jjvvp.exe
        
        c:\jjvvp.exe
        460⤵
        
        PID:1412
        
        \??\c:\5vppj.exe
        
        c:\5vppj.exe
        461⤵
        
        PID:2984
        
        \??\c:\lfrrrrr.exe
        
        c:\lfrrrrr.exe
        462⤵
        
        PID:4736
        
        \??\c:\rfllrfx.exe
        
        c:\rfllrfx.exe
        463⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        \??\c:\1rxxrxr.exe
        
        c:\1rxxrxr.exe
        464⤵
        
        PID:3944
        
        \??\c:\jpdvp.exe
        
        c:\jpdvp.exe
        465⤵
        
        PID:3628
        
        \??\c:\ppppp.exe
        
        c:\ppppp.exe
        466⤵
        
        PID:5080
        
        \??\c:\djjvp.exe
        
        c:\djjvp.exe
        467⤵
        
        PID:752
        
        \??\c:\rffllll.exe
        
        c:\rffllll.exe
        468⤵
        
        PID:1400
        
        \??\c:\9xxxrrx.exe
        
        c:\9xxxrrx.exe
        469⤵
        
        PID:2472
        
        \??\c:\xfllrrx.exe
        
        c:\xfllrrx.exe
        470⤵
        
        PID:1416
        
        \??\c:\dpjjd.exe
        
        c:\dpjjd.exe
        471⤵
        
        PID:3492
        
        \??\c:\djddv.exe
        
        c:\djddv.exe
        472⤵
        
        PID:1452
        
        \??\c:\xrxxrxf.exe
        
        c:\xrxxrxf.exe
        473⤵
        
        PID:2284
        
        \??\c:\fflxllr.exe
        
        c:\fflxllr.exe
        474⤵
        
        PID:1772
        
        \??\c:\xrxrrrl.exe
        
        c:\xrxrrrl.exe
        475⤵
        
        PID:2556
        
        \??\c:\xxllfrr.exe
        
        c:\xxllfrr.exe
        476⤵
        
        PID:4908
        
        \??\c:\tnbbbh.exe
        
        c:\tnbbbh.exe
        477⤵
        
        PID:868
        
        \??\c:\5hbnth.exe
        
        c:\5hbnth.exe
        478⤵
        
        PID:1808
        
        \??\c:\tbthht.exe
        
        c:\tbthht.exe
        479⤵
        
        PID:3328
        
        \??\c:\tbtttb.exe
        
        c:\tbtttb.exe
        480⤵
        
        PID:3032
        
        \??\c:\hthhhn.exe
        
        c:\hthhhn.exe
        481⤵
        
        PID:2720
        
        \??\c:\bhnnnb.exe
        
        c:\bhnnnb.exe
        482⤵
        
        PID:644
        
        \??\c:\httttt.exe
        
        c:\httttt.exe
        483⤵
        
        PID:3500
        
        \??\c:\bbhnnh.exe
        
        c:\bbhnnh.exe
        484⤵
        
        PID:212
        
        \??\c:\hntntt.exe
        
        c:\hntntt.exe
        485⤵
        
        PID:2440
        
        \??\c:\btbbbt.exe
        
        c:\btbbbt.exe
        486⤵
        
        PID:3608
        
        \??\c:\hbhnnn.exe
        
        c:\hbhnnn.exe
        487⤵
        
        PID:2360
        
        \??\c:\bbttnn.exe
        
        c:\bbttnn.exe
        488⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
        
        \??\c:\hbnnnn.exe
        
        c:\hbnnnn.exe
        489⤵
        
        PID:4744
        
        \??\c:\9dddd.exe
        
        c:\9dddd.exe
        490⤵
        
        PID:1756
        
        \??\c:\bbnbtt.exe
        
        c:\bbnbtt.exe
        491⤵
        
        PID:2772
        
        \??\c:\tbbhnt.exe
        
        c:\tbbhnt.exe
        492⤵
        
        PID:4420
        
        \??\c:\ppvvd.exe
        
        c:\ppvvd.exe
        493⤵
        
        PID:2680
        
        \??\c:\jjjjd.exe
        
        c:\jjjjd.exe
        494⤵
        
        PID:456
        
        \??\c:\vvdvv.exe
        
        c:\vvdvv.exe
        495⤵
        
        PID:3932
        
        \??\c:\5vjdd.exe
        
        c:\5vjdd.exe
        496⤵
        
        PID:1796
        
        \??\c:\flrfrlf.exe
        
        c:\flrfrlf.exe
        497⤵
        
        PID:1820
        
        \??\c:\1llfxfl.exe
        
        c:\1llfxfl.exe
        498⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        \??\c:\llrrrrx.exe
        
        c:\llrrrrx.exe
        499⤵
        
        PID:3272
        
        \??\c:\rxffllr.exe
        
        c:\rxffllr.exe
        500⤵
        
        PID:5016
        
        \??\c:\frfffff.exe
        
        c:\frfffff.exe
        501⤵
        
        PID:2100
        
        \??\c:\frflllf.exe
        
        c:\frflllf.exe
        502⤵
        
        PID:2380
        
        \??\c:\3ffxxfx.exe
        
        c:\3ffxxfx.exe
        503⤵
        
        PID:5068
        
        \??\c:\hhbtht.exe
        
        c:\hhbtht.exe
        504⤵
        
        PID:5012
        
        \??\c:\btnnnn.exe
        
        c:\btnnnn.exe
        505⤵
        
        PID:228
        
        \??\c:\tbnnhn.exe
        
        c:\tbnnhn.exe
        506⤵
        
        PID:4276
        
        \??\c:\tnhhbb.exe
        
        c:\tnhhbb.exe
        507⤵
        
        PID:3872
        
        \??\c:\tbnhbb.exe
        
        c:\tbnhbb.exe
        508⤵
        
        PID:4248
        
        \??\c:\bbbhbb.exe
        
        c:\bbbhbb.exe
        509⤵
        
        PID:4124
        
        \??\c:\7hbnnt.exe
        
        c:\7hbnnt.exe
        510⤵
        
        PID:884
        
        \??\c:\nbhnbn.exe
        
        c:\nbhnbn.exe
        511⤵
        
        PID:1340
        
        \??\c:\tttntt.exe
        
        c:\tttntt.exe
        512⤵
        
        PID:1932
        
        \??\c:\lxfxxrx.exe
        
        c:\lxfxxrx.exe
        513⤵
        
        PID:4388
        
        \??\c:\9flfffx.exe
        
        c:\9flfffx.exe
        514⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
        
        \??\c:\bhhhtt.exe
        
        c:\bhhhtt.exe
        515⤵
        
        PID:1864
        
        \??\c:\lfffxxx.exe
        
        c:\lfffxxx.exe
        516⤵
        
        PID:3808
        
        \??\c:\xrxxxxf.exe
        
        c:\xrxxxxf.exe
        517⤵
        
        PID:1916
        
        \??\c:\xrlfllr.exe
        
        c:\xrlfllr.exe
        518⤵
        
        PID:3740
        
        \??\c:\xrrfxrx.exe
        
        c:\xrrfxrx.exe
        519⤵
        
        PID:2332
        
        \??\c:\jjppv.exe
        
        c:\jjppv.exe
        520⤵
        
        PID:1752
        
        \??\c:\fffflrx.exe
        
        c:\fffflrx.exe
        521⤵
        
        PID:3452
        
        \??\c:\xxlffll.exe
        
        c:\xxlffll.exe
        522⤵
        
        PID:3200
        
        \??\c:\xxxrrlr.exe
        
        c:\xxxrrlr.exe
        523⤵
        
        PID:5000
        
        \??\c:\lxlflxf.exe
        
        c:\lxlflxf.exe
        524⤵
        
        PID:2764
        
        \??\c:\rfrrrxx.exe
        
        c:\rfrrrxx.exe
        525⤵
        
        PID:3868
        
        \??\c:\3xfxrxx.exe
        
        c:\3xfxrxx.exe
        526⤵
        
        PID:3600
        
        \??\c:\ffrflxf.exe
        
        c:\ffrflxf.exe
        527⤵
        
        PID:1476
        
        \??\c:\fllllrf.exe
        
        c:\fllllrf.exe
        528⤵
        
        PID:2732
        
        \??\c:\xfxllrr.exe
        
        c:\xfxllrr.exe
        529⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        \??\c:\rlrxflf.exe
        
        c:\rlrxflf.exe
        530⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        \??\c:\rrxrrrr.exe
        
        c:\rrxrrrr.exe
        531⤵
        
        PID:5104
        
        \??\c:\xlllrfl.exe
        
        c:\xlllrfl.exe
        532⤵
        
        PID:2284
        
        \??\c:\rllllll.exe
        
        c:\rllllll.exe
        533⤵
        
        PID:1772
        
        \??\c:\7rlfrxl.exe
        
        c:\7rlfrxl.exe
        534⤵
        
        PID:2556
        
        \??\c:\xflrxfr.exe
        
        c:\xflrxfr.exe
        535⤵
        
        PID:4908
        
        \??\c:\lfrxxrf.exe
        
        c:\lfrxxrf.exe
        536⤵
        
        PID:1648
        
        \??\c:\ffxfxfx.exe
        
        c:\ffxfxfx.exe
        537⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        \??\c:\rxlfrlx.exe
        
        c:\rxlfrlx.exe
        538⤵
        
        PID:2256
        
        \??\c:\1xxxxfl.exe
        
        c:\1xxxxfl.exe
        539⤵
        
        PID:3032
        
        \??\c:\jjpjj.exe
        
        c:\jjpjj.exe
        540⤵
        
        PID:1304
        
        \??\c:\ppvpd.exe
        
        c:\ppvpd.exe
        541⤵
        
        PID:644
        
        \??\c:\pjppp.exe
        
        c:\pjppp.exe
        542⤵
        
        PID:1272
        
        \??\c:\5pdvd.exe
        
        c:\5pdvd.exe
        543⤵
        
        PID:212
        
        \??\c:\vppvd.exe
        
        c:\vppvd.exe
        544⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        \??\c:\vvvvv.exe
        
        c:\vvvvv.exe
        545⤵
        
        PID:3608
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        546⤵
        
        PID:2808
        
        \??\c:\pjvjv.exe
        
        c:\pjvjv.exe
        547⤵
        
        PID:2448
        
        \??\c:\dvjdd.exe
        
        c:\dvjdd.exe
        548⤵
        
        PID:3028
        
        \??\c:\pjppp.exe
        
        c:\pjppp.exe
        549⤵
        
        PID:1636
        
        \??\c:\3dddv.exe
        
        c:\3dddv.exe
        550⤵
        
        PID:2772
        
        \??\c:\vdppj.exe
        
        c:\vdppj.exe
        551⤵
        
        PID:1928
        
        \??\c:\ffllflf.exe
        
        c:\ffllflf.exe
        552⤵
        
        PID:4168
        
        \??\c:\llxfflr.exe
        
        c:\llxfflr.exe
        553⤵
        
        PID:456
        
        \??\c:\rxfllrx.exe
        
        c:\rxfllrx.exe
        554⤵
        
        PID:3516
        
        \??\c:\tnttnt.exe
        
        c:\tnttnt.exe
        555⤵
        
        PID:1796
        
        \??\c:\hnhttt.exe
        
        c:\hnhttt.exe
        556⤵
        
        PID:2620
        
        \??\c:\bnbhbh.exe
        
        c:\bnbhbh.exe
        557⤵
        
        PID:1564
        
        \??\c:\bbnnnn.exe
        
        c:\bbnnnn.exe
        558⤵
        
        PID:2512
        
        \??\c:\3bhntb.exe
        
        c:\3bhntb.exe
        559⤵
        
        PID:2220
        
        \??\c:\pppjp.exe
        
        c:\pppjp.exe
        560⤵
        
        PID:3136
        
        \??\c:\pvjpv.exe
        
        c:\pvjpv.exe
        561⤵
        
        PID:2580
        
        \??\c:\jjdpp.exe
        
        c:\jjdpp.exe
        562⤵
        
        PID:2708
        
        \??\c:\vjdjj.exe
        
        c:\vjdjj.exe
        563⤵
        
        PID:2592
        
        \??\c:\dpvpp.exe
        
        c:\dpvpp.exe
        564⤵
        
        PID:4448
        
        \??\c:\fllllrx.exe
        
        c:\fllllrx.exe
        565⤵
        
        PID:4416
        
        \??\c:\bntbhn.exe
        
        c:\bntbhn.exe
        566⤵
        
        PID:1372
        
        \??\c:\bnbtth.exe
        
        c:\bnbtth.exe
        567⤵
        
        PID:3748
        
        \??\c:\hnbbbb.exe
        
        c:\hnbbbb.exe
        568⤵
        
        PID:3000
        
        \??\c:\ppvvv.exe
        
        c:\ppvvv.exe
        569⤵
        
        PID:4636
        
        \??\c:\djdjj.exe
        
        c:\djdjj.exe
        570⤵
        
        PID:2136
        
        \??\c:\jpjdd.exe
        
        c:\jpjdd.exe
        571⤵
        
        PID:5060
        
        \??\c:\pjdjp.exe
        
        c:\pjdjp.exe
        572⤵
        
        PID:4772
        
        \??\c:\jvvvd.exe
        
        c:\jvvvd.exe
        573⤵
        
        PID:3144
        
        \??\c:\xxlxlrx.exe
        
        c:\xxlxlrx.exe
        574⤵
        
        PID:1800
        
        \??\c:\lxflxrx.exe
        
        c:\lxflxrx.exe
        575⤵
        
        PID:3904
        
        \??\c:\lrlffrf.exe
        
        c:\lrlffrf.exe
        576⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        \??\c:\nbhntb.exe
        
        c:\nbhntb.exe
        577⤵
        
        PID:1412
        
        \??\c:\bnbtbh.exe
        
        c:\bnbtbh.exe
        578⤵
        
        PID:4252
        
        \??\c:\djvdd.exe
        
        c:\djvdd.exe
        579⤵
        
        PID:2844
        
        \??\c:\hhtbbt.exe
        
        c:\hhtbbt.exe
        580⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        \??\c:\djpjv.exe
        
        c:\djpjv.exe
        581⤵
        
        PID:3452
        
        \??\c:\jjvdv.exe
        
        c:\jjvdv.exe
        582⤵
        
        PID:344
        
        \??\c:\jddvd.exe
        
        c:\jddvd.exe
        583⤵
        
        PID:2676
        
        \??\c:\7lrrrxl.exe
        
        c:\7lrrrxl.exe
        584⤵
        
        PID:752
        
        \??\c:\flfllrx.exe
        
        c:\flfllrx.exe
        585⤵
        
        PID:3208
        
        \??\c:\llxllxr.exe
        
        c:\llxllxr.exe
        586⤵
        
        PID:1972
        
        \??\c:\rflllxx.exe
        
        c:\rflllxx.exe
        587⤵
        
        PID:4848
        
        \??\c:\fflxxll.exe
        
        c:\fflxxll.exe
        588⤵
        
        PID:4780
        
        \??\c:\ttnbbh.exe
        
        c:\ttnbbh.exe
        589⤵
        
        PID:2948
        
        \??\c:\ddjpp.exe
        
        c:\ddjpp.exe
        590⤵
        
        PID:1964
        
        \??\c:\pvjpp.exe
        
        c:\pvjpp.exe
        591⤵
        
        PID:1680
        
        \??\c:\jjppv.exe
        
        c:\jjppv.exe
        592⤵
        
        PID:4400
        
        \??\c:\3jpvv.exe
        
        c:\3jpvv.exe
        593⤵
        
        PID:4964
        
        \??\c:\lrfllrx.exe
        
        c:\lrfllrx.exe
        594⤵
        
        PID:3112
        
        \??\c:\xxxlrrl.exe
        
        c:\xxxlrrl.exe
        595⤵
        
        PID:868
        
        \??\c:\nnhnbb.exe
        
        c:\nnhnbb.exe
        596⤵
        
        PID:1808
        
        \??\c:\tnttnn.exe
        
        c:\tnttnn.exe
        597⤵
        
        PID:3328
        
        \??\c:\httbth.exe
        
        c:\httbth.exe
        598⤵
        
        PID:1172
        
        \??\c:\1hnthb.exe
        
        c:\1hnthb.exe
        599⤵
        
        PID:2268
        
        \??\c:\3vvdd.exe
        
        c:\3vvdd.exe
        600⤵
        
        PID:2740
        
        \??\c:\jpjvv.exe
        
        c:\jpjvv.exe
        601⤵
        
        PID:2008
        
        \??\c:\frlrfll.exe
        
        c:\frlrfll.exe
        602⤵
        
        PID:4700
        
        \??\c:\lxffrff.exe
        
        c:\lxffrff.exe
        603⤵
        
        PID:4064
        
        \??\c:\djddv.exe
        
        c:\djddv.exe
        604⤵
        
        PID:3648
        
        \??\c:\pjdjp.exe
        
        c:\pjdjp.exe
        605⤵
        
        PID:4308
        
        \??\c:\pppjd.exe
        
        c:\pppjd.exe
        606⤵
        
        PID:2360
        
        \??\c:\jjvvv.exe
        
        c:\jjvvv.exe
        607⤵
        
        PID:4112
        
        \??\c:\jpvvj.exe
        
        c:\jpvvj.exe
        608⤵
        
        PID:536
        
        \??\c:\lrrxrrx.exe
        
        c:\lrrxrrx.exe
        609⤵
        
        PID:4996
        
        \??\c:\lfrrxfr.exe
        
        c:\lfrrxfr.exe
        610⤵
        
        PID:3844
        
        \??\c:\5xxrfll.exe
        
        c:\5xxrfll.exe
        611⤵
        
        PID:4600
        
        \??\c:\nhbttt.exe
        
        c:\nhbttt.exe
        612⤵
        
        PID:2988
        
        \??\c:\hbhtnn.exe
        
        c:\hbhtnn.exe
        613⤵
        
        PID:3476
        
        \??\c:\xxfffff.exe
        
        c:\xxfffff.exe
        614⤵
        
        PID:3932
        
        \??\c:\bbbttn.exe
        
        c:\bbbttn.exe
        615⤵
        
        PID:684
        
        \??\c:\xllxlll.exe
        
        c:\xllxlll.exe
        616⤵
        
        PID:2620
        
        \??\c:\thbhnn.exe
        
        c:\thbhnn.exe
        617⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        \??\c:\fxrxxfl.exe
        
        c:\fxrxxfl.exe
        618⤵
        
        PID:1260
        
        \??\c:\nnhbhh.exe
        
        c:\nnhbhh.exe
        619⤵
        
        PID:2200
        
        \??\c:\nthnnt.exe
        
        c:\nthnnt.exe
        620⤵
        
        PID:4224
        
        \??\c:\ttbbhh.exe
        
        c:\ttbbhh.exe
        621⤵
        
        PID:2208
        
        \??\c:\nthhbh.exe
        
        c:\nthhbh.exe
        622⤵
        
        PID:1768
        
        \??\c:\1tntnt.exe
        
        c:\1tntnt.exe
        623⤵
        
        PID:2592
        
        \??\c:\dvddd.exe
        
        c:\dvddd.exe
        624⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        \??\c:\pdjjj.exe
        
        c:\pdjjj.exe
        625⤵
        
        PID:2912
        
        \??\c:\1jvpj.exe
        
        c:\1jvpj.exe
        626⤵
        
        PID:1316
        
        \??\c:\ffffflr.exe
        
        c:\ffffflr.exe
        627⤵
        
        PID:4408
        
        \??\c:\rfrrllx.exe
        
        c:\rfrrllx.exe
        628⤵
        
        PID:2568
        
        \??\c:\rflllff.exe
        
        c:\rflllff.exe
        629⤵
        
        PID:2216
        
        \??\c:\3xfflxx.exe
        
        c:\3xfflxx.exe
        630⤵
        
        PID:4612
        
        \??\c:\5llllrl.exe
        
        c:\5llllrl.exe
        631⤵
        
        PID:2136
        
        \??\c:\rrlrxll.exe
        
        c:\rrlrxll.exe
        632⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
        
        \??\c:\fxrrrfx.exe
        
        c:\fxrrrfx.exe
        633⤵
        
        PID:3520
        
        \??\c:\llxxffr.exe
        
        c:\llxxffr.exe
        634⤵
        
        PID:5024
        
        \??\c:\bthhht.exe
        
        c:\bthhht.exe
        635⤵
        
        PID:3808
        
        \??\c:\xxlflrr.exe
        
        c:\xxlflrr.exe
        636⤵
        
        PID:3132
        
        \??\c:\xxfflrx.exe
        
        c:\xxfflrx.exe
        637⤵
        
        PID:2984
        
        \??\c:\9lrlrxf.exe
        
        c:\9lrlrxf.exe
        638⤵
        
        PID:640
        
        \??\c:\xxlllrr.exe
        
        c:\xxlllrr.exe
        639⤵
        
        PID:3596
        
        \??\c:\rxxxxxf.exe
        
        c:\rxxxxxf.exe
        640⤵
        System Location Discovery: System Language Discovery
        
        PID:724
        
        \??\c:\lfffxxr.exe
        
        c:\lfffxxr.exe
        641⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        \??\c:\llrlrxf.exe
        
        c:\llrlrxf.exe
        642⤵
        
        PID:1112
        
        \??\c:\3xlfxfx.exe
        
        c:\3xlfxfx.exe
        643⤵
        
        PID:2904
        
        \??\c:\xflrflr.exe
        
        c:\xflrflr.exe
        644⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        \??\c:\hhtnbn.exe
        
        c:\hhtnbn.exe
        645⤵
        
        PID:4536
        
        \??\c:\btbbtb.exe
        
        c:\btbbtb.exe
        646⤵
        
        PID:3324
        
        \??\c:\ppvdd.exe
        
        c:\ppvdd.exe
        647⤵
        
        PID:1560
        
        \??\c:\vdppp.exe
        
        c:\vdppp.exe
        648⤵
        
        PID:4564
        
        \??\c:\1vjjp.exe
        
        c:\1vjjp.exe
        649⤵
        
        PID:1460
        
        \??\c:\9pjjp.exe
        
        c:\9pjjp.exe
        650⤵
        
        PID:2416
        
        \??\c:\dvpjp.exe
        
        c:\dvpjp.exe
        651⤵
        
        PID:3492
        
        \??\c:\9vppv.exe
        
        c:\9vppv.exe
        652⤵
        
        PID:5104
        
        \??\c:\jjjpp.exe
        
        c:\jjjpp.exe
        653⤵
        
        PID:3612
        
        \??\c:\vddvv.exe
        
        c:\vddvv.exe
        654⤵
        
        PID:436
        
        \??\c:\jjvpp.exe
        
        c:\jjvpp.exe
        655⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        \??\c:\xxllxxl.exe
        
        c:\xxllxxl.exe
        656⤵
        
        PID:4976
        
        \??\c:\3xrlllf.exe
        
        c:\3xrlllf.exe
        657⤵
        System Location Discovery: System Language Discovery
        
        PID:668
        
        \??\c:\rllrrxr.exe
        
        c:\rllrrxr.exe
        658⤵
        
        PID:1804
        
        \??\c:\xxxxxff.exe
        
        c:\xxxxxff.exe
        659⤵
        
        PID:5040
        
        \??\c:\bhnnbn.exe
        
        c:\bhnnbn.exe
        660⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
        
        \??\c:\tbbhhn.exe
        
        c:\tbbhhn.exe
        661⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        \??\c:\rrfxfll.exe
        
        c:\rrfxfll.exe
        662⤵
        
        PID:644
        
        \??\c:\rrllflr.exe
        
        c:\rrllflr.exe
        663⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        \??\c:\lrllrxf.exe
        
        c:\lrllrxf.exe
        664⤵
        
        PID:2236
        
        \??\c:\tthtnn.exe
        
        c:\tthtnn.exe
        665⤵
        
        PID:1312
        
        \??\c:\5tbnhn.exe
        
        c:\5tbnhn.exe
        666⤵
        
        PID:764
        
        \??\c:\vddvp.exe
        
        c:\vddvp.exe
        667⤵
        
        PID:3936
        
        \??\c:\jpjjd.exe
        
        c:\jpjjd.exe
        668⤵
        
        PID:2808
        
        \??\c:\vjvvv.exe
        
        c:\vjvvv.exe
        669⤵
        
        PID:2448
        
        \??\c:\vddpd.exe
        
        c:\vddpd.exe
        670⤵
        
        PID:3028
        
        \??\c:\fxrrlll.exe
        
        c:\fxrrlll.exe
        671⤵
        
        PID:4324
        
        \??\c:\fxxflxl.exe
        
        c:\fxxflxl.exe
        672⤵
        
        PID:4980
        
        \??\c:\flxllrx.exe
        
        c:\flxllrx.exe
        673⤵
        
        PID:912
        
        \??\c:\ffflrfl.exe
        
        c:\ffflrfl.exe
        674⤵
        
        PID:3184
        
        \??\c:\hhbbhh.exe
        
        c:\hhbbhh.exe
        675⤵
        
        PID:4652
        
        \??\c:\nnhntb.exe
        
        c:\nnhntb.exe
        676⤵
        
        PID:2012
        
        \??\c:\tnttbn.exe
        
        c:\tnttbn.exe
        677⤵
        
        PID:1796
        
        \??\c:\pjdjj.exe
        
        c:\pjdjj.exe
        678⤵
        
        PID:3928
        
        \??\c:\pvjvv.exe
        
        c:\pvjvv.exe
        679⤵
        
        PID:3784
        
        \??\c:\vpjdd.exe
        
        c:\vpjdd.exe
        680⤵
        
        PID:5044
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        681⤵
        
        PID:2660
        
        \??\c:\vpvdd.exe
        
        c:\vpvdd.exe
        682⤵
        
        PID:3692
        
        \??\c:\9pddp.exe
        
        c:\9pddp.exe
        683⤵
        
        PID:2380
        
        \??\c:\rffxxfx.exe
        
        c:\rffxxfx.exe
        684⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
        
        \??\c:\rrrrlrr.exe
        
        c:\rrrrlrr.exe
        685⤵
        
        PID:1584
        
        \??\c:\nbnthb.exe
        
        c:\nbnthb.exe
        686⤵
        
        PID:3308
        
        \??\c:\thtnhh.exe
        
        c:\thtnhh.exe
        687⤵
        
        PID:1816
        
        \??\c:\tbhhhn.exe
        
        c:\tbhhhn.exe
        688⤵
        
        PID:4148
        
        \??\c:\nnnnnn.exe
        
        c:\nnnnnn.exe
        689⤵
        
        PID:2672
        
        \??\c:\tntbbh.exe
        
        c:\tntbbh.exe
        690⤵
        
        PID:4124
        
        \??\c:\nbbbtt.exe
        
        c:\nbbbtt.exe
        691⤵
        
        PID:3360
        
        \??\c:\tbbntn.exe
        
        c:\tbbntn.exe
        692⤵
        
        PID:4716
        
        \??\c:\9ddjj.exe
        
        c:\9ddjj.exe
        693⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        \??\c:\ppddd.exe
        
        c:\ppddd.exe
        694⤵
        
        PID:4612
        
        \??\c:\pvjpv.exe
        
        c:\pvjpv.exe
        695⤵
        
        PID:2136
        
        \??\c:\vdpvd.exe
        
        c:\vdpvd.exe
        696⤵
        
        PID:1988
        
        \??\c:\9dpdv.exe
        
        c:\9dpdv.exe
        697⤵
        
        PID:2228
        
        \??\c:\ppppj.exe
        
        c:\ppppj.exe
        698⤵
        
        PID:220
        
        \??\c:\jvvvj.exe
        
        c:\jvvvj.exe
        699⤵
        
        PID:4712
        
        \??\c:\3dppp.exe
        
        c:\3dppp.exe
        700⤵
        
        PID:4472
        
        \??\c:\7dppp.exe
        
        c:\7dppp.exe
        701⤵
        
        PID:3620
        
        \??\c:\vpppv.exe
        
        c:\vpppv.exe
        702⤵
        
        PID:4708
        
        \??\c:\vdvdp.exe
        
        c:\vdvdp.exe
        703⤵
        
        PID:3840
        
        \??\c:\1dppp.exe
        
        c:\1dppp.exe
        704⤵
        
        PID:724
        
        \??\c:\pjppp.exe
        
        c:\pjppp.exe
        705⤵
        
        PID:1596
        
        \??\c:\vjddd.exe
        
        c:\vjddd.exe
        706⤵
        
        PID:1480
        
        \??\c:\dvvjd.exe
        
        c:\dvvjd.exe
        707⤵
        
        PID:2264
        
        \??\c:\jjjdp.exe
        
        c:\jjjdp.exe
        708⤵
        
        PID:4320
        
        \??\c:\vjvdj.exe
        
        c:\vjvdj.exe
        709⤵
        
        PID:1476
        
        \??\c:\pvdjp.exe
        
        c:\pvdjp.exe
        710⤵
        
        PID:2500
        
        \??\c:\flfflrx.exe
        
        c:\flfflrx.exe
        711⤵
        
        PID:4088
        
        \??\c:\rxxfrfr.exe
        
        c:\rxxfrfr.exe
        712⤵
        
        PID:1712
        
        \??\c:\xfllllr.exe
        
        c:\xfllllr.exe
        713⤵
        
        PID:4780
        
        \??\c:\rfffffl.exe
        
        c:\rfffffl.exe
        714⤵
        
        PID:2412
        
        \??\c:\rfxfrrl.exe
        
        c:\rfxfrrl.exe
        715⤵
        
        PID:2156
        
        \??\c:\flfflfr.exe
        
        c:\flfflfr.exe
        716⤵
        
        PID:2648
        
        \??\c:\frxxxxx.exe
        
        c:\frxxxxx.exe
        717⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        \??\c:\5rrrrrr.exe
        
        c:\5rrrrrr.exe
        718⤵
        
        PID:3016
        
        \??\c:\llrffll.exe
        
        c:\llrffll.exe
        719⤵
        
        PID:1436
        
        \??\c:\fxrrrrl.exe
        
        c:\fxrrrrl.exe
        720⤵
        
        PID:3988
        
        \??\c:\fllfrfl.exe
        
        c:\fllfrfl.exe
        721⤵
        
        PID:1408
        
        \??\c:\flllllf.exe
        
        c:\flllllf.exe
        722⤵
        
        PID:1852
        
        \??\c:\jjpvv.exe
        
        c:\jjpvv.exe
        723⤵
        
        PID:1172
        
        \??\c:\pdpvp.exe
        
        c:\pdpvp.exe
        724⤵
        
        PID:4060
        
        \??\c:\lrrxrrl.exe
        
        c:\lrrxrrl.exe
        725⤵
        
        PID:2740
        
        \??\c:\rfflrrx.exe
        
        c:\rfflrrx.exe
        726⤵
        
        PID:2628
        
        \??\c:\5xxxxff.exe
        
        c:\5xxxxff.exe
        727⤵
        
        PID:2664
        
        \??\c:\lrrrxrx.exe
        
        c:\lrrrxrx.exe
        728⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        \??\c:\hnbbtb.exe
        
        c:\hnbbtb.exe
        729⤵
        
        PID:5108
        
        \??\c:\nhbhnn.exe
        
        c:\nhbhnn.exe
        730⤵
        
        PID:764
        
        \??\c:\nbtnnh.exe
        
        c:\nbtnnh.exe
        731⤵
        
        PID:2972
        
        \??\c:\7jjjj.exe
        
        c:\7jjjj.exe
        732⤵
        
        PID:720
        
        \??\c:\jvpdv.exe
        
        c:\jvpdv.exe
        733⤵
        
        PID:1396
        
        \??\c:\vdjdj.exe
        
        c:\vdjdj.exe
        734⤵
        
        PID:4556
        
        \??\c:\djpdv.exe
        
        c:\djpdv.exe
        735⤵
        
        PID:3472
        
        \??\c:\dvpjj.exe
        
        c:\dvpjj.exe
        736⤵
        
        PID:1928
        
        \??\c:\7rxrrfl.exe
        
        c:\7rxrrfl.exe
        737⤵
        
        PID:4168
        
        \??\c:\lxxlfxr.exe
        
        c:\lxxlfxr.exe
        738⤵
        
        PID:3184
        
        \??\c:\xlllxrx.exe
        
        c:\xlllxrx.exe
        739⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        \??\c:\rrxflxl.exe
        
        c:\rrxflxl.exe
        740⤵
        
        PID:5100
        
        \??\c:\rxxflrr.exe
        
        c:\rxxflrr.exe
        741⤵
        
        PID:2512
        
        \??\c:\bnnbnb.exe
        
        c:\bnnbnb.exe
        742⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        \??\c:\nthtnb.exe
        
        c:\nthtnb.exe
        743⤵
        
        PID:4812
        
        \??\c:\djddj.exe
        
        c:\djddj.exe
        744⤵
        
        PID:3332
        
        \??\c:\ppjjd.exe
        
        c:\ppjjd.exe
        745⤵
        
        PID:2200
        
        \??\c:\1frxrlx.exe
        
        c:\1frxrlx.exe
        746⤵
        
        PID:232
        
        \??\c:\rrfxrrl.exe
        
        c:\rrfxrrl.exe
        747⤵
        
        PID:2380
        
        \??\c:\xxrrlrr.exe
        
        c:\xxrrlrr.exe
        748⤵
        
        PID:5012
        
        \??\c:\ppppj.exe
        
        c:\ppppj.exe
        749⤵
        
        PID:1840
        
        \??\c:\1pjjj.exe
        
        c:\1pjjj.exe
        750⤵
        
        PID:216
        
        \??\c:\pdvvp.exe
        
        c:\pdvvp.exe
        751⤵
        
        PID:1372
        
        \??\c:\jdpjv.exe
        
        c:\jdpjv.exe
        752⤵
        
        PID:780
        
        \??\c:\3xlllrr.exe
        
        c:\3xlllrr.exe
        753⤵
        
        PID:2004
        
        \??\c:\llfxxxr.exe
        
        c:\llfxxxr.exe
        754⤵
        
        PID:2768
        
        \??\c:\llfxxlr.exe
        
        c:\llfxxlr.exe
        755⤵
        
        PID:2304
        
        \??\c:\xllllll.exe
        
        c:\xllllll.exe
        756⤵
        
        PID:4716
        
        \??\c:\xrfxxff.exe
        
        c:\xrfxxff.exe
        757⤵
        
        PID:3080
        
        \??\c:\xffrlrr.exe
        
        c:\xffrlrr.exe
        758⤵
        
        PID:3972
        
        \??\c:\5flllll.exe
        
        c:\5flllll.exe
        759⤵
        
        PID:1864
        
        \??\c:\vppvp.exe
        
        c:\vppvp.exe
        760⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        \??\c:\9ppjj.exe
        
        c:\9ppjj.exe
        761⤵
        
        PID:3544
        
        \??\c:\5vpdv.exe
        
        c:\5vpdv.exe
        762⤵
        
        PID:4444
        
        \??\c:\9pjpd.exe
        
        c:\9pjpd.exe
        763⤵
        
        PID:1688
        
        \??\c:\hnnhht.exe
        
        c:\hnnhht.exe
        764⤵
        
        PID:2924
        
        \??\c:\httttt.exe
        
        c:\httttt.exe
        765⤵
        
        PID:3596
        
        \??\c:\hnttht.exe
        
        c:\hnttht.exe
        766⤵
        
        PID:4708
        
        \??\c:\htnhbt.exe
        
        c:\htnhbt.exe
        767⤵
        
        PID:3840
        
        \??\c:\vdvvv.exe
        
        c:\vdvvv.exe
        768⤵
        
        PID:2188
        
        \??\c:\vjdvd.exe
        
        c:\vjdvd.exe
        769⤵
        
        PID:5000
        
        \??\c:\pvjpv.exe
        
        c:\pvjpv.exe
        770⤵
        
        PID:1400
        
        \??\c:\vvjjj.exe
        
        c:\vvjjj.exe
        771⤵
        
        PID:3240
        
        \??\c:\jvpvd.exe
        
        c:\jvpvd.exe
        772⤵
        
        PID:2472
        
        \??\c:\jpddd.exe
        
        c:\jpddd.exe
        773⤵
        
        PID:1416
        
        \??\c:\jpddd.exe
        
        c:\jpddd.exe
        774⤵
        
        PID:768
        
        \??\c:\bbnntt.exe
        
        c:\bbnntt.exe
        775⤵
        
        PID:1452
        
        \??\c:\thnhhh.exe
        
        c:\thnhhh.exe
        776⤵
        
        PID:3744
        
        \??\c:\nthhnt.exe
        
        c:\nthhnt.exe
        777⤵
        
        PID:4748
        
        \??\c:\tnnhbb.exe
        
        c:\tnnhbb.exe
        778⤵
        
        PID:1036
        
        \??\c:\flxlfrr.exe
        
        c:\flxlfrr.exe
        779⤵
        
        PID:2292
        
        \??\c:\5ffxrll.exe
        
        c:\5ffxrll.exe
        780⤵
        
        PID:2240
        
        \??\c:\ffrrrrr.exe
        
        c:\ffrrrrr.exe
        781⤵
        
        PID:3504
        
        \??\c:\llffxfl.exe
        
        c:\llffxfl.exe
        782⤵
        
        PID:4928
        
        \??\c:\ffrrlxf.exe
        
        c:\ffrrlxf.exe
        783⤵
        
        PID:3112
        
        \??\c:\pvddd.exe
        
        c:\pvddd.exe
        784⤵
        
        PID:2684
        
        \??\c:\dvppp.exe
        
        c:\dvppp.exe
        785⤵
        
        PID:4760
        
        \??\c:\jpddd.exe
        
        c:\jpddd.exe
        786⤵
        
        PID:2176
        
        \??\c:\vdjjp.exe
        
        c:\vdjjp.exe
        787⤵
        
        PID:5040
        
        \??\c:\flrrrfx.exe
        
        c:\flrrrfx.exe
        788⤵
        
        PID:1692
        
        \??\c:\xrxxrxl.exe
        
        c:\xrxxrxl.exe
        789⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        \??\c:\fflxfrl.exe
        
        c:\fflxfrl.exe
        790⤵
        
        PID:4984
        
        \??\c:\rrlxrlf.exe
        
        c:\rrlxrlf.exe
        791⤵
        
        PID:2440
        
        \??\c:\xfxxxff.exe
        
        c:\xfxxxff.exe
        792⤵
        
        PID:4064
        
        \??\c:\fxfffll.exe
        
        c:\fxfffll.exe
        793⤵
        
        PID:1892
        
        \??\c:\9fflrxf.exe
        
        c:\9fflrxf.exe
        794⤵
        
        PID:2120
        
        \??\c:\lfrrrlr.exe
        
        c:\lfrrrlr.exe
        795⤵
        
        PID:4308
        
        \??\c:\fllllll.exe
        
        c:\fllllll.exe
        796⤵
        
        PID:1636
        
        \??\c:\lxrrrfr.exe
        
        c:\lxrrrfr.exe
        797⤵
        
        PID:3560
        
        \??\c:\1ffflrr.exe
        
        c:\1ffflrr.exe
        798⤵
        
        PID:4420
        
        \??\c:\llxxrxf.exe
        
        c:\llxxrxf.exe
        799⤵
        
        PID:3844
        
        \??\c:\rxxrlrl.exe
        
        c:\rxxrlrl.exe
        800⤵
        
        PID:4600
        
        \??\c:\xrrfxxx.exe
        
        c:\xrrfxxx.exe
        801⤵
        
        PID:3476
        
        \??\c:\lffxxxr.exe
        
        c:\lffxxxr.exe
        802⤵
        
        PID:1328
        
        \??\c:\pjjdd.exe
        
        c:\pjjdd.exe
        803⤵
        
        PID:1212
        
        \??\c:\dvvvv.exe
        
        c:\dvvvv.exe
        804⤵
        
        PID:3932
        
        \??\c:\pvjpd.exe
        
        c:\pvjpd.exe
        805⤵
        
        PID:4488
        
        \??\c:\1jvpp.exe
        
        c:\1jvpp.exe
        806⤵
        
        PID:5016
        
        \??\c:\jvjpj.exe
        
        c:\jvjpj.exe
        807⤵
        
        PID:2100
        
        \??\c:\jjvvd.exe
        
        c:\jjvvd.exe
        808⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        \??\c:\bhbbtt.exe
        
        c:\bhbbtt.exe
        809⤵
        
        PID:4100
        
        \??\c:\hhbbbh.exe
        
        c:\hhbbbh.exe
        810⤵
        
        PID:944
        
        \??\c:\hbhhhb.exe
        
        c:\hbhhhb.exe
        811⤵
        
        PID:2208
        
        \??\c:\nhtbnn.exe
        
        c:\nhtbnn.exe
        812⤵
        
        PID:4480
        
        \??\c:\tbnnhh.exe
        
        c:\tbnnhh.exe
        813⤵
        
        PID:1768
        
        \??\c:\9thntb.exe
        
        c:\9thntb.exe
        814⤵
        
        PID:3308
        
        \??\c:\3bnnbh.exe
        
        c:\3bnnbh.exe
        815⤵
        
        PID:4728
        
        \??\c:\nbntbh.exe
        
        c:\nbntbh.exe
        816⤵
        
        PID:3000
        
        \??\c:\ntnnnt.exe
        
        c:\ntnnnt.exe
        817⤵
        
        PID:1316
        
        \??\c:\3nnttb.exe
        
        c:\3nnttb.exe
        818⤵
        
        PID:2196
        
        \??\c:\5jvpp.exe
        
        c:\5jvpp.exe
        819⤵
        
        PID:4356
        
        \??\c:\vpjjp.exe
        
        c:\vpjjp.exe
        820⤵
        
        PID:2304
        
        \??\c:\pjpjp.exe
        
        c:\pjpjp.exe
        821⤵
        
        PID:2436
        
        \??\c:\vvppp.exe
        
        c:\vvppp.exe
        822⤵
        
        PID:1932
        
        \??\c:\hbhnhh.exe
        
        c:\hbhnhh.exe
        823⤵
        
        PID:3376
        
        \??\c:\bbbnnn.exe
        
        c:\bbbnnn.exe
        824⤵
        
        PID:4920
        
        \??\c:\hhbthh.exe
        
        c:\hhbthh.exe
        825⤵
        
        PID:4712
        
        \??\c:\bntnhb.exe
        
        c:\bntnhb.exe
        826⤵
        
        PID:4444
        
        \??\c:\hbhhhn.exe
        
        c:\hbhhhn.exe
        827⤵
        
        PID:3620
        
        \??\c:\bhnnnh.exe
        
        c:\bhnnnh.exe
        828⤵
        System Location Discovery: System Language Discovery
        
        PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1nbtnn.exe

Filesize
3.7MB

MD5
3cc633238d0f6b2eb6bf6487d6a942b1

SHA1
6f0a3a526bb25fc94bdb1bfa9e15955aebcd93fc

SHA256
894e61d8067d21d79adea98186993585d8d5104228581ec3d345858e05f68cd3

SHA512
5044e54fccfbc92b95994ee9401d8b571ae7d06aa123b583280784757e938992c8f51fccbf7f8f0461bdb4d79237b4435ab43cdef29aecf25337180fa662aa3e

Download Submit
C:\3bnnhn.exe

Filesize
3.7MB

MD5
f9d24d4dcb4e2f60774d7128313dbb0f

SHA1
725e16ddf9d9b653c330e749cb4c2d029202b5c6

SHA256
e1df66ffbe7e6e4ff871b040c8cfbae18f692d5d5d585fbeca9869e62b59f3dc

SHA512
bcb80478924783ff1851ae62ecfc3c0832d0499a5256cf847a5825d22f4472d9c2822a59036f281e7f9a0d0c2d105beb3af597cc15b76999822fd28e67ac9763

Download Submit
C:\3xllflr.exe

Filesize
3.7MB

MD5
d447721f6708b522fed321fa86b970ed

SHA1
b409284033036dbf42391f64a5d2399e3fd99bf9

SHA256
b968a11cfd9b65c2fa99848416594006a56c89b970907f077be44167c5fc6b59

SHA512
79151c52d34bf2b568afe7e8a7e7f891ed84480cb58199fdbf84e9e1d3a83f310dce165d6f4c747826f4d32fdb6b3cc8e876d2c82663bb76cd0364fd8acb4881

Download Submit
C:\7jvvp.exe

Filesize
3.7MB

MD5
b4fa76c1784242a6fabe67e264128010

SHA1
5ade47b713a86321a7becf0a28f2fbddade6e838

SHA256
04cc3805d56c764001902848290d38f36d668e03eac8552838ad69bbbf10c244

SHA512
52bc30985bb2ef063f99aa5abf76792d3a60ebfd166c08cd5440cce2982d27dcdc53eae8879ac6f24cb7c952c38a705ae29c14d51cf7127f3942214812bab551

Download Submit
C:\bbnbhh.exe

Filesize
3.7MB

MD5
044eb2fdcfdcea0524bf35e1867e09a0

SHA1
acf656a2fd63e89cdb04d5f238bd949f31ca2a58

SHA256
9e340b47fcf89fb560b011d4c8b6440f106aa310447f3d919982b64fc648ed92

SHA512
7ee33530bc3d2509bd89b84ae6c1a11afef224aab8bb46583b4eb3eee88f5d0b5f205cf7c629a9812860e248f799bd3c847e3fd081a7c6caf92645879cd49bdb

Download Submit
C:\bhbthh.exe

Filesize
3.7MB

MD5
c99cb0c34ee6174f2e6ba875b9c3f67e

SHA1
47f97e20b77f6962fd35d93b30fc1e0461c0744e

SHA256
8a94b526199e213d724aede0a0ae7a25b9dceb3744132a3eb28c73f979865fb1

SHA512
4c51f62f9bb0b310f9a68740d3d19a577e77fb145f367bc6c50d2253e97481e532a8c770adbf7fa466e77e8df14704bd8a6af8fbb02e19f1a33fe58c5690c990

Download Submit
C:\bhnnnn.exe

Filesize
3.7MB

MD5
f0ec8e416aa755a073964b5f722e7fc7

SHA1
af8f34f37149f64b4d22f745f58e40678a3ba2d7

SHA256
c5421f64115665b458de0b043885566e3d0ea32e8d44399ade02ee3f5d424a20

SHA512
986bd9d93482d7a5085ae69a79d0983156e0c0611f3981cde4104178f335e099554829cdda982ef122490b6890be2f3b87dba54c7f6ac58faafef860f04ef83c

Download Submit
C:\djvvd.exe

Filesize
3.7MB

MD5
9ac027446c698796ed207ac0b6f868b6

SHA1
ff4bfd59fcd3d53ddf84fb5eca152a9893e5f240

SHA256
505addcbe206a20ae5b5f2e39ee0adb548a24ddd71fa504133a0639119bd2bb8

SHA512
7a13eabcf5c787d46298bd3060d903beb4d47acb4b64b75e607d71203e5d66ddf07f4a1d8a493d430fc972e239ade4bfa2267e7cb122ec1961af922e5f225015

Download Submit
C:\flrrlrr.exe

Filesize
3.7MB

MD5
c2493b174c5efa74631f0620cd4f6c6a

SHA1
8d078253b058d51e27e3ec77e8b3c015ff5e0866

SHA256
4f4969d3eb1af7b2db2ad5a57e423f992429acf623c4abb8b03b3cb402eb18cb

SHA512
edef534f148fa79ff549d2092b764352867892a9d908033c686502a637b1675dc4c0e64f7ed29164980f3894db64e4357606eac50ffef48134009fb102cf5584

Download Submit
C:\hbnnhh.exe

Filesize
3.7MB

MD5
89a9fcb40f6a677ef7278ba8c40f2502

SHA1
80217a26809ce54de12dcfa29399d3efa57486f0

SHA256
a2306498e994e1386a438a77e6ff93521d23ea589b98d3404a395184439657e9

SHA512
26635c1b1397b4e150da52e33f1617f9e78c7a4944bae234c443d354b1af6703a8361e67b874321fe63b5a63d9eb71dd81b52642c6da3499349be481aa4ad894

Download Submit
C:\hhnnnn.exe

Filesize
3.7MB

MD5
11302b126b221ba6053a215389f35d6a

SHA1
72f72674ed3d2033e806d2bf71737e68fb3e698f

SHA256
3cfffe1b678a7bce677abd57fb11620117d8226b424756ca0cff3b8937b984ab

SHA512
2f7e0cc7ae9091acd9f07b41f462f4f71e4d0fbbeca84f45b1dbd4dfdc979c5f63cde2001f19de51040164bbbabde0bf7871a660c3a5294fd0bff6f38c5b832c

Download Submit
C:\hntnnt.exe

Filesize
3.7MB

MD5
39a340877fc3891d7aaa3d36006bb463

SHA1
ac03da2db9687fb7764358e21be3b00ebac7cf0f

SHA256
7f2063397cd2f1fa5e70df7dfa165e0c39e4f8f3ae3f0eee93c492b09514b007

SHA512
2dc446c3911dbbaead6b3f6b1c0c1d312587810c0d0920ef4aef8317777b7639dd115420a80aa90cb3de4a347e4b5d8324e90562bb078a11000a40b91833754d

Download Submit
C:\htbtnt.exe

Filesize
3.7MB

MD5
dffc77d18c9d91773f490dcfb1c2dcbf

SHA1
8f141a37c37b96b7e5b8d72f059d468d7cac70d5

SHA256
f9895be08de9d84b94ef3fbc9715ab576c6145afe4583ffd5eff5a309f566e2a

SHA512
f4b9b72441b0d8b6e65b7361bc8b9a189ded442649c163a11eba8faa186071e7fc68a18c4aeeaf296b12ea1231fca294bea65f1a3598a2c9c05d1077e8a52444

Download Submit
C:\jpjjj.exe

Filesize
3.7MB

MD5
ce7f0e5a612d884ebd44ffb88b97788a

SHA1
f49662c7ff05249fe6a45495bdb772a48b2037a9

SHA256
f5de8b8bcdae6da66e9757bdb52ff5575d699935deba2b05e8d9eafc147e6821

SHA512
561a88cc8aa070bde3ebc553c0d5d94c7c4d2aa2681ca15523e9f2773139f47b0b65b4810204085ab32e8fcc1e163e6cf4e36bba7abcb17dab947dd053ff4bd6

Download Submit
C:\jvjjd.exe

Filesize
3.7MB

MD5
3dca0a7c9a18d8ae7cb89d896f116d7b

SHA1
a1dfb64bb3058214770ab36ab0732f5bcbe7501b

SHA256
27a400007c032ee4312a73dca45b1f25884098e16b491afc33e1c5beee3f424b

SHA512
c7c361563315fcfadaabebef50f38dcc96d689b1e9c64e5b358a09daa7e445517613c31f765166cb65342f0a958aa15b090f9971ec54a33240f71a59e4158571

Download Submit
C:\jvppp.exe

Filesize
3.7MB

MD5
ff0dde78694cd1cdc8b705ec1d17bde5

SHA1
ce37475ade3037478a62e743cda74a2110054b43

SHA256
9008bea721445bc0beede4869c86e84bbe084f3b33e5d446fd83411469dfab9e

SHA512
4d9df68f8a0beeec7677ad4de5fda7e9e6225804621e9e4c5a6f67e6d0997173c0178ac16f32050b2ba2d635832481de3aeeb95dd45436d4e6e9cfc64c86f1cb

Download Submit
C:\lfffrfl.exe

Filesize
3.7MB

MD5
cedc46cc6254b6ef9aa4bd5d7f5283ca

SHA1
63a72dac58a0432aa14605a559dd35686e7ae941

SHA256
718264795811109f2173f31a03b5587663f6d51dc8926342e159cd3ae3737a0b

SHA512
3a6d2401c1326ba0eca0aebc39ba7fb1e7a1d023143a2f030ee0006a1c000a461783ed8019842b63d28b72d6daccfcea0aa247a20ef19505b53a31f1f79e3ed3

Download Submit
C:\lfrfxll.exe

Filesize
3.7MB

MD5
2ffead5c6bfc5e9f08d8f82215dde083

SHA1
fe3fb30de8dea2894cdd672cc164c3ab3669569d

SHA256
73168a8c0b2d70e5b265153dc8b251f0731cbda9078db727da237bba6f0f4579

SHA512
13dc3bc9b2f7df134f185871d45e818af539874efe3db5108a11e216ba1568ccfa841edf0a7ce0db3f2fbc092a55917812c4ad93803dcafb353a55f8174f2674

Download Submit
C:\lllrlxx.exe

Filesize
3.7MB

MD5
d691bb817a0d42c4b9af00e8760449b6

SHA1
5059eb612087c85057663c33144b84fb7d6a212a

SHA256
157c719ab0703969b122ea11603f543c942c39cfbe244f8f1e0a60682b34a738

SHA512
bafa838c4b619872eaa3ad141c5cb4e40c9aa73a2b9abd721d017d70f4b728c8f89d7bbe307581b42e03494a6aa079e932e135097368d58e14f039ff9eaddb7a

Download Submit
C:\lrxrrrl.exe

Filesize
3.7MB

MD5
d81b326b8755877ba3b0dd8290c40832

SHA1
5bf135422c940d32f853b2d59ffd1cb3580b2b94

SHA256
004cde4549965a7a6b5ebda22f9be7cd5830b2d64642ecd2964f40f44d2c9623

SHA512
19b2a0ff3a95e8d94abcb63b84fb8bacffa687cba587f20af083ea32298486d3e9e44cdd5c02d4af364fc4ee0932515021d8bb9bbbf1a2a08083441906b0ce84

Download Submit
C:\pjpvj.exe

Filesize
3.7MB

MD5
213b2e1f24ac4be27a28952a6f67c794

SHA1
ae5b3c60cdc8185593337c03114eab30310d926b

SHA256
cee617b4ceca433a3114c434eae6efb250b8c23828b91a8a224964ba78f3ca91

SHA512
b2fe9432dc9d1532f14fc83fbdcac6477aa1badeac632294e17df576c66f6c52e5dbd1cabb7b146bfe3bb854d6ee41f14e9164bb57c59ca6a5bf1725d9d4600c

Download Submit
C:\rrllffx.exe

Filesize
3.7MB

MD5
4c6a288cb410458455a73c592f8a5daa

SHA1
0eae35d3dc00506886e0587ac760d0a81594f3db

SHA256
03386da2d19eae0c18ae9bf7d968cbb9c6945aa9c76befdf3b82769b51d27cb9

SHA512
0809539ebd885f0e24cc63918148a23f413d53ab1d606847260f3c4c500ceec22a2ece032a931d002358394f33eedd736f47ad7d6c4f9ebd2ba1cd0e70402df0

Download Submit
C:\tnbhbh.exe

Filesize
3.7MB

MD5
3876e44ed4c5afd4ecff74645941fd77

SHA1
610534c2c22c4b39c77eac31b7c80d8f8b0125e6

SHA256
80e44b0800f389e1f3cefa4f5ef6d0397839b6e3a67dd85ea35de0cbf9d79031

SHA512
e04e0555bb9d870228f76b490c610f3f2ecfc9ec2c5c08353ffe94452f012cf41c70576d03b809e18882411ceea24a923f115a77792324db24715e9ce004adea

Download Submit
C:\vdvvj.exe

Filesize
3.7MB

MD5
527886523310bc4bf0604a8be6843ab8

SHA1
e86939cbec5871c6eaefba523bc0310ea9dd1d4b

SHA256
fded5edd92efc818897d225b9ce2316936edc11bb50183c654d8fb0c8df60e02

SHA512
126550a37c25fbbbd3f349256c2307869a61caa26cc0b8805a22284f2387dc13846aecf0bc0b76d089239fc436fba1b71659f9d9647156250d40a8c5e7d23ed0

Download Submit
C:\vpvvv.exe

Filesize
3.7MB

MD5
f3697da377babaada9867334a92e8d57

SHA1
8be7af314bcde2ff661788499b09f2e378eb98b1

SHA256
26b25cbd7369024d95d9d36f96dff1d87725d297b77556d9d11ffc2a13d9778e

SHA512
ba3203b9c34b3b8d20f2cf51f3da39760d1d81dbe49a657c4ce342cec8c9adea79f8a43a48af9c4b8c62c182970dd893b17ba8868f8af5aa3b5fdb7a1390acb5

Download Submit
C:\xrrffff.exe

Filesize
3.7MB

MD5
3c0bc9e7279fd1b8b8bab1c7fab1ab70

SHA1
eeaf919ebc9a11c41f5fafe16366dd491c5eaf4b

SHA256
82a50d391b41a2300cbea30ff5a525ebad0443f8dbe9c4cc675b2e2d38f289f3

SHA512
e9b0d0a3b720702a65652bdfb1e460f8278800c098beabf60e4564d04388d0a2f820168de10766c4038689d88b566be8d88e179071beae13b395a28aa1c1fb79

Download Submit
C:\xxllxrf.exe

Filesize
3.7MB

MD5
2f512f0d6a633652410206ac9170e691

SHA1
98f30c4b03eeb45a598f0a9acb69f78ff293a2f1

SHA256
8e9cce3a3274230d4372aea48b9e1093cbdc825f0f730d31514d0446e518f408

SHA512
ccd959a4fd124f612c4986d6d2d9a5831a0bf4f18e825ef98a445e08012473067ff371701e968b26ca11cc96e5f9e286655fdfaa5cbcad275028ebeba5f87aab

Download Submit
\??\c:\hnbtbb.exe

Filesize
3.7MB

MD5
c03aa737a30ffb458f778373b526fd53

SHA1
cea10a098b4bda774a9d14c1e71c77e91fcf6a03

SHA256
2e496a4965afa933913528d4a1fa53525ad28c9f50b594523c3085859503edce

SHA512
f9d7bc826574119dc05e834fb48b38b86c81c8cc6076504fb0201529fcc40482987d8ed3d5fd90ac23bc098930109ec942546bd128eee52572cfbb941b9e9731

Download Submit
\??\c:\lrfffff.exe

Filesize
3.7MB

MD5
603b5b1c851b1bfe1b3bc69642a7889b

SHA1
49afa1b03df194216a5a84998bd40dc47475ffb6

SHA256
214e07c38d724829ad4b9ce27aaff648331ef24de40a682232acd128f47a97d1

SHA512
181e50345378670dd3ecd2388ce951e86f833bc2ec33be6274058e4c6cdc947f8663720bee004fb2997e44371a7764b3896c2b39a07aacddf75c1ef85222ebcb

Download Submit
\??\c:\ntbbnn.exe

Filesize
3.7MB

MD5
1cb036ad85e81bbeea5b9594e2eda2f7

SHA1
a0933e9c78dc580dd5a006fc03f17c827ac77f0e

SHA256
84d68c87ed4dde2fb3fbfcafc604b02802d800ce3aa738b9ebb7eae5c790e176

SHA512
6f33bbb1d67dc9cc6322d28185077c0957d088b1f749ac5c6bd1d557faa13173410c0ff053993bed498fd453b2049b1a9a58ea5e2730cd2b8f0ae6212dbbdc89

Download Submit
\??\c:\rlllfll.exe

Filesize
3.7MB

MD5
23692a8d7b98259c150a81215b8520a8

SHA1
4928c623f873e3ff4a59c56c86295a01577dca21

SHA256
d2900f64b06166526b0eefeeb876542eb7329b0989307be166926417be9476d0

SHA512
8aeebf0cd4de940e7035b1422677e8b880616c7618b418aeca5794f5cc1245cc77fbb2638c61df9155f802efe5e416a180d82c1ce3629a6c9fcd9bed70c86090

Download Submit
\??\c:\thbtnt.exe

Filesize
3.7MB

MD5
efa7eefe21bee1cdb3c16592be9d6e2c

SHA1
f3b98f2ffc5a4e0701a96c8a1aa4a14d4877f152

SHA256
1cb581d1c663e64f46059d5cff98928a08690e2a4d310b9000c0ae601e03db16

SHA512
f1e7baab52a38eeccdc0c8c5037ffad1d2f6210d05824c2344ec5024c444093024233c025e17007d7a0256d98a6c56cd7ec1547d3a78192c965c2302a855ba97

Download Submit
memory/368-349-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/632-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/632-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/780-521-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/812-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/860-47-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/864-226-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/868-294-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1036-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1040-615-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1096-246-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1096-250-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1320-578-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1344-134-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1408-19-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1632-41-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1712-35-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2072-433-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2084-323-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2120-779-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2156-77-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2192-559-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2276-707-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2292-1221-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2360-775-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2556-1554-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2648-284-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2952-1313-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2952-190-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2968-65-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3004-141-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3016-88-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3024-637-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3040-25-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3048-353-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3092-394-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3112-746-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3132-472-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3208-274-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3240-727-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3332-185-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3440-313-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3528-211-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3540-93-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3564-921-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3564-100-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3620-410-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3912-461-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3936-128-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3952-407-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4012-549-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4060-105-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4088-11-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4160-159-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4300-468-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4388-378-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4388-714-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4420-142-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4428-207-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4496-261-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4592-1205-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4636-194-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4708-260-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4760-117-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4840-245-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4848-1889-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4876-13-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4956-339-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4984-111-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4984-765-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5016-152-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5068-1300-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5080-160-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download