blackmoon | 7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2024, 15:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe
Size

454KB
MD5

a665cc6203e7c92f90676d458e9dffb1
SHA1

9e10bb4afdf9c4e79485da562ec15223a65a4ef5
SHA256

7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41
SHA512

1301250d8939359f8af928ecda718341b0352bc6a4b211f48c5c758443f747b62edb8f88b4ff3f68be000be964fbf513912e31815228e26bf3defeb97da1eec7
SSDEEP

6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeO:q7Tc2NYHUrAwfMp3CDO

Score

10^/10

blackmoon banker discovery trojan upx

Malware Config

Signatures

Blackmoon family
blackmoon
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 64 IoCs

resource	yara_rule
behavioral2/memory/4184-5-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3752-12-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3452-14-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1216-19-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1952-33-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3808-81-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1640-86-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1852-75-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1176-74-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2844-68-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/5036-58-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4520-52-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1196-46-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4008-38-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3576-30-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2384-93-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2020-103-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/5048-110-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3348-127-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1136-126-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2672-149-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4728-145-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4532-158-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/704-175-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2196-185-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3240-194-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3496-204-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4476-210-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/220-232-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4016-240-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4004-249-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4392-253-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1048-257-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4756-264-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1484-280-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1788-281-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3704-297-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/856-304-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1928-324-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3392-334-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1608-353-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/880-357-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3244-361-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1524-371-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1708-375-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2628-379-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2652-383-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1228-393-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2608-397-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3744-428-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3200-441-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1388-457-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/384-464-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/884-492-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1176-523-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2096-527-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3436-537-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1568-553-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/4312-638-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1120-678-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/2552-736-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3496-855-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/1012-1351-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon
behavioral2/memory/3576-1517-0x0000000000400000-0x000000000042A000-memory.dmp	family_blackmoon

Executes dropped EXE 64 IoCs

pid	Process
3752	lllfxrr.exe
3452	3jdvv.exe
1216	xrrlxrl.exe
1952	nhhtnn.exe
3576	vdpjd.exe
4008	fxfxxrr.exe
1196	3lrlfff.exe
4520	ttbtnb.exe
5036	jdjdv.exe
1176	rlrlffx.exe
2844	ntbtnh.exe
1852	hbbbtn.exe
3808	vpvdp.exe
1640	llxfxfl.exe
2384	lfrlffr.exe
2020	1tbnbt.exe
5052	xffxlrf.exe
5048	dppdv.exe
1128	rxxrlfx.exe
1136	3tnhtn.exe
3348	ffrrlrx.exe
2368	httnhh.exe
4728	vjpjv.exe
624	9rlxlfx.exe
2672	hnthbt.exe
4532	pjjdp.exe
5080	xrxlrrl.exe
4872	hhbthb.exe
704	pdvpd.exe
2364	pjjdp.exe
2196	rfxxxxx.exe
4636	tnnhbt.exe
3240	jvvpj.exe
1932	xlrlffr.exe
4236	htthbt.exe
3496	vdpjd.exe
2852	5rxrllx.exe
4476	nhbthb.exe
1660	7pdvj.exe
3748	fllfrlf.exe
2884	bnnhtn.exe
4884	jvdpj.exe
1036	pdjdv.exe
3588	fxllxrl.exe
220	httnbb.exe
3252	bnbtnt.exe
4760	vjjvj.exe
4016	llfxrrl.exe
440	lfrrffx.exe
4004	btbtnh.exe
4392	pdpdd.exe
1048	lfrlffx.exe
776	hntnhb.exe
4756	pvjvd.exe
4436	vppjv.exe
3752	rllfllf.exe
1336	nhhhbt.exe
4852	3jdpd.exe
1484	fxlxllf.exe
1788	rfrlrll.exe
1196	ntbbnh.exe
3708	jvjvd.exe
2376	jdjdp.exe
3704	llfrflx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4184-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3752-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3452-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1216-19-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1952-24-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1952-33-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3808-81-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1640-86-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1852-75-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1176-74-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2844-68-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/5036-58-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4520-52-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1196-46-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4008-38-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3576-30-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2384-93-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/5052-104-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2020-103-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/5048-110-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3348-127-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1136-126-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2672-149-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4728-145-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4532-158-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/704-175-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2196-185-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3240-194-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3496-204-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4476-210-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/220-232-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4016-240-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4004-249-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4392-253-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1048-257-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4756-264-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1484-280-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1788-281-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3704-297-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/856-304-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1928-320-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1928-324-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3392-334-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1608-353-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/880-357-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3244-361-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1524-371-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1708-375-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2628-379-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2652-383-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1228-393-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2608-397-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3744-428-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3200-441-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1388-457-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/384-464-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/884-492-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1176-523-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2096-527-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3436-537-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1568-553-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4312-638-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1120-678-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2552-736-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bntttn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hhnnhh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rllllll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	htnhbt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lxfxllf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vdjjj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ttbtnb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pvdpd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	htthbt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pjdjd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dpjvj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ppvvj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jddvp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dvvpd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lffffll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9pddv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7nbtnn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vpdvv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vvdvp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9flrrxr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	thnhbh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7xxlrlf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	llfrffr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	frlxlfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bbtnhn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 3752	4184	7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe	82
PID 4184 wrote to memory of 3752	4184	7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe	82
PID 4184 wrote to memory of 3752	4184	7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe	82
PID 3752 wrote to memory of 3452	3752	lllfxrr.exe	83
PID 3752 wrote to memory of 3452	3752	lllfxrr.exe	83
PID 3752 wrote to memory of 3452	3752	lllfxrr.exe	83
PID 3452 wrote to memory of 1216	3452	3jdvv.exe	84
PID 3452 wrote to memory of 1216	3452	3jdvv.exe	84
PID 3452 wrote to memory of 1216	3452	3jdvv.exe	84
PID 1216 wrote to memory of 1952	1216	xrrlxrl.exe	85
PID 1216 wrote to memory of 1952	1216	xrrlxrl.exe	85
PID 1216 wrote to memory of 1952	1216	xrrlxrl.exe	85
PID 1952 wrote to memory of 3576	1952	nhhtnn.exe	86
PID 1952 wrote to memory of 3576	1952	nhhtnn.exe	86
PID 1952 wrote to memory of 3576	1952	nhhtnn.exe	86
PID 3576 wrote to memory of 4008	3576	vdpjd.exe	87
PID 3576 wrote to memory of 4008	3576	vdpjd.exe	87
PID 3576 wrote to memory of 4008	3576	vdpjd.exe	87
PID 4008 wrote to memory of 1196	4008	fxfxxrr.exe	88
PID 4008 wrote to memory of 1196	4008	fxfxxrr.exe	88
PID 4008 wrote to memory of 1196	4008	fxfxxrr.exe	88
PID 1196 wrote to memory of 4520	1196	3lrlfff.exe	89
PID 1196 wrote to memory of 4520	1196	3lrlfff.exe	89
PID 1196 wrote to memory of 4520	1196	3lrlfff.exe	89
PID 4520 wrote to memory of 5036	4520	ttbtnb.exe	90
PID 4520 wrote to memory of 5036	4520	ttbtnb.exe	90
PID 4520 wrote to memory of 5036	4520	ttbtnb.exe	90
PID 5036 wrote to memory of 1176	5036	jdjdv.exe	91
PID 5036 wrote to memory of 1176	5036	jdjdv.exe	91
PID 5036 wrote to memory of 1176	5036	jdjdv.exe	91
PID 1176 wrote to memory of 2844	1176	rlrlffx.exe	92
PID 1176 wrote to memory of 2844	1176	rlrlffx.exe	92
PID 1176 wrote to memory of 2844	1176	rlrlffx.exe	92
PID 2844 wrote to memory of 1852	2844	ntbtnh.exe	93
PID 2844 wrote to memory of 1852	2844	ntbtnh.exe	93
PID 2844 wrote to memory of 1852	2844	ntbtnh.exe	93
PID 1852 wrote to memory of 3808	1852	hbbbtn.exe	94
PID 1852 wrote to memory of 3808	1852	hbbbtn.exe	94
PID 1852 wrote to memory of 3808	1852	hbbbtn.exe	94
PID 3808 wrote to memory of 1640	3808	vpvdp.exe	95
PID 3808 wrote to memory of 1640	3808	vpvdp.exe	95
PID 3808 wrote to memory of 1640	3808	vpvdp.exe	95
PID 1640 wrote to memory of 2384	1640	llxfxfl.exe	96
PID 1640 wrote to memory of 2384	1640	llxfxfl.exe	96
PID 1640 wrote to memory of 2384	1640	llxfxfl.exe	96
PID 2384 wrote to memory of 2020	2384	lfrlffr.exe	97
PID 2384 wrote to memory of 2020	2384	lfrlffr.exe	97
PID 2384 wrote to memory of 2020	2384	lfrlffr.exe	97
PID 2020 wrote to memory of 5052	2020	1tbnbt.exe	98
PID 2020 wrote to memory of 5052	2020	1tbnbt.exe	98
PID 2020 wrote to memory of 5052	2020	1tbnbt.exe	98
PID 5052 wrote to memory of 5048	5052	xffxlrf.exe	99
PID 5052 wrote to memory of 5048	5052	xffxlrf.exe	99
PID 5052 wrote to memory of 5048	5052	xffxlrf.exe	99
PID 5048 wrote to memory of 1128	5048	dppdv.exe	100
PID 5048 wrote to memory of 1128	5048	dppdv.exe	100
PID 5048 wrote to memory of 1128	5048	dppdv.exe	100
PID 1128 wrote to memory of 1136	1128	rxxrlfx.exe	101
PID 1128 wrote to memory of 1136	1128	rxxrlfx.exe	101
PID 1128 wrote to memory of 1136	1128	rxxrlfx.exe	101
PID 1136 wrote to memory of 3348	1136	3tnhtn.exe	102
PID 1136 wrote to memory of 3348	1136	3tnhtn.exe	102
PID 1136 wrote to memory of 3348	1136	3tnhtn.exe	102
PID 3348 wrote to memory of 2368	3348	ffrrlrx.exe	103

C:\Users\Admin\AppData\Local\Temp\7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe
"C:\Users\Admin\AppData\Local\Temp\7d4e5a991dc90508f420573b7b3bfebeee329bf2b26d91bd972acd3327940e41.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4184
- \??\c:\lllfxrr.exe
  c:\lllfxrr.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3752
- - \??\c:\3jdvv.exe
    c:\3jdvv.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3452
  - - \??\c:\xrrlxrl.exe
      c:\xrrlxrl.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1216
    - - \??\c:\nhhtnn.exe
        
        c:\nhhtnn.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1952
      - \??\c:\vdpjd.exe
        
        c:\vdpjd.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3576
        
        \??\c:\fxfxxrr.exe
        
        c:\fxfxxrr.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4008
        
        \??\c:\3lrlfff.exe
        
        c:\3lrlfff.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1196
        
        \??\c:\ttbtnb.exe
        
        c:\ttbtnb.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4520
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5036
        
        \??\c:\rlrlffx.exe
        
        c:\rlrlffx.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1176
        
        \??\c:\ntbtnh.exe
        
        c:\ntbtnh.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        \??\c:\hbbbtn.exe
        
        c:\hbbbtn.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1852
        
        \??\c:\vpvdp.exe
        
        c:\vpvdp.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        \??\c:\llxfxfl.exe
        
        c:\llxfxfl.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        \??\c:\lfrlffr.exe
        
        c:\lfrlffr.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2384
        
        \??\c:\1tbnbt.exe
        
        c:\1tbnbt.exe
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2020
        
        \??\c:\xffxlrf.exe
        
        c:\xffxlrf.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5052
        
        \??\c:\dppdv.exe
        
        c:\dppdv.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5048
        
        \??\c:\rxxrlfx.exe
        
        c:\rxxrlfx.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1128
        
        \??\c:\3tnhtn.exe
        
        c:\3tnhtn.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1136
        
        \??\c:\ffrrlrx.exe
        
        c:\ffrrlrx.exe
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3348
        
        \??\c:\httnhh.exe
        
        c:\httnhh.exe
        23⤵
        Executes dropped EXE
        
        PID:2368
        
        \??\c:\vjpjv.exe
        
        c:\vjpjv.exe
        24⤵
        Executes dropped EXE
        
        PID:4728
        
        \??\c:\9rlxlfx.exe
        
        c:\9rlxlfx.exe
        25⤵
        Executes dropped EXE
        
        PID:624
        
        \??\c:\hnthbt.exe
        
        c:\hnthbt.exe
        26⤵
        Executes dropped EXE
        
        PID:2672
        
        \??\c:\pjjdp.exe
        
        c:\pjjdp.exe
        27⤵
        Executes dropped EXE
        
        PID:4532
        
        \??\c:\xrxlrrl.exe
        
        c:\xrxlrrl.exe
        28⤵
        Executes dropped EXE
        
        PID:5080
        
        \??\c:\hhbthb.exe
        
        c:\hhbthb.exe
        29⤵
        Executes dropped EXE
        
        PID:4872
        
        \??\c:\pdvpd.exe
        
        c:\pdvpd.exe
        30⤵
        Executes dropped EXE
        
        PID:704
        
        \??\c:\pjjdp.exe
        
        c:\pjjdp.exe
        31⤵
        Executes dropped EXE
        
        PID:2364
        
        \??\c:\rfxxxxx.exe
        
        c:\rfxxxxx.exe
        32⤵
        Executes dropped EXE
        
        PID:2196
        
        \??\c:\tnnhbt.exe
        
        c:\tnnhbt.exe
        33⤵
        Executes dropped EXE
        
        PID:4636
        
        \??\c:\jvvpj.exe
        
        c:\jvvpj.exe
        34⤵
        Executes dropped EXE
        
        PID:3240
        
        \??\c:\xlrlffr.exe
        
        c:\xlrlffr.exe
        35⤵
        Executes dropped EXE
        
        PID:1932
        
        \??\c:\htthbt.exe
        
        c:\htthbt.exe
        36⤵
        Executes dropped EXE
        
        PID:4236
        
        \??\c:\vdpjd.exe
        
        c:\vdpjd.exe
        37⤵
        Executes dropped EXE
        
        PID:3496
        
        \??\c:\5rxrllx.exe
        
        c:\5rxrllx.exe
        38⤵
        Executes dropped EXE
        
        PID:2852
        
        \??\c:\nhbthb.exe
        
        c:\nhbthb.exe
        39⤵
        Executes dropped EXE
        
        PID:4476
        
        \??\c:\7pdvj.exe
        
        c:\7pdvj.exe
        40⤵
        Executes dropped EXE
        
        PID:1660
        
        \??\c:\fllfrlf.exe
        
        c:\fllfrlf.exe
        41⤵
        Executes dropped EXE
        
        PID:3748
        
        \??\c:\bnnhtn.exe
        
        c:\bnnhtn.exe
        42⤵
        Executes dropped EXE
        
        PID:2884
        
        \??\c:\jvdpj.exe
        
        c:\jvdpj.exe
        43⤵
        Executes dropped EXE
        
        PID:4884
        
        \??\c:\pdjdv.exe
        
        c:\pdjdv.exe
        44⤵
        Executes dropped EXE
        
        PID:1036
        
        \??\c:\fxllxrl.exe
        
        c:\fxllxrl.exe
        45⤵
        Executes dropped EXE
        
        PID:3588
        
        \??\c:\httnbb.exe
        
        c:\httnbb.exe
        46⤵
        Executes dropped EXE
        
        PID:220
        
        \??\c:\bnbtnt.exe
        
        c:\bnbtnt.exe
        47⤵
        Executes dropped EXE
        
        PID:3252
        
        \??\c:\vjjvj.exe
        
        c:\vjjvj.exe
        48⤵
        Executes dropped EXE
        
        PID:4760
        
        \??\c:\llfxrrl.exe
        
        c:\llfxrrl.exe
        49⤵
        Executes dropped EXE
        
        PID:4016
        
        \??\c:\lfrrffx.exe
        
        c:\lfrrffx.exe
        50⤵
        Executes dropped EXE
        
        PID:440
        
        \??\c:\btbtnh.exe
        
        c:\btbtnh.exe
        51⤵
        Executes dropped EXE
        
        PID:4004
        
        \??\c:\pdpdd.exe
        
        c:\pdpdd.exe
        52⤵
        Executes dropped EXE
        
        PID:4392
        
        \??\c:\lfrlffx.exe
        
        c:\lfrlffx.exe
        53⤵
        Executes dropped EXE
        
        PID:1048
        
        \??\c:\hntnhb.exe
        
        c:\hntnhb.exe
        54⤵
        Executes dropped EXE
        
        PID:776
        
        \??\c:\pvjvd.exe
        
        c:\pvjvd.exe
        55⤵
        Executes dropped EXE
        
        PID:4756
        
        \??\c:\vppjv.exe
        
        c:\vppjv.exe
        56⤵
        Executes dropped EXE
        
        PID:4436
        
        \??\c:\rllfllf.exe
        
        c:\rllfllf.exe
        57⤵
        Executes dropped EXE
        
        PID:3752
        
        \??\c:\nhhhbt.exe
        
        c:\nhhhbt.exe
        58⤵
        Executes dropped EXE
        
        PID:1336
        
        \??\c:\3jdpd.exe
        
        c:\3jdpd.exe
        59⤵
        Executes dropped EXE
        
        PID:4852
        
        \??\c:\fxlxllf.exe
        
        c:\fxlxllf.exe
        60⤵
        Executes dropped EXE
        
        PID:1484
        
        \??\c:\rfrlrll.exe
        
        c:\rfrlrll.exe
        61⤵
        Executes dropped EXE
        
        PID:1788
        
        \??\c:\ntbbnh.exe
        
        c:\ntbbnh.exe
        62⤵
        Executes dropped EXE
        
        PID:1196
        
        \??\c:\jvjvd.exe
        
        c:\jvjvd.exe
        63⤵
        Executes dropped EXE
        
        PID:3708
        
        \??\c:\jdjdp.exe
        
        c:\jdjdp.exe
        64⤵
        Executes dropped EXE
        
        PID:2376
        
        \??\c:\llfrflx.exe
        
        c:\llfrflx.exe
        65⤵
        Executes dropped EXE
        
        PID:3704
        
        \??\c:\hnthtb.exe
        
        c:\hnthtb.exe
        66⤵
        
        PID:5036
        
        \??\c:\jjpjd.exe
        
        c:\jjpjd.exe
        67⤵
        
        PID:856
        
        \??\c:\pddvj.exe
        
        c:\pddvj.exe
        68⤵
        
        PID:2704
        
        \??\c:\rflffrr.exe
        
        c:\rflffrr.exe
        69⤵
        
        PID:2696
        
        \??\c:\tbbtnh.exe
        
        c:\tbbtnh.exe
        70⤵
        
        PID:3276
        
        \??\c:\hnhtnn.exe
        
        c:\hnhtnn.exe
        71⤵
        
        PID:2228
        
        \??\c:\jvvdp.exe
        
        c:\jvvdp.exe
        72⤵
        
        PID:3732
        
        \??\c:\xlllxfx.exe
        
        c:\xlllxfx.exe
        73⤵
        
        PID:1928
        
        \??\c:\hbtnhh.exe
        
        c:\hbtnhh.exe
        74⤵
        
        PID:324
        
        \??\c:\ppdvd.exe
        
        c:\ppdvd.exe
        75⤵
        
        PID:1640
        
        \??\c:\rrxlxrf.exe
        
        c:\rrxlxrf.exe
        76⤵
        
        PID:3392
        
        \??\c:\frrfrlf.exe
        
        c:\frrfrlf.exe
        77⤵
        
        PID:3212
        
        \??\c:\ntbtnh.exe
        
        c:\ntbtnh.exe
        78⤵
        
        PID:5044
        
        \??\c:\dvpjv.exe
        
        c:\dvpjv.exe
        79⤵
        
        PID:3440
        
        \??\c:\rxfrflf.exe
        
        c:\rxfrflf.exe
        80⤵
        
        PID:228
        
        \??\c:\rllxrlf.exe
        
        c:\rllxrlf.exe
        81⤵
        
        PID:1924
        
        \??\c:\bbhhhh.exe
        
        c:\bbhhhh.exe
        82⤵
        
        PID:1608
        
        \??\c:\vjvjd.exe
        
        c:\vjvjd.exe
        83⤵
        
        PID:880
        
        \??\c:\frlxlfx.exe
        
        c:\frlxlfx.exe
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
        
        \??\c:\7llxrlf.exe
        
        c:\7llxrlf.exe
        85⤵
        
        PID:464
        
        \??\c:\nttnhb.exe
        
        c:\nttnhb.exe
        86⤵
        
        PID:1580
        
        \??\c:\jvvpj.exe
        
        c:\jvvpj.exe
        87⤵
        
        PID:1524
        
        \??\c:\jjjdv.exe
        
        c:\jjjdv.exe
        88⤵
        
        PID:1708
        
        \??\c:\frrfrrf.exe
        
        c:\frrfrrf.exe
        89⤵
        
        PID:2628
        
        \??\c:\3tnhtt.exe
        
        c:\3tnhtt.exe
        90⤵
        
        PID:2652
        
        \??\c:\pvvvv.exe
        
        c:\pvvvv.exe
        91⤵
        
        PID:1448
        
        \??\c:\9fxlfxl.exe
        
        c:\9fxlfxl.exe
        92⤵
        
        PID:1212
        
        \??\c:\xlrlxrf.exe
        
        c:\xlrlxrf.exe
        93⤵
        
        PID:1228
        
        \??\c:\nbtnbt.exe
        
        c:\nbtnbt.exe
        94⤵
        
        PID:2608
        
        \??\c:\vppdp.exe
        
        c:\vppdp.exe
        95⤵
        
        PID:1900
        
        \??\c:\rrrfrrl.exe
        
        c:\rrrfrrl.exe
        96⤵
        
        PID:2436
        
        \??\c:\rxrfxxr.exe
        
        c:\rxrfxxr.exe
        97⤵
        
        PID:2468
        
        \??\c:\nhbtnh.exe
        
        c:\nhbtnh.exe
        98⤵
        
        PID:1700
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        99⤵
        
        PID:2428
        
        \??\c:\pddpj.exe
        
        c:\pddpj.exe
        100⤵
        
        PID:4440
        
        \??\c:\rffrlll.exe
        
        c:\rffrlll.exe
        101⤵
        
        PID:1604
        
        \??\c:\3nnbtn.exe
        
        c:\3nnbtn.exe
        102⤵
        
        PID:4164
        
        \??\c:\thhbnn.exe
        
        c:\thhbnn.exe
        103⤵
        
        PID:3680
        
        \??\c:\vdvpj.exe
        
        c:\vdvpj.exe
        104⤵
        
        PID:3744
        
        \??\c:\xlrfrlf.exe
        
        c:\xlrfrlf.exe
        105⤵
        
        PID:896
        
        \??\c:\nhnbnh.exe
        
        c:\nhnbnh.exe
        106⤵
        
        PID:808
        
        \??\c:\bbhthb.exe
        
        c:\bbhthb.exe
        107⤵
        
        PID:4172
        
        \??\c:\djvvj.exe
        
        c:\djvvj.exe
        108⤵
        
        PID:3200
        
        \??\c:\rrrlxxr.exe
        
        c:\rrrlxxr.exe
        109⤵
        
        PID:2344
        
        \??\c:\tbnbnb.exe
        
        c:\tbnbnb.exe
        110⤵
        
        PID:1636
        
        \??\c:\pvvjd.exe
        
        c:\pvvjd.exe
        111⤵
        
        PID:2724
        
        \??\c:\xffxlfx.exe
        
        c:\xffxlfx.exe
        112⤵
        
        PID:852
        
        \??\c:\nhhbtn.exe
        
        c:\nhhbtn.exe
        113⤵
        
        PID:1388
        
        \??\c:\jvjdj.exe
        
        c:\jvjdj.exe
        114⤵
        
        PID:2760
        
        \??\c:\dddvp.exe
        
        c:\dddvp.exe
        115⤵
        
        PID:384
        
        \??\c:\xrrfrlf.exe
        
        c:\xrrfrlf.exe
        116⤵
        
        PID:3948
        
        \??\c:\htthbt.exe
        
        c:\htthbt.exe
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
        
        \??\c:\3dddp.exe
        
        c:\3dddp.exe
        118⤵
        
        PID:1440
        
        \??\c:\vpvpd.exe
        
        c:\vpvpd.exe
        119⤵
        
        PID:4004
        
        \??\c:\lfxlrrr.exe
        
        c:\lfxlrrr.exe
        120⤵
        
        PID:4392
        
        \??\c:\hbhbht.exe
        
        c:\hbhbht.exe
        121⤵
        
        PID:4460
        
        \??\c:\9bbtnn.exe
        
        c:\9bbtnn.exe
        122⤵
        
        PID:392
        
        \??\c:\vdddp.exe
        
        c:\vdddp.exe
        123⤵
        
        PID:1820
        
        \??\c:\lrrlxrl.exe
        
        c:\lrrlxrl.exe
        124⤵
        
        PID:884
        
        \??\c:\ntbtnh.exe
        
        c:\ntbtnh.exe
        125⤵
        
        PID:4264
        
        \??\c:\5vvpd.exe
        
        c:\5vvpd.exe
        126⤵
        
        PID:2176
        
        \??\c:\xlxrfxr.exe
        
        c:\xlxrfxr.exe
        127⤵
        
        PID:1952
        
        \??\c:\lffxxrx.exe
        
        c:\lffxxrx.exe
        128⤵
        
        PID:3976
        
        \??\c:\3hhtnn.exe
        
        c:\3hhtnn.exe
        129⤵
        
        PID:2252
        
        \??\c:\vjjdd.exe
        
        c:\vjjdd.exe
        130⤵
        
        PID:1140
        
        \??\c:\pjdvj.exe
        
        c:\pjdvj.exe
        131⤵
        
        PID:1472
        
        \??\c:\rxxfrrf.exe
        
        c:\rxxfrrf.exe
        132⤵
        
        PID:1840
        
        \??\c:\bnnhbt.exe
        
        c:\bnnhbt.exe
        133⤵
        
        PID:4060
        
        \??\c:\ntnhbt.exe
        
        c:\ntnhbt.exe
        134⤵
        
        PID:1176
        
        \??\c:\jdjjj.exe
        
        c:\jdjjj.exe
        135⤵
        
        PID:2096
        
        \??\c:\5flxrll.exe
        
        c:\5flxrll.exe
        136⤵
        
        PID:3044
        
        \??\c:\htthhb.exe
        
        c:\htthhb.exe
        137⤵
        
        PID:4948
        
        \??\c:\jvvpd.exe
        
        c:\jvvpd.exe
        138⤵
        
        PID:3436
        
        \??\c:\pjjdv.exe
        
        c:\pjjdv.exe
        139⤵
        
        PID:1308
        
        \??\c:\xrlxrlf.exe
        
        c:\xrlxrlf.exe
        140⤵
        
        PID:4980
        
        \??\c:\htbbbt.exe
        
        c:\htbbbt.exe
        141⤵
        
        PID:3040
        
        \??\c:\7vvpd.exe
        
        c:\7vvpd.exe
        142⤵
        
        PID:2568
        
        \??\c:\rrxxfxl.exe
        
        c:\rrxxfxl.exe
        143⤵
        
        PID:1568
        
        \??\c:\nbbtnn.exe
        
        c:\nbbtnn.exe
        144⤵
        
        PID:3112
        
        \??\c:\nbbthb.exe
        
        c:\nbbthb.exe
        145⤵
        
        PID:2804
        
        \??\c:\jddvj.exe
        
        c:\jddvj.exe
        146⤵
        
        PID:5024
        
        \??\c:\rrxxrrl.exe
        
        c:\rrxxrrl.exe
        147⤵
        
        PID:5004
        
        \??\c:\5ntnbt.exe
        
        c:\5ntnbt.exe
        148⤵
        
        PID:4408
        
        \??\c:\vpjdv.exe
        
        c:\vpjdv.exe
        149⤵
        
        PID:4488
        
        \??\c:\7pvpd.exe
        
        c:\7pvpd.exe
        150⤵
        
        PID:4900
        
        \??\c:\rffrffr.exe
        
        c:\rffrffr.exe
        151⤵
        
        PID:2632
        
        \??\c:\nbtnnh.exe
        
        c:\nbtnnh.exe
        152⤵
        
        PID:880
        
        \??\c:\vvdvd.exe
        
        c:\vvdvd.exe
        153⤵
        
        PID:3244
        
        \??\c:\fxrlrrf.exe
        
        c:\fxrlrrf.exe
        154⤵
        
        PID:464
        
        \??\c:\xrlfxrl.exe
        
        c:\xrlfxrl.exe
        155⤵
        
        PID:1508
        
        \??\c:\5btnbh.exe
        
        c:\5btnbh.exe
        156⤵
        
        PID:2868
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        157⤵
        
        PID:3324
        
        \??\c:\rxxxfxl.exe
        
        c:\rxxxfxl.exe
        158⤵
        
        PID:2672
        
        \??\c:\lrxrlfx.exe
        
        c:\lrxrlfx.exe
        159⤵
        
        PID:4972
        
        \??\c:\3ttnnh.exe
        
        c:\3ttnnh.exe
        160⤵
        
        PID:4108
        
        \??\c:\1ddpd.exe
        
        c:\1ddpd.exe
        161⤵
        
        PID:4128
        
        \??\c:\dpdpv.exe
        
        c:\dpdpv.exe
        162⤵
        
        PID:4872
        
        \??\c:\xllxxrr.exe
        
        c:\xllxxrr.exe
        163⤵
        
        PID:4880
        
        \??\c:\9hnbtn.exe
        
        c:\9hnbtn.exe
        164⤵
        
        PID:2608
        
        \??\c:\tnhthb.exe
        
        c:\tnhthb.exe
        165⤵
        
        PID:1504
        
        \??\c:\ddddv.exe
        
        c:\ddddv.exe
        166⤵
        
        PID:116
        
        \??\c:\xxrfrrl.exe
        
        c:\xxrfrrl.exe
        167⤵
        
        PID:4752
        
        \??\c:\3rfxrlf.exe
        
        c:\3rfxrlf.exe
        168⤵
        
        PID:1700
        
        \??\c:\hnnhtn.exe
        
        c:\hnnhtn.exe
        169⤵
        
        PID:4528
        
        \??\c:\3djvd.exe
        
        c:\3djvd.exe
        170⤵
        
        PID:1888
        
        \??\c:\rrxrllf.exe
        
        c:\rrxrllf.exe
        171⤵
        
        PID:4312
        
        \??\c:\7fflfff.exe
        
        c:\7fflfff.exe
        172⤵
        
        PID:2152
        
        \??\c:\nhhhbh.exe
        
        c:\nhhhbh.exe
        173⤵
        
        PID:404
        
        \??\c:\pvdvj.exe
        
        c:\pvdvj.exe
        174⤵
        
        PID:1948
        
        \??\c:\pvdpj.exe
        
        c:\pvdpj.exe
        175⤵
        
        PID:1120
        
        \??\c:\rlllxxx.exe
        
        c:\rlllxxx.exe
        176⤵
        
        PID:1644
        
        \??\c:\9rrlffx.exe
        
        c:\9rrlffx.exe
        177⤵
        
        PID:1896
        
        \??\c:\hbnnnn.exe
        
        c:\hbnnnn.exe
        178⤵
        
        PID:3200
        
        \??\c:\1vdpj.exe
        
        c:\1vdpj.exe
        179⤵
        
        PID:2344
        
        \??\c:\xlrrlll.exe
        
        c:\xlrrlll.exe
        180⤵
        
        PID:1256
        
        \??\c:\bhnhhb.exe
        
        c:\bhnhhb.exe
        181⤵
        
        PID:4256
        
        \??\c:\nbhbtt.exe
        
        c:\nbhbtt.exe
        182⤵
        
        PID:852
        
        \??\c:\pjdvp.exe
        
        c:\pjdvp.exe
        183⤵
        
        PID:1872
        
        \??\c:\dpjvj.exe
        
        c:\dpjvj.exe
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        \??\c:\rxlxrfx.exe
        
        c:\rxlxrfx.exe
        185⤵
        
        PID:564
        
        \??\c:\bhnbnb.exe
        
        c:\bhnbnb.exe
        186⤵
        
        PID:3948
        
        \??\c:\nhbbhb.exe
        
        c:\nhbbhb.exe
        187⤵
        
        PID:1616
        
        \??\c:\jjvjd.exe
        
        c:\jjvjd.exe
        188⤵
        
        PID:3232
        
        \??\c:\fxxlffx.exe
        
        c:\fxxlffx.exe
        189⤵
        
        PID:4844
        
        \??\c:\thnhbh.exe
        
        c:\thnhbh.exe
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        \??\c:\nnttnn.exe
        
        c:\nnttnn.exe
        191⤵
        
        PID:3356
        
        \??\c:\5djvv.exe
        
        c:\5djvv.exe
        192⤵
        
        PID:3004
        
        \??\c:\rrxlllx.exe
        
        c:\rrxlllx.exe
        193⤵
        
        PID:2180
        
        \??\c:\bhtnhn.exe
        
        c:\bhtnhn.exe
        194⤵
        
        PID:3752
        
        \??\c:\tnnbnb.exe
        
        c:\tnnbnb.exe
        195⤵
        
        PID:1336
        
        \??\c:\pdjdp.exe
        
        c:\pdjdp.exe
        196⤵
        
        PID:4852
        
        \??\c:\rxfxrlf.exe
        
        c:\rxfxrlf.exe
        197⤵
        
        PID:216
        
        \??\c:\9btnbt.exe
        
        c:\9btnbt.exe
        198⤵
        
        PID:4008
        
        \??\c:\bhtnhb.exe
        
        c:\bhtnhb.exe
        199⤵
        
        PID:2252
        
        \??\c:\pjdvj.exe
        
        c:\pjdvj.exe
        200⤵
        
        PID:4520
        
        \??\c:\lfllxxr.exe
        
        c:\lfllxxr.exe
        201⤵
        
        PID:2376
        
        \??\c:\rffrfxr.exe
        
        c:\rffrfxr.exe
        202⤵
        
        PID:3648
        
        \??\c:\7bhtnh.exe
        
        c:\7bhtnh.exe
        203⤵
        
        PID:2552
        
        \??\c:\9pdvp.exe
        
        c:\9pdvp.exe
        204⤵
        
        PID:1176
        
        \??\c:\jdpdp.exe
        
        c:\jdpdp.exe
        205⤵
        
        PID:2704
        
        \??\c:\lxrlxrl.exe
        
        c:\lxrlxrl.exe
        206⤵
        
        PID:2624
        
        \??\c:\nnnbtn.exe
        
        c:\nnnbtn.exe
        207⤵
        
        PID:2696
        
        \??\c:\pjdvd.exe
        
        c:\pjdvd.exe
        208⤵
        
        PID:4092
        
        \??\c:\ppjvj.exe
        
        c:\ppjvj.exe
        209⤵
        
        PID:3936
        
        \??\c:\5xfrlfl.exe
        
        c:\5xfrlfl.exe
        210⤵
        
        PID:3088
        
        \??\c:\hbtbtt.exe
        
        c:\hbtbtt.exe
        211⤵
        
        PID:2388
        
        \??\c:\7ttnnh.exe
        
        c:\7ttnnh.exe
        212⤵
        
        PID:2384
        
        \??\c:\jvvjj.exe
        
        c:\jvvjj.exe
        213⤵
        
        PID:2020
        
        \??\c:\frrfrfr.exe
        
        c:\frrfrfr.exe
        214⤵
        
        PID:2264
        
        \??\c:\bhthbt.exe
        
        c:\bhthbt.exe
        215⤵
        
        PID:5052
        
        \??\c:\djvjv.exe
        
        c:\djvjv.exe
        216⤵
        
        PID:5044
        
        \??\c:\vdjvj.exe
        
        c:\vdjvj.exe
        217⤵
        
        PID:3440
        
        \??\c:\fflfxxx.exe
        
        c:\fflfxxx.exe
        218⤵
        
        PID:1576
        
        \??\c:\btbbnn.exe
        
        c:\btbbnn.exe
        219⤵
        
        PID:1924
        
        \??\c:\jddpj.exe
        
        c:\jddpj.exe
        220⤵
        
        PID:2336
        
        \??\c:\vjpdp.exe
        
        c:\vjpdp.exe
        221⤵
        
        PID:2316
        
        \??\c:\xfllxxr.exe
        
        c:\xfllxxr.exe
        222⤵
        
        PID:4856
        
        \??\c:\bbhhbh.exe
        
        c:\bbhhbh.exe
        223⤵
        
        PID:1764
        
        \??\c:\pvdpd.exe
        
        c:\pvdpd.exe
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        \??\c:\9jvpj.exe
        
        c:\9jvpj.exe
        225⤵
        
        PID:3880
        
        \??\c:\lxlflll.exe
        
        c:\lxlflll.exe
        226⤵
        
        PID:4864
        
        \??\c:\bntnbt.exe
        
        c:\bntnbt.exe
        227⤵
        
        PID:1844
        
        \??\c:\dppvd.exe
        
        c:\dppvd.exe
        228⤵
        
        PID:4076
        
        \??\c:\jvpjp.exe
        
        c:\jvpjp.exe
        229⤵
        
        PID:4080
        
        \??\c:\llrlxrl.exe
        
        c:\llrlxrl.exe
        230⤵
        
        PID:1448
        
        \??\c:\thnhtn.exe
        
        c:\thnhtn.exe
        231⤵
        
        PID:2716
        
        \??\c:\pjdvj.exe
        
        c:\pjdvj.exe
        232⤵
        
        PID:1192
        
        \??\c:\5vvjv.exe
        
        c:\5vvjv.exe
        233⤵
        
        PID:3420
        
        \??\c:\lrxrfxr.exe
        
        c:\lrxrfxr.exe
        234⤵
        
        PID:4400
        
        \??\c:\tnnhbh.exe
        
        c:\tnnhbh.exe
        235⤵
        
        PID:1584
        
        \??\c:\bbthbb.exe
        
        c:\bbthbb.exe
        236⤵
        
        PID:2196
        
        \??\c:\jvvpd.exe
        
        c:\jvvpd.exe
        237⤵
        
        PID:4504
        
        \??\c:\lflfxrl.exe
        
        c:\lflfxrl.exe
        238⤵
        
        PID:4636
        
        \??\c:\3tbnhh.exe
        
        c:\3tbnhh.exe
        239⤵
        
        PID:3240
        
        \??\c:\7ppvv.exe
        
        c:\7ppvv.exe
        240⤵
        
        PID:5016
        
        \??\c:\jppjv.exe
        
        c:\jppjv.exe
        241⤵
        
        PID:4236
        
        \??\c:\xlxxllf.exe
        
        c:\xlxxllf.exe
        242⤵
        
        PID:3496
        
        \??\c:\rfrflfr.exe
        
        c:\rfrflfr.exe
        243⤵
        
        PID:1476
        
        \??\c:\tbbthb.exe
        
        c:\tbbthb.exe
        244⤵
        
        PID:2248
        
        \??\c:\jddvj.exe
        
        c:\jddvj.exe
        245⤵
        
        PID:320
        
        \??\c:\rlrlffl.exe
        
        c:\rlrlffl.exe
        246⤵
        
        PID:2044
        
        \??\c:\1bbtnh.exe
        
        c:\1bbtnh.exe
        247⤵
        
        PID:3472
        
        \??\c:\btbbth.exe
        
        c:\btbbth.exe
        248⤵
        
        PID:4884
        
        \??\c:\9vvvp.exe
        
        c:\9vvvp.exe
        249⤵
        
        PID:4916
        
        \??\c:\lxlfxrx.exe
        
        c:\lxlfxrx.exe
        250⤵
        
        PID:916
        
        \??\c:\fxxfxxl.exe
        
        c:\fxxfxxl.exe
        251⤵
        
        PID:3580
        
        \??\c:\tbntnb.exe
        
        c:\tbntnb.exe
        252⤵
        
        PID:2424
        
        \??\c:\dpdvd.exe
        
        c:\dpdvd.exe
        253⤵
        
        PID:312
        
        \??\c:\llxfllf.exe
        
        c:\llxfllf.exe
        254⤵
        
        PID:3520
        
        \??\c:\xrrrrrl.exe
        
        c:\xrrrrrl.exe
        255⤵
        
        PID:4416
        
        \??\c:\hbhntb.exe
        
        c:\hbhntb.exe
        256⤵
        
        PID:2928
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        257⤵
        
        PID:548
        
        \??\c:\lflfxxr.exe
        
        c:\lflfxxr.exe
        258⤵
        
        PID:932
        
        \??\c:\tnthtn.exe
        
        c:\tnthtn.exe
        259⤵
        
        PID:1048
        
        \??\c:\pddpd.exe
        
        c:\pddpd.exe
        260⤵
        
        PID:1748
        
        \??\c:\pddpj.exe
        
        c:\pddpj.exe
        261⤵
        
        PID:3400
        
        \??\c:\9lrrfff.exe
        
        c:\9lrrfff.exe
        262⤵
        
        PID:4444
        
        \??\c:\7hnnnn.exe
        
        c:\7hnnnn.exe
        263⤵
        
        PID:4020
        
        \??\c:\pjjvp.exe
        
        c:\pjjvp.exe
        264⤵
        
        PID:1216
        
        \??\c:\9ddvp.exe
        
        c:\9ddvp.exe
        265⤵
        
        PID:4064
        
        \??\c:\rlrrrxx.exe
        
        c:\rlrrrxx.exe
        266⤵
        
        PID:1952
        
        \??\c:\nnbbhb.exe
        
        c:\nnbbhb.exe
        267⤵
        
        PID:2564
        
        \??\c:\vjjdp.exe
        
        c:\vjjdp.exe
        268⤵
        
        PID:3816
        
        \??\c:\llffllr.exe
        
        c:\llffllr.exe
        269⤵
        
        PID:1196
        
        \??\c:\lxllfff.exe
        
        c:\lxllfff.exe
        270⤵
        
        PID:556
        
        \??\c:\bnnbnn.exe
        
        c:\bnnbnn.exe
        271⤵
        
        PID:3704
        
        \??\c:\9vjdv.exe
        
        c:\9vjdv.exe
        272⤵
        
        PID:1188
        
        \??\c:\xxfxxrr.exe
        
        c:\xxfxxrr.exe
        273⤵
        
        PID:2184
        
        \??\c:\nthbbb.exe
        
        c:\nthbbb.exe
        274⤵
        
        PID:856
        
        \??\c:\vdjpd.exe
        
        c:\vdjpd.exe
        275⤵
        
        PID:1012
        
        \??\c:\rllxrrf.exe
        
        c:\rllxrrf.exe
        276⤵
        
        PID:2352
        
        \??\c:\lfffflr.exe
        
        c:\lfffflr.exe
        277⤵
        
        PID:4948
        
        \??\c:\thhbbt.exe
        
        c:\thhbbt.exe
        278⤵
        
        PID:3960
        
        \??\c:\vppjv.exe
        
        c:\vppjv.exe
        279⤵
        
        PID:3732
        
        \??\c:\fxfxfxr.exe
        
        c:\fxfxfxr.exe
        280⤵
        
        PID:4980
        
        \??\c:\tnnnhb.exe
        
        c:\tnnnhb.exe
        281⤵
        
        PID:3040
        
        \??\c:\pjvvv.exe
        
        c:\pjvvv.exe
        282⤵
        
        PID:1640
        
        \??\c:\jjpjd.exe
        
        c:\jjpjd.exe
        283⤵
        
        PID:1780
        
        \??\c:\xllfrlf.exe
        
        c:\xllfrlf.exe
        284⤵
        
        PID:2804
        
        \??\c:\nnnnhh.exe
        
        c:\nnnnhh.exe
        285⤵
        
        PID:952
        
        \??\c:\jddpj.exe
        
        c:\jddpj.exe
        286⤵
        
        PID:4912
        
        \??\c:\dvvpd.exe
        
        c:\dvvpd.exe
        287⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        \??\c:\7xxlrlf.exe
        
        c:\7xxlrlf.exe
        288⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        \??\c:\tnhhbn.exe
        
        c:\tnhhbn.exe
        289⤵
        
        PID:4936
        
        \??\c:\dddvp.exe
        
        c:\dddvp.exe
        290⤵
        
        PID:2632
        
        \??\c:\ppjdd.exe
        
        c:\ppjdd.exe
        291⤵
        
        PID:1588
        
        \??\c:\hnthnh.exe
        
        c:\hnthnh.exe
        292⤵
        
        PID:3244
        
        \??\c:\ppvvp.exe
        
        c:\ppvvp.exe
        293⤵
        
        PID:1524
        
        \??\c:\vvpdj.exe
        
        c:\vvpdj.exe
        294⤵
        
        PID:1508
        
        \??\c:\rffxrlf.exe
        
        c:\rffxrlf.exe
        295⤵
        
        PID:2868
        
        \??\c:\nnbbhb.exe
        
        c:\nnbbhb.exe
        296⤵
        
        PID:3932
        
        \??\c:\pppjj.exe
        
        c:\pppjj.exe
        297⤵
        
        PID:1920
        
        \??\c:\7xlrfrr.exe
        
        c:\7xlrfrr.exe
        298⤵
        
        PID:3664
        
        \??\c:\rffxxxr.exe
        
        c:\rffxxxr.exe
        299⤵
        
        PID:5080
        
        \??\c:\nnthtt.exe
        
        c:\nnthtt.exe
        300⤵
        
        PID:2896
        
        \??\c:\pdpjv.exe
        
        c:\pdpjv.exe
        301⤵
        
        PID:2592
        
        \??\c:\xxllxxl.exe
        
        c:\xxllxxl.exe
        302⤵
        
        PID:2200
        
        \??\c:\xllrllx.exe
        
        c:\xllrllx.exe
        303⤵
        
        PID:4308
        
        \??\c:\hbnhhh.exe
        
        c:\hbnhhh.exe
        304⤵
        
        PID:704
        
        \??\c:\djpjj.exe
        
        c:\djpjj.exe
        305⤵
        
        PID:2676
        
        \??\c:\rxffxxr.exe
        
        c:\rxffxxr.exe
        306⤵
        
        PID:2196
        
        \??\c:\fxrlrrx.exe
        
        c:\fxrlrrx.exe
        307⤵
        
        PID:4504
        
        \??\c:\7nbtnn.exe
        
        c:\7nbtnn.exe
        308⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        \??\c:\djvpj.exe
        
        c:\djvpj.exe
        309⤵
        
        PID:4164
        
        \??\c:\fllxlfx.exe
        
        c:\fllxlfx.exe
        310⤵
        
        PID:5016
        
        \??\c:\thhbnn.exe
        
        c:\thhbnn.exe
        311⤵
        
        PID:4236
        
        \??\c:\9nhhbh.exe
        
        c:\9nhhbh.exe
        312⤵
        
        PID:404
        
        \??\c:\rrlfrfx.exe
        
        c:\rrlfrfx.exe
        313⤵
        
        PID:2276
        
        \??\c:\llfffll.exe
        
        c:\llfffll.exe
        314⤵
        
        PID:1660
        
        \??\c:\bbhhbb.exe
        
        c:\bbhhbb.exe
        315⤵
        
        PID:1644
        
        \??\c:\jdvvv.exe
        
        c:\jdvvv.exe
        316⤵
        
        PID:3760
        
        \??\c:\vvvjj.exe
        
        c:\vvvjj.exe
        317⤵
        
        PID:1036
        
        \??\c:\rxfxllf.exe
        
        c:\rxfxllf.exe
        318⤵
        
        PID:3820
        
        \??\c:\tnhbtn.exe
        
        c:\tnhbtn.exe
        319⤵
        
        PID:3588
        
        \??\c:\pdjdv.exe
        
        c:\pdjdv.exe
        320⤵
        
        PID:916
        
        \??\c:\7xfxrrf.exe
        
        c:\7xfxrrf.exe
        321⤵
        
        PID:2224
        
        \??\c:\ffrrlff.exe
        
        c:\ffrrlff.exe
        322⤵
        
        PID:832
        
        \??\c:\hnnnnn.exe
        
        c:\hnnnnn.exe
        323⤵
        
        PID:2296
        
        \??\c:\5pvpp.exe
        
        c:\5pvpp.exe
        324⤵
        
        PID:3520
        
        \??\c:\flrlfff.exe
        
        c:\flrlfff.exe
        325⤵
        
        PID:2144
        
        \??\c:\rfrrrrr.exe
        
        c:\rfrrrrr.exe
        326⤵
        
        PID:4676
        
        \??\c:\hbhbhn.exe
        
        c:\hbhbhn.exe
        327⤵
        
        PID:548
        
        \??\c:\jvpjp.exe
        
        c:\jvpjp.exe
        328⤵
        
        PID:932
        
        \??\c:\9ffxrlf.exe
        
        c:\9ffxrlf.exe
        329⤵
        
        PID:4868
        
        \??\c:\rlrrlrl.exe
        
        c:\rlrrlrl.exe
        330⤵
        
        PID:4756
        
        \??\c:\btbnnn.exe
        
        c:\btbnnn.exe
        331⤵
        
        PID:4640
        
        \??\c:\hhnhhh.exe
        
        c:\hhnhhh.exe
        332⤵
        
        PID:2180
        
        \??\c:\9jjjj.exe
        
        c:\9jjjj.exe
        333⤵
        
        PID:4020
        
        \??\c:\lfrrfll.exe
        
        c:\lfrrfll.exe
        334⤵
        
        PID:1484
        
        \??\c:\bnhhnh.exe
        
        c:\bnhhnh.exe
        335⤵
        
        PID:4232
        
        \??\c:\dvvjd.exe
        
        c:\dvvjd.exe
        336⤵
        
        PID:1788
        
        \??\c:\9lrlxxl.exe
        
        c:\9lrlxxl.exe
        337⤵
        
        PID:2564
        
        \??\c:\5llflll.exe
        
        c:\5llflll.exe
        338⤵
        
        PID:1472
        
        \??\c:\nbhbtt.exe
        
        c:\nbhbtt.exe
        339⤵
        
        PID:1840
        
        \??\c:\ppdpj.exe
        
        c:\ppdpj.exe
        340⤵
        
        PID:556
        
        \??\c:\7lrlllf.exe
        
        c:\7lrlllf.exe
        341⤵
        
        PID:264
        
        \??\c:\9nbbtb.exe
        
        c:\9nbbtb.exe
        342⤵
        
        PID:4684
        
        \??\c:\hnttnt.exe
        
        c:\hnttnt.exe
        343⤵
        
        PID:1176
        
        \??\c:\jddvj.exe
        
        c:\jddvj.exe
        344⤵
        
        PID:1020
        
        \??\c:\llxxrrr.exe
        
        c:\llxxrrr.exe
        345⤵
        
        PID:1012
        
        \??\c:\flxxrrr.exe
        
        c:\flxxrrr.exe
        346⤵
        
        PID:1736
        
        \??\c:\hhhnhn.exe
        
        c:\hhhnhn.exe
        347⤵
        
        PID:4092
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        348⤵
        
        PID:3936
        
        \??\c:\jjppv.exe
        
        c:\jjppv.exe
        349⤵
        
        PID:324
        
        \??\c:\xrxrlff.exe
        
        c:\xrxrlff.exe
        350⤵
        
        PID:4980
        
        \??\c:\htttnh.exe
        
        c:\htttnh.exe
        351⤵
        
        PID:456
        
        \??\c:\pjjpj.exe
        
        c:\pjjpj.exe
        352⤵
        
        PID:2504
        
        \??\c:\flxxffr.exe
        
        c:\flxxffr.exe
        353⤵
        
        PID:1780
        
        \??\c:\xrxrrll.exe
        
        c:\xrxrrll.exe
        354⤵
        
        PID:5024
        
        \??\c:\hntttt.exe
        
        c:\hntttt.exe
        355⤵
        
        PID:952
        
        \??\c:\nhtnhh.exe
        
        c:\nhtnhh.exe
        356⤵
        
        PID:992
        
        \??\c:\vpvvd.exe
        
        c:\vpvvd.exe
        357⤵
        
        PID:684
        
        \??\c:\rrfxxrl.exe
        
        c:\rrfxxrl.exe
        358⤵
        
        PID:4432
        
        \??\c:\tnbhbb.exe
        
        c:\tnbhbb.exe
        359⤵
        
        PID:2368
        
        \??\c:\pppdv.exe
        
        c:\pppdv.exe
        360⤵
        
        PID:4956
        
        \??\c:\frfxrrx.exe
        
        c:\frfxrrx.exe
        361⤵
        
        PID:756
        
        \??\c:\rfrxrff.exe
        
        c:\rfrxrff.exe
        362⤵
        
        PID:624
        
        \??\c:\1djdd.exe
        
        c:\1djdd.exe
        363⤵
        
        PID:1144
        
        \??\c:\jvjdv.exe
        
        c:\jvjdv.exe
        364⤵
        
        PID:2340
        
        \??\c:\lrrllrr.exe
        
        c:\lrrllrr.exe
        365⤵
        
        PID:3324
        
        \??\c:\tthhhh.exe
        
        c:\tthhhh.exe
        366⤵
        
        PID:2652
        
        \??\c:\vpppp.exe
        
        c:\vpppp.exe
        367⤵
        
        PID:4532
        
        \??\c:\lfxrffx.exe
        
        c:\lfxrffx.exe
        368⤵
        
        PID:1228
        
        \??\c:\5bbbnh.exe
        
        c:\5bbbnh.exe
        369⤵
        
        PID:2592
        
        \??\c:\hnnhtb.exe
        
        c:\hnnhtb.exe
        370⤵
        
        PID:3420
        
        \??\c:\7dvjp.exe
        
        c:\7dvjp.exe
        371⤵
        
        PID:720
        
        \??\c:\rfrrfff.exe
        
        c:\rfrrfff.exe
        372⤵
        
        PID:3036
        
        \??\c:\tbhhbh.exe
        
        c:\tbhhbh.exe
        373⤵
        
        PID:2428
        
        \??\c:\vvdpd.exe
        
        c:\vvdpd.exe
        374⤵
        
        PID:4752
        
        \??\c:\vdvdd.exe
        
        c:\vdvdd.exe
        375⤵
        
        PID:5104
        
        \??\c:\3frrlrr.exe
        
        c:\3frrlrr.exe
        376⤵
        
        PID:1932
        
        \??\c:\bhbtnn.exe
        
        c:\bhbtnn.exe
        377⤵
        
        PID:1332
        
        \??\c:\1jdpj.exe
        
        c:\1jdpj.exe
        378⤵
        
        PID:1284
        
        \??\c:\lxlfxxr.exe
        
        c:\lxlfxxr.exe
        379⤵
        
        PID:3496
        
        \??\c:\llrffff.exe
        
        c:\llrffff.exe
        380⤵
        
        PID:1220
        
        \??\c:\btbhhh.exe
        
        c:\btbhhh.exe
        381⤵
        
        PID:2248
        
        \??\c:\dvjpj.exe
        
        c:\dvjpj.exe
        382⤵
        
        PID:3396
        
        \??\c:\lxlrlll.exe
        
        c:\lxlrlll.exe
        383⤵
        
        PID:2952
        
        \??\c:\1flfxxr.exe
        
        c:\1flfxxr.exe
        384⤵
        
        PID:3200
        
        \??\c:\5nttnn.exe
        
        c:\5nttnn.exe
        385⤵
        
        PID:1256
        
        \??\c:\jpddv.exe
        
        c:\jpddv.exe
        386⤵
        
        PID:220
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        387⤵
        
        PID:3924
        
        \??\c:\lrrlfxx.exe
        
        c:\lrrlfxx.exe
        388⤵
        
        PID:1388
        
        \??\c:\bttnnn.exe
        
        c:\bttnnn.exe
        389⤵
        
        PID:2400
        
        \??\c:\dvvjv.exe
        
        c:\dvvjv.exe
        390⤵
        
        PID:2548
        
        \??\c:\rlxxxff.exe
        
        c:\rlxxxff.exe
        391⤵
        
        PID:4016
        
        \??\c:\9flffxf.exe
        
        c:\9flffxf.exe
        392⤵
        
        PID:4480
        
        \??\c:\htnhbt.exe
        
        c:\htnhbt.exe
        393⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        \??\c:\vpdvp.exe
        
        c:\vpdvp.exe
        394⤵
        
        PID:4780
        
        \??\c:\lrxlfff.exe
        
        c:\lrxlfff.exe
        395⤵
        
        PID:4004
        
        \??\c:\xlxxxxf.exe
        
        c:\xlxxxxf.exe
        396⤵
        
        PID:3812
        
        \??\c:\hnhnht.exe
        
        c:\hnhnht.exe
        397⤵
        
        PID:2260
        
        \??\c:\vjvvp.exe
        
        c:\vjvvp.exe
        398⤵
        
        PID:3712
        
        \??\c:\dvjdd.exe
        
        c:\dvjdd.exe
        399⤵
        
        PID:4640
        
        \??\c:\rxllrrf.exe
        
        c:\rxllrrf.exe
        400⤵
        
        PID:2180
        
        \??\c:\fxfffff.exe
        
        c:\fxfffff.exe
        401⤵
        
        PID:4852
        
        \??\c:\bnbtbh.exe
        
        c:\bnbtbh.exe
        402⤵
        
        PID:4008
        
        \??\c:\djpjj.exe
        
        c:\djpjj.exe
        403⤵
        
        PID:1408
        
        \??\c:\fffrllr.exe
        
        c:\fffrllr.exe
        404⤵
        
        PID:1196
        
        \??\c:\nhttnt.exe
        
        c:\nhttnt.exe
        405⤵
        
        PID:3456
        
        \??\c:\jvjpd.exe
        
        c:\jvjpd.exe
        406⤵
        
        PID:3600
        
        \??\c:\vpjjd.exe
        
        c:\vpjjd.exe
        407⤵
        
        PID:516
        
        \??\c:\rrrrllf.exe
        
        c:\rrrrllf.exe
        408⤵
        
        PID:1012
        
        \??\c:\hbhbbb.exe
        
        c:\hbhbbb.exe
        409⤵
        
        PID:2756
        
        \??\c:\5jppp.exe
        
        c:\5jppp.exe
        410⤵
        
        PID:2780
        
        \??\c:\vpppj.exe
        
        c:\vpppj.exe
        411⤵
        
        PID:3392
        
        \??\c:\lxffxxx.exe
        
        c:\lxffxxx.exe
        412⤵
        
        PID:1568
        
        \??\c:\ttttnn.exe
        
        c:\ttttnn.exe
        413⤵
        
        PID:5032
        
        \??\c:\jvjjp.exe
        
        c:\jvjjp.exe
        414⤵
        
        PID:5048
        
        \??\c:\rfffxff.exe
        
        c:\rfffxff.exe
        415⤵
        
        PID:5044
        
        \??\c:\tnnbnn.exe
        
        c:\tnnbnn.exe
        416⤵
        
        PID:4408
        
        \??\c:\jdjdj.exe
        
        c:\jdjdj.exe
        417⤵
        
        PID:3800
        
        \??\c:\lxxfrll.exe
        
        c:\lxxfrll.exe
        418⤵
        
        PID:8
        
        \??\c:\thtttt.exe
        
        c:\thtttt.exe
        419⤵
        
        PID:3348
        
        \??\c:\bhtthn.exe
        
        c:\bhtthn.exe
        420⤵
        
        PID:1444
        
        \??\c:\vdjvd.exe
        
        c:\vdjvd.exe
        421⤵
        
        PID:2316
        
        \??\c:\lfrlrfx.exe
        
        c:\lfrlrfx.exe
        422⤵
        
        PID:1892
        
        \??\c:\nhhbtt.exe
        
        c:\nhhbtt.exe
        423⤵
        
        PID:1492
        
        \??\c:\jdppj.exe
        
        c:\jdppj.exe
        424⤵
        
        PID:3720
        
        \??\c:\pjpjd.exe
        
        c:\pjpjd.exe
        425⤵
        
        PID:2628
        
        \??\c:\rflfrlf.exe
        
        c:\rflfrlf.exe
        426⤵
        
        PID:3360
        
        \??\c:\5hnhtn.exe
        
        c:\5hnhtn.exe
        427⤵
        
        PID:2412
        
        \??\c:\ppvpp.exe
        
        c:\ppvpp.exe
        428⤵
        
        PID:4076
        
        \??\c:\xxfflrf.exe
        
        c:\xxfflrf.exe
        429⤵
        
        PID:5080
        
        \??\c:\fxrlrxf.exe
        
        c:\fxrlrxf.exe
        430⤵
        
        PID:4600
        
        \??\c:\tnbbtt.exe
        
        c:\tnbbtt.exe
        431⤵
        
        PID:3448
        
        \??\c:\dppjv.exe
        
        c:\dppjv.exe
        432⤵
        
        PID:4308
        
        \??\c:\xrfxxxf.exe
        
        c:\xrfxxxf.exe
        433⤵
        
        PID:1572
        
        \??\c:\frfxfxx.exe
        
        c:\frfxfxx.exe
        434⤵
        
        PID:232
        
        \??\c:\nbbthn.exe
        
        c:\nbbthn.exe
        435⤵
        
        PID:2084
        
        \??\c:\jdvvv.exe
        
        c:\jdvvv.exe
        436⤵
        
        PID:3228
        
        \??\c:\xrxrfxr.exe
        
        c:\xrxrfxr.exe
        437⤵
        
        PID:3468
        
        \??\c:\7nttnn.exe
        
        c:\7nttnn.exe
        438⤵
        
        PID:736
        
        \??\c:\nntnhh.exe
        
        c:\nntnhh.exe
        439⤵
        
        PID:4156
        
        \??\c:\jjpvv.exe
        
        c:\jjpvv.exe
        440⤵
        
        PID:1284
        
        \??\c:\fflfxxx.exe
        
        c:\fflfxxx.exe
        441⤵
        
        PID:3496
        
        \??\c:\tthhbb.exe
        
        c:\tthhbb.exe
        442⤵
        
        PID:3748
        
        \??\c:\dpppd.exe
        
        c:\dpppd.exe
        443⤵
        
        PID:1660
        
        \??\c:\vvvvd.exe
        
        c:\vvvvd.exe
        444⤵
        
        PID:3396
        
        \??\c:\rxfflll.exe
        
        c:\rxfflll.exe
        445⤵
        
        PID:2952
        
        \??\c:\nhbtbt.exe
        
        c:\nhbtbt.exe
        446⤵
        
        PID:3568
        
        \??\c:\vjjdv.exe
        
        c:\vjjdv.exe
        447⤵
        
        PID:3820
        
        \??\c:\7flfrrl.exe
        
        c:\7flfrrl.exe
        448⤵
        
        PID:3316
        
        \??\c:\1lrrlrr.exe
        
        c:\1lrrlrr.exe
        449⤵
        
        PID:3924
        
        \??\c:\5ttnhn.exe
        
        c:\5ttnhn.exe
        450⤵
        
        PID:1388
        
        \??\c:\ddjvv.exe
        
        c:\ddjvv.exe
        451⤵
        
        PID:4352
        
        \??\c:\rflfxxx.exe
        
        c:\rflfxxx.exe
        452⤵
        
        PID:2548
        
        \??\c:\bbnhtt.exe
        
        c:\bbnhtt.exe
        453⤵
        
        PID:432
        
        \??\c:\dvvpd.exe
        
        c:\dvvpd.exe
        454⤵
        
        PID:4480
        
        \??\c:\pjvpj.exe
        
        c:\pjvpj.exe
        455⤵
        
        PID:4184
        
        \??\c:\rlrlfff.exe
        
        c:\rlrlfff.exe
        456⤵
        
        PID:4780
        
        \??\c:\hnnhbt.exe
        
        c:\hnnhbt.exe
        457⤵
        
        PID:4004
        
        \??\c:\jjjvp.exe
        
        c:\jjjvp.exe
        458⤵
        
        PID:3812
        
        \??\c:\rflllrr.exe
        
        c:\rflllrr.exe
        459⤵
        
        PID:668
        
        \??\c:\bnbthh.exe
        
        c:\bnbthh.exe
        460⤵
        
        PID:3752
        
        \??\c:\3pdvj.exe
        
        c:\3pdvj.exe
        461⤵
        
        PID:2720
        
        \??\c:\llllfrf.exe
        
        c:\llllfrf.exe
        462⤵
        
        PID:3576
        
        \??\c:\hbnbhh.exe
        
        c:\hbnbhh.exe
        463⤵
        
        PID:4428
        
        \??\c:\hbhhhb.exe
        
        c:\hbhhhb.exe
        464⤵
        
        PID:3984
        
        \??\c:\ppppd.exe
        
        c:\ppppd.exe
        465⤵
        
        PID:3476
        
        \??\c:\xrrrrxx.exe
        
        c:\xrrrrxx.exe
        466⤵
        
        PID:1436
        
        \??\c:\nbnhth.exe
        
        c:\nbnhth.exe
        467⤵
        
        PID:2228
        
        \??\c:\5vvpp.exe
        
        c:\5vvpp.exe
        468⤵
        
        PID:5084
        
        \??\c:\lxfrlrx.exe
        
        c:\lxfrlrx.exe
        469⤵
        
        PID:2288
        
        \??\c:\nhbbbb.exe
        
        c:\nhbbbb.exe
        470⤵
        
        PID:2544
        
        \??\c:\nnbbtt.exe
        
        c:\nnbbtt.exe
        471⤵
        
        PID:3088
        
        \??\c:\dvjpj.exe
        
        c:\dvjpj.exe
        472⤵
        
        PID:2388
        
        \??\c:\dvjdd.exe
        
        c:\dvjdd.exe
        473⤵
        
        PID:1640
        
        \??\c:\rrrfrlx.exe
        
        c:\rrrfrlx.exe
        474⤵
        
        PID:2264
        
        \??\c:\nhhhhh.exe
        
        c:\nhhhhh.exe
        475⤵
        
        PID:2160
        
        \??\c:\pdvvp.exe
        
        c:\pdvvp.exe
        476⤵
        
        PID:1128
        
        \??\c:\jpvpj.exe
        
        c:\jpvpj.exe
        477⤵
        
        PID:4612
        
        \??\c:\3rxrllf.exe
        
        c:\3rxrllf.exe
        478⤵
        
        PID:4408
        
        \??\c:\xfrrrrr.exe
        
        c:\xfrrrrr.exe
        479⤵
        
        PID:3800
        
        \??\c:\bttnbb.exe
        
        c:\bttnbb.exe
        480⤵
        
        PID:2632
        
        \??\c:\ppvdd.exe
        
        c:\ppvdd.exe
        481⤵
        
        PID:4292
        
        \??\c:\ffrlfll.exe
        
        c:\ffrlfll.exe
        482⤵
        
        PID:1588
        
        \??\c:\btbtbb.exe
        
        c:\btbtbb.exe
        483⤵
        
        PID:2316
        
        \??\c:\dpdpd.exe
        
        c:\dpdpd.exe
        484⤵
        
        PID:1688
        
        \??\c:\pvppp.exe
        
        c:\pvppp.exe
        485⤵
        
        PID:1492
        
        \??\c:\fxfffll.exe
        
        c:\fxfffll.exe
        486⤵
        
        PID:1352
        
        \??\c:\nbttbh.exe
        
        c:\nbttbh.exe
        487⤵
        
        PID:4304
        
        \??\c:\pvjjv.exe
        
        c:\pvjjv.exe
        488⤵
        
        PID:1612
        
        \??\c:\jdpdp.exe
        
        c:\jdpdp.exe
        489⤵
        
        PID:4880
        
        \??\c:\rrxrrrl.exe
        
        c:\rrxrrrl.exe
        490⤵
        
        PID:2436
        
        \??\c:\tbnnhh.exe
        
        c:\tbnnhh.exe
        491⤵
        
        PID:116
        
        \??\c:\ppjvv.exe
        
        c:\ppjvv.exe
        492⤵
        
        PID:2608
        
        \??\c:\dpvjp.exe
        
        c:\dpvjp.exe
        493⤵
        
        PID:4620
        
        \??\c:\ffrfxrx.exe
        
        c:\ffrfxrx.exe
        494⤵
        
        PID:4588
        
        \??\c:\bhnhnn.exe
        
        c:\bhnhnn.exe
        495⤵
        
        PID:4504
        
        \??\c:\jdjvp.exe
        
        c:\jdjvp.exe
        496⤵
        
        PID:936
        
        \??\c:\rlfxxxf.exe
        
        c:\rlfxxxf.exe
        497⤵
        
        PID:4164
        
        \??\c:\hnbthb.exe
        
        c:\hnbthb.exe
        498⤵
        
        PID:3280
        
        \??\c:\thttnn.exe
        
        c:\thttnn.exe
        499⤵
        
        PID:64
        
        \??\c:\ddjjd.exe
        
        c:\ddjjd.exe
        500⤵
        
        PID:1476
        
        \??\c:\llllrxf.exe
        
        c:\llllrxf.exe
        501⤵
        
        PID:4284
        
        \??\c:\hbhbtb.exe
        
        c:\hbhbtb.exe
        502⤵
        
        PID:2884
        
        \??\c:\nhbhhn.exe
        
        c:\nhbhhn.exe
        503⤵
        
        PID:1644
        
        \??\c:\jjjdd.exe
        
        c:\jjjdd.exe
        504⤵
        
        PID:3320
        
        \??\c:\rlrllll.exe
        
        c:\rlrllll.exe
        505⤵
        
        PID:3996
        
        \??\c:\bnthbt.exe
        
        c:\bnthbt.exe
        506⤵
        
        PID:4388
        
        \??\c:\tnnnnn.exe
        
        c:\tnnnnn.exe
        507⤵
        
        PID:3588
        
        \??\c:\vvjdp.exe
        
        c:\vvjdp.exe
        508⤵
        
        PID:4448
        
        \??\c:\ffrllll.exe
        
        c:\ffrllll.exe
        509⤵
        
        PID:4024
        
        \??\c:\bbbhhh.exe
        
        c:\bbbhhh.exe
        510⤵
        
        PID:2984
        
        \??\c:\jvvpj.exe
        
        c:\jvvpj.exe
        511⤵
        
        PID:564
        
        \??\c:\rxlrflf.exe
        
        c:\rxlrflf.exe
        512⤵
        
        PID:1068
        
        \??\c:\xrxffff.exe
        
        c:\xrxffff.exe
        513⤵
        
        PID:3948
        
        \??\c:\hbnntn.exe
        
        c:\hbnntn.exe
        514⤵
        
        PID:4384
        
        \??\c:\vvvvv.exe
        
        c:\vvvvv.exe
        515⤵
        
        PID:4844
        
        \??\c:\xlrllll.exe
        
        c:\xlrllll.exe
        516⤵
        
        PID:3716
        
        \??\c:\1hnhhh.exe
        
        c:\1hnhhh.exe
        517⤵
        
        PID:3356
        
        \??\c:\thnntt.exe
        
        c:\thnntt.exe
        518⤵
        
        PID:2260
        
        \??\c:\7ppjv.exe
        
        c:\7ppjv.exe
        519⤵
        
        PID:3712
        
        \??\c:\rflfllx.exe
        
        c:\rflfllx.exe
        520⤵
        
        PID:4640
        
        \??\c:\nhhbbt.exe
        
        c:\nhhbbt.exe
        521⤵
        
        PID:4852
        
        \??\c:\pjvdv.exe
        
        c:\pjvdv.exe
        522⤵
        
        PID:1632
        
        \??\c:\ffrlfxx.exe
        
        c:\ffrlfxx.exe
        523⤵
        
        PID:5036
        
        \??\c:\tnttnt.exe
        
        c:\tnttnt.exe
        524⤵
        
        PID:2096
        
        \??\c:\3bnnbh.exe
        
        c:\3bnnbh.exe
        525⤵
        
        PID:2992
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        526⤵
        
        PID:3456
        
        \??\c:\xxffxxx.exe
        
        c:\xxffxxx.exe
        527⤵
        
        PID:3344
        
        \??\c:\nbttnn.exe
        
        c:\nbttnn.exe
        528⤵
        
        PID:4948
        
        \??\c:\dpdjv.exe
        
        c:\dpdjv.exe
        529⤵
        
        PID:1808
        
        \??\c:\lxrlllf.exe
        
        c:\lxrlllf.exe
        530⤵
        
        PID:3732
        
        \??\c:\bntttn.exe
        
        c:\bntttn.exe
        531⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        \??\c:\btbtnb.exe
        
        c:\btbtnb.exe
        532⤵
        
        PID:1568
        
        \??\c:\vpdvv.exe
        
        c:\vpdvv.exe
        533⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        \??\c:\lllllrr.exe
        
        c:\lllllrr.exe
        534⤵
        
        PID:2264
        
        \??\c:\flrllrr.exe
        
        c:\flrllrr.exe
        535⤵
        
        PID:3628
        
        \??\c:\3hnhnt.exe
        
        c:\3hnhnt.exe
        536⤵
        
        PID:3908
        
        \??\c:\7vdvj.exe
        
        c:\7vdvj.exe
        537⤵
        
        PID:992
        
        \??\c:\lrffxxx.exe
        
        c:\lrffxxx.exe
        538⤵
        
        PID:4408
        
        \??\c:\ffrxflr.exe
        
        c:\ffrxflr.exe
        539⤵
        
        PID:880
        
        \??\c:\tntbbn.exe
        
        c:\tntbbn.exe
        540⤵
        
        PID:464
        
        \??\c:\dvppd.exe
        
        c:\dvppd.exe
        541⤵
        
        PID:1764
        
        \??\c:\lflffff.exe
        
        c:\lflffff.exe
        542⤵
        
        PID:1524
        
        \??\c:\nnbtnt.exe
        
        c:\nnbtnt.exe
        543⤵
        
        PID:1892
        
        \??\c:\1jjpj.exe
        
        c:\1jjpj.exe
        544⤵
        
        PID:3720
        
        \??\c:\lxfxxrx.exe
        
        c:\lxfxxrx.exe
        545⤵
        
        PID:3360
        
        \??\c:\ttntnb.exe
        
        c:\ttntnb.exe
        546⤵
        
        PID:2412
        
        \??\c:\bttnhh.exe
        
        c:\bttnhh.exe
        547⤵
        
        PID:4076
        
        \??\c:\vpppj.exe
        
        c:\vpppj.exe
        548⤵
        
        PID:3992
        
        \??\c:\3rrfxrr.exe
        
        c:\3rrfxrr.exe
        549⤵
        
        PID:4880
        
        \??\c:\nntttb.exe
        
        c:\nntttb.exe
        550⤵
        
        PID:2436
        
        \??\c:\vdvjd.exe
        
        c:\vdvjd.exe
        551⤵
        
        PID:4308
        
        \??\c:\llrlfxr.exe
        
        c:\llrlfxr.exe
        552⤵
        
        PID:1860
        
        \??\c:\rlxrrrr.exe
        
        c:\rlxrrrr.exe
        553⤵
        
        PID:1888
        
        \??\c:\hhnhhh.exe
        
        c:\hhnhhh.exe
        554⤵
        
        PID:4588
        
        \??\c:\ddpjd.exe
        
        c:\ddpjd.exe
        555⤵
        
        PID:1964
        
        \??\c:\lfrllfl.exe
        
        c:\lfrllfl.exe
        556⤵
        
        PID:1104
        
        \??\c:\9hbtnn.exe
        
        c:\9hbtnn.exe
        557⤵
        
        PID:3988
        
        \??\c:\bttnht.exe
        
        c:\bttnht.exe
        558⤵
        
        PID:3280
        
        \??\c:\1ddvp.exe
        
        c:\1ddvp.exe
        559⤵
        
        PID:64
        
        \??\c:\lxffrrl.exe
        
        c:\lxffrrl.exe
        560⤵
        
        PID:1040
        
        \??\c:\bthtnh.exe
        
        c:\bthtnh.exe
        561⤵
        
        PID:4284
        
        \??\c:\nhtnnn.exe
        
        c:\nhtnnn.exe
        562⤵
        
        PID:2884
        
        \??\c:\jdjjj.exe
        
        c:\jdjjj.exe
        563⤵
        
        PID:1644
        
        \??\c:\xxlffll.exe
        
        c:\xxlffll.exe
        564⤵
        
        PID:2724
        
        \??\c:\bnbbhh.exe
        
        c:\bnbbhh.exe
        565⤵
        
        PID:1376
        
        \??\c:\pdvpd.exe
        
        c:\pdvpd.exe
        566⤵
        
        PID:4388
        
        \??\c:\pvddd.exe
        
        c:\pvddd.exe
        567⤵
        
        PID:3588
        
        \??\c:\llflxxr.exe
        
        c:\llflxxr.exe
        568⤵
        
        PID:3924
        
        \??\c:\9bbthh.exe
        
        c:\9bbthh.exe
        569⤵
        
        PID:4024
        
        \??\c:\pdjdv.exe
        
        c:\pdjdv.exe
        570⤵
        
        PID:1616
        
        \??\c:\1flrffl.exe
        
        c:\1flrffl.exe
        571⤵
        
        PID:3604
        
        \??\c:\bntntt.exe
        
        c:\bntntt.exe
        572⤵
        
        PID:5112
        
        \??\c:\bthbnb.exe
        
        c:\bthbnb.exe
        573⤵
        
        PID:1048
        
        \??\c:\ddddv.exe
        
        c:\ddddv.exe
        574⤵
        
        PID:668
        
        \??\c:\llflrrf.exe
        
        c:\llflrrf.exe
        575⤵
        
        PID:4528
        
        \??\c:\tnhhhh.exe
        
        c:\tnhhhh.exe
        576⤵
        
        PID:2720
        
        \??\c:\xrrlfxr.exe
        
        c:\xrrlfxr.exe
        577⤵
        
        PID:4508
        
        \??\c:\3ththh.exe
        
        c:\3ththh.exe
        578⤵
        
        PID:4008
        
        \??\c:\bnnnht.exe
        
        c:\bnnnht.exe
        579⤵
        
        PID:3132
        
        \??\c:\ppvvp.exe
        
        c:\ppvvp.exe
        580⤵
        
        PID:1196
        
        \??\c:\fxrrlrf.exe
        
        c:\fxrrlrf.exe
        581⤵
        
        PID:856
        
        \??\c:\tbhbtn.exe
        
        c:\tbhbtn.exe
        582⤵
        
        PID:3600
        
        \??\c:\vvddv.exe
        
        c:\vvddv.exe
        583⤵
        
        PID:4092
        
        \??\c:\rflffrr.exe
        
        c:\rflffrr.exe
        584⤵
        
        PID:4928
        
        \??\c:\rrrrrff.exe
        
        c:\rrrrrff.exe
        585⤵
        
        PID:3108
        
        \??\c:\httnnh.exe
        
        c:\httnnh.exe
        586⤵
        
        PID:1424
        
        \??\c:\pdjdd.exe
        
        c:\pdjdd.exe
        587⤵
        
        PID:2388
        
        \??\c:\lxfxllf.exe
        
        c:\lxfxllf.exe
        588⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        \??\c:\hhtttt.exe
        
        c:\hhtttt.exe
        589⤵
        
        PID:5048
        
        \??\c:\vpvvp.exe
        
        c:\vpvvp.exe
        590⤵
        
        PID:2160
        
        \??\c:\fxrlrff.exe
        
        c:\fxrlrff.exe
        591⤵
        
        PID:1128
        
        \??\c:\rxrxlrf.exe
        
        c:\rxrxlrf.exe
        592⤵
        
        PID:4612
        
        \??\c:\7ttnbb.exe
        
        c:\7ttnbb.exe
        593⤵
        
        PID:4792
        
        \??\c:\pdpjv.exe
        
        c:\pdpjv.exe
        594⤵
        
        PID:3800
        
        \??\c:\lxrrflr.exe
        
        c:\lxrrflr.exe
        595⤵
        
        PID:1444
        
        \??\c:\7bnnbh.exe
        
        c:\7bnnbh.exe
        596⤵
        
        PID:4452
        
        \??\c:\nthhbh.exe
        
        c:\nthhbh.exe
        597⤵
        
        PID:1936
        
        \??\c:\vvdvp.exe
        
        c:\vvdvp.exe
        598⤵
        
        PID:4616
        
        \??\c:\rrrlfff.exe
        
        c:\rrrlfff.exe
        599⤵
        
        PID:1492
        
        \??\c:\3tthbt.exe
        
        c:\3tthbt.exe
        600⤵
        
        PID:4972
        
        \??\c:\tthhnn.exe
        
        c:\tthhnn.exe
        601⤵
        
        PID:1192
        
        \??\c:\vvddv.exe
        
        c:\vvddv.exe
        602⤵
        
        PID:2896
        
        \??\c:\xrrrffx.exe
        
        c:\xrrrffx.exe
        603⤵
        
        PID:5080
        
        \??\c:\ntnbhh.exe
        
        c:\ntnbhh.exe
        604⤵
        
        PID:3128
        
        \??\c:\thnhbt.exe
        
        c:\thnhbt.exe
        605⤵
        
        PID:2576
        
        \??\c:\ddvvd.exe
        
        c:\ddvvd.exe
        606⤵
        
        PID:3036
        
        \??\c:\fxlffff.exe
        
        c:\fxlffff.exe
        607⤵
        
        PID:3372
        
        \??\c:\hbbbhh.exe
        
        c:\hbbbhh.exe
        608⤵
        
        PID:4620
        
        \??\c:\pjpjd.exe
        
        c:\pjpjd.exe
        609⤵
        
        PID:4636
        
        \??\c:\ppvvj.exe
        
        c:\ppvvj.exe
        610⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        \??\c:\lrrfrlr.exe
        
        c:\lrrfrlr.exe
        611⤵
        
        PID:936
        
        \??\c:\nhnnnn.exe
        
        c:\nhnnnn.exe
        612⤵
        
        PID:4908
        
        \??\c:\1jjpd.exe
        
        c:\1jjpd.exe
        613⤵
        
        PID:2276
        
        \??\c:\rflxrrl.exe
        
        c:\rflxrrl.exe
        614⤵
        
        PID:964
        
        \??\c:\frxrffx.exe
        
        c:\frxrffx.exe
        615⤵
        
        PID:2248
        
        \??\c:\nbnnhh.exe
        
        c:\nbnnhh.exe
        616⤵
        
        PID:1896
        
        \??\c:\ppddj.exe
        
        c:\ppddj.exe
        617⤵
        
        PID:3760
        
        \??\c:\rlfxrrl.exe
        
        c:\rlfxrrl.exe
        618⤵
        
        PID:828
        
        \??\c:\7xrlflf.exe
        
        c:\7xrlflf.exe
        619⤵
        
        PID:4256
        
        \??\c:\bbtbbb.exe
        
        c:\bbtbbb.exe
        620⤵
        
        PID:4916
        
        \??\c:\dpvvj.exe
        
        c:\dpvvj.exe
        621⤵
        
        PID:3820
        
        \??\c:\rlrlfff.exe
        
        c:\rlrlfff.exe
        622⤵
        
        PID:916
        
        \??\c:\5htnnn.exe
        
        c:\5htnnn.exe
        623⤵
        
        PID:832
        
        \??\c:\nhnhbb.exe
        
        c:\nhnhbb.exe
        624⤵
        
        PID:564
        
        \??\c:\ddjjp.exe
        
        c:\ddjjp.exe
        625⤵
        
        PID:4676
        
        \??\c:\ffrxxxr.exe
        
        c:\ffrxxxr.exe
        626⤵
        
        PID:4416
        
        \??\c:\tntnhb.exe
        
        c:\tntnhb.exe
        627⤵
        
        PID:4664
        
        \??\c:\hhhtnh.exe
        
        c:\hhhtnh.exe
        628⤵
        
        PID:3452
        
        \??\c:\jddpp.exe
        
        c:\jddpp.exe
        629⤵
        
        PID:4264
        
        \??\c:\lxxlxxr.exe
        
        c:\lxxlxxr.exe
        630⤵
        
        PID:3460
        
        \??\c:\htnhhh.exe
        
        c:\htnhhh.exe
        631⤵
        
        PID:5056
        
        \??\c:\tttnhh.exe
        
        c:\tttnhh.exe
        632⤵
        
        PID:1984
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        633⤵
        
        PID:1472
        
        \??\c:\3pvpd.exe
        
        c:\3pvpd.exe
        634⤵
        
        PID:2828
        
        \??\c:\ffxrffx.exe
        
        c:\ffxrffx.exe
        635⤵
        
        PID:2184
        
        \??\c:\htbnhh.exe
        
        c:\htbnhh.exe
        636⤵
        
        PID:3276
        
        \??\c:\7dvjv.exe
        
        c:\7dvjv.exe
        637⤵
        
        PID:5084
        
        \??\c:\vjjpj.exe
        
        c:\vjjpj.exe
        638⤵
        
        PID:2288
        
        \??\c:\xrrlxxr.exe
        
        c:\xrrlxxr.exe
        639⤵
        
        PID:2780
        
        \??\c:\ntbbtn.exe
        
        c:\ntbbtn.exe
        640⤵
        
        PID:4608
        
        \??\c:\tbhnhb.exe
        
        c:\tbhnhb.exe
        641⤵
        
        PID:1800
        
        \??\c:\pppjj.exe
        
        c:\pppjj.exe
        642⤵
        
        PID:1424
        
        \??\c:\ffllxxx.exe
        
        c:\ffllxxx.exe
        643⤵
        
        PID:2388
        
        \??\c:\tthbtt.exe
        
        c:\tthbtt.exe
        644⤵
        
        PID:3208
        
        \??\c:\btthbt.exe
        
        c:\btthbt.exe
        645⤵
        
        PID:3580
        
        \??\c:\vvpjj.exe
        
        c:\vvpjj.exe
        646⤵
        
        PID:2160
        
        \??\c:\xrfxxxx.exe
        
        c:\xrfxxxx.exe
        647⤵
        
        PID:1128
        
        \??\c:\xfllxxr.exe
        
        c:\xfllxxr.exe
        648⤵
        
        PID:4612
        
        \??\c:\5tnntt.exe
        
        c:\5tnntt.exe
        649⤵
        
        PID:4792
        
        \??\c:\jdddp.exe
        
        c:\jdddp.exe
        650⤵
        
        PID:4292
        
        \??\c:\llfxrll.exe
        
        c:\llfxrll.exe
        651⤵
        
        PID:1444
        
        \??\c:\ffrllff.exe
        
        c:\ffrllff.exe
        652⤵
        
        PID:4452
        
        \??\c:\bbttnh.exe
        
        c:\bbttnh.exe
        653⤵
        
        PID:1936
        
        \??\c:\vpvvj.exe
        
        c:\vpvvj.exe
        654⤵
        
        PID:1212
        
        \??\c:\jvdvp.exe
        
        c:\jvdvp.exe
        655⤵
        
        PID:1492
        
        \??\c:\frxrflf.exe
        
        c:\frxrflf.exe
        656⤵
        
        PID:4972
        
        \??\c:\nntthh.exe
        
        c:\nntthh.exe
        657⤵
        
        PID:1612
        
        \??\c:\vjvpd.exe
        
        c:\vjvpd.exe
        658⤵
        
        PID:2896
        
        \??\c:\7pjpj.exe
        
        c:\7pjpj.exe
        659⤵
        
        PID:1700
        
        \??\c:\flrlxxr.exe
        
        c:\flrlxxr.exe
        660⤵
        
        PID:116
        
        \??\c:\frlxrrx.exe
        
        c:\frlxrrx.exe
        661⤵
        
        PID:2576
        
        \??\c:\hbhtbt.exe
        
        c:\hbhtbt.exe
        662⤵
        
        PID:1572
        
        \??\c:\pvdvp.exe
        
        c:\pvdvp.exe
        663⤵
        
        PID:2196
        
        \??\c:\1pjjv.exe
        
        c:\1pjjv.exe
        664⤵
        
        PID:3240
        
        \??\c:\lxffrrf.exe
        
        c:\lxffrrf.exe
        665⤵
        
        PID:1932
        
        \??\c:\bthbtn.exe
        
        c:\bthbtn.exe
        666⤵
        
        PID:4504
        
        \??\c:\pjpjv.exe
        
        c:\pjpjv.exe
        667⤵
        
        PID:936
        
        \??\c:\xxfxllf.exe
        
        c:\xxfxllf.exe
        668⤵
        
        PID:1948
        
        \??\c:\lfffxfx.exe
        
        c:\lfffxfx.exe
        669⤵
        
        PID:2276
        
        \??\c:\nbhbnn.exe
        
        c:\nbhbnn.exe
        670⤵
        
        PID:3516
        
        \??\c:\dpdvj.exe
        
        c:\dpdvj.exe
        671⤵
        
        PID:4172
        
        \??\c:\rllxlxr.exe
        
        c:\rllxlxr.exe
        672⤵
        
        PID:1660
        
        \??\c:\hthnhb.exe
        
        c:\hthnhb.exe
        673⤵
        
        PID:3760
        
        \??\c:\hnnhbb.exe
        
        c:\hnnhbb.exe
        674⤵
        
        PID:3568
        
        \??\c:\3rffllr.exe
        
        c:\3rffllr.exe
        675⤵
        
        PID:220
        
        \??\c:\lxlffll.exe
        
        c:\lxlffll.exe
        676⤵
        
        PID:3252
        
        \??\c:\nbtttt.exe
        
        c:\nbtttt.exe
        677⤵
        
        PID:4448
        
        \??\c:\9dvpj.exe
        
        c:\9dvpj.exe
        678⤵
        
        PID:916
        
        \??\c:\flflrfr.exe
        
        c:\flflrfr.exe
        679⤵
        
        PID:832
        
        \??\c:\nnthbt.exe
        
        c:\nnthbt.exe
        680⤵
        
        PID:564
        
        \??\c:\pdppj.exe
        
        c:\pdppj.exe
        681⤵
        
        PID:3004
        
        \??\c:\vddvj.exe
        
        c:\vddvj.exe
        682⤵
        
        PID:4416
        
        \??\c:\fllfffx.exe
        
        c:\fllfffx.exe
        683⤵
        
        PID:4664
        
        \??\c:\tnnhtt.exe
        
        c:\tnnhtt.exe
        684⤵
        
        PID:3452
        
        \??\c:\vvvpj.exe
        
        c:\vvvpj.exe
        685⤵
        
        PID:4852
        
        \??\c:\jddvp.exe
        
        c:\jddvp.exe
        686⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        \??\c:\fxflxlx.exe
        
        c:\fxflxlx.exe
        687⤵
        
        PID:4508
        
        \??\c:\3thbht.exe
        
        c:\3thbht.exe
        688⤵
        
        PID:1984
        
        \??\c:\vddvp.exe
        
        c:\vddvp.exe
        689⤵
        
        PID:1472
        
        \??\c:\xrxxxff.exe
        
        c:\xrxxxff.exe
        690⤵
        
        PID:3456
        
        \??\c:\tbhtnn.exe
        
        c:\tbhtnn.exe
        691⤵
        
        PID:2184
        
        \??\c:\dvdvv.exe
        
        c:\dvdvv.exe
        692⤵
        
        PID:3276
        
        \??\c:\rxfxrlf.exe
        
        c:\rxfxrlf.exe
        693⤵
        
        PID:5084
        
        \??\c:\xllrfrx.exe
        
        c:\xllrfrx.exe
        694⤵
        
        PID:2504
        
        \??\c:\hnbtnn.exe
        
        c:\hnbtnn.exe
        695⤵
        
        PID:2780
        
        \??\c:\dpjdv.exe
        
        c:\dpjdv.exe
        696⤵
        
        PID:4608
        
        \??\c:\xxrxlrl.exe
        
        c:\xxrxlrl.exe
        697⤵
        
        PID:1800
        
        \??\c:\xxxfxxr.exe
        
        c:\xxxfxxr.exe
        698⤵
        
        PID:1424
        
        \??\c:\tnnhbt.exe
        
        c:\tnnhbt.exe
        699⤵
        
        PID:5048
        
        \??\c:\ddppp.exe
        
        c:\ddppp.exe
        700⤵
        
        PID:3208
        
        \??\c:\fxlllll.exe
        
        c:\fxlllll.exe
        701⤵
        
        PID:3580
        
        \??\c:\frxfxrl.exe
        
        c:\frxfxrl.exe
        702⤵
        
        PID:2160
        
        \??\c:\btbbtb.exe
        
        c:\btbbtb.exe
        703⤵
        
        PID:2632
        
        \??\c:\vvpjp.exe
        
        c:\vvpjp.exe
        704⤵
        
        PID:3348
        
        \??\c:\xrlfrff.exe
        
        c:\xrlfrff.exe
        705⤵
        
        PID:4728
        
        \??\c:\tbhhbb.exe
        
        c:\tbhhbb.exe
        706⤵
        
        PID:756
        
        \??\c:\jdjpj.exe
        
        c:\jdjpj.exe
        707⤵
        
        PID:3880
        
        \??\c:\dvppj.exe
        
        c:\dvppj.exe
        708⤵
        
        PID:1944
        
        \??\c:\1lllffr.exe
        
        c:\1lllffr.exe
        709⤵
        
        PID:1144
        
        \??\c:\htbttt.exe
        
        c:\htbttt.exe
        710⤵
        
        PID:412
        
        \??\c:\hhnnhh.exe
        
        c:\hhnnhh.exe
        711⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        \??\c:\vdvvv.exe
        
        c:\vdvvv.exe
        712⤵
        
        PID:1900
        
        \??\c:\xlxrlrr.exe
        
        c:\xlxrlrr.exe
        713⤵
        
        PID:5080
        
        \??\c:\fxllrrf.exe
        
        c:\fxllrrf.exe
        714⤵
        
        PID:1416
        
        \??\c:\nnnttt.exe
        
        c:\nnnttt.exe
        715⤵
        
        PID:3876
        
        \??\c:\pjppp.exe
        
        c:\pjppp.exe
        716⤵
        
        PID:116
        
        \??\c:\xrlfxff.exe
        
        c:\xrlfxff.exe
        717⤵
        
        PID:4312
        
        \??\c:\1frrrrr.exe
        
        c:\1frrrrr.exe
        718⤵
        
        PID:1820
        
        \??\c:\nnbhnb.exe
        
        c:\nnbhnb.exe
        719⤵
        
        PID:4148
        
        \??\c:\9ppvp.exe
        
        c:\9ppvp.exe
        720⤵
        
        PID:1888
        
        \??\c:\pdjjp.exe
        
        c:\pdjjp.exe
        721⤵
        
        PID:3228
        
        \??\c:\9xfxffx.exe
        
        c:\9xfxffx.exe
        722⤵
        
        PID:4736
        
        \??\c:\tnttbb.exe
        
        c:\tnttbb.exe
        723⤵
        
        PID:5016
        
        \??\c:\jdjjv.exe
        
        c:\jdjjv.exe
        724⤵
        
        PID:1104
        
        \??\c:\pjdjd.exe
        
        c:\pjdjd.exe
        725⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
        
        \??\c:\5llfxxx.exe
        
        c:\5llfxxx.exe
        726⤵
        
        PID:320
        
        \??\c:\thnhhh.exe
        
        c:\thnhhh.exe
        727⤵
        
        PID:1040
        
        \??\c:\3pvdd.exe
        
        c:\3pvdd.exe
        728⤵
        
        PID:4284
        
        \??\c:\pvjjj.exe
        
        c:\pvjjj.exe
        729⤵
        
        PID:1896
        
        \??\c:\lxrrlrl.exe
        
        c:\lxrrlrl.exe
        730⤵
        
        PID:4196
        
        \??\c:\hnhbhn.exe
        
        c:\hnhbhn.exe
        731⤵
        
        PID:1036
        
        \??\c:\vpppp.exe
        
        c:\vpppp.exe
        732⤵
        
        PID:1464
        
        \??\c:\vdjjj.exe
        
        c:\vdjjj.exe
        733⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        \??\c:\lfxffff.exe
        
        c:\lfxffff.exe
        734⤵
        
        PID:2424
        
        \??\c:\nnhntt.exe
        
        c:\nnhntt.exe
        735⤵
        
        PID:2984
        
        \??\c:\hththh.exe
        
        c:\hththh.exe
        736⤵
        
        PID:3924
        
        \??\c:\vpddd.exe
        
        c:\vpddd.exe
        737⤵
        
        PID:4176
        
        \??\c:\jdppp.exe
        
        c:\jdppp.exe
        738⤵
        
        PID:1616
        
        \??\c:\lxlllll.exe
        
        c:\lxlllll.exe
        739⤵
        
        PID:776
        
        \??\c:\bbhhbb.exe
        
        c:\bbhhbb.exe
        740⤵
        
        PID:2260
        
        \??\c:\vdvjj.exe
        
        c:\vdvjj.exe
        741⤵
        
        PID:2348
        
        \??\c:\vvjdp.exe
        
        c:\vvjdp.exe
        742⤵
        
        PID:4640
        
        \??\c:\lrlffll.exe
        
        c:\lrlffll.exe
        743⤵
        
        PID:1408
        
        \??\c:\bbhhhn.exe
        
        c:\bbhhhn.exe
        744⤵
        
        PID:1008
        
        \??\c:\nhbbbh.exe
        
        c:\nhbbbh.exe
        745⤵
        
        PID:2992
        
        \??\c:\rrfxllx.exe
        
        c:\rrfxllx.exe
        746⤵
        
        PID:1196
        
        \??\c:\hthhbh.exe
        
        c:\hthhbh.exe
        747⤵
        
        PID:3456
        
        \??\c:\bhhtnt.exe
        
        c:\bhhtnt.exe
        748⤵
        
        PID:3960
        
        \??\c:\pppvd.exe
        
        c:\pppvd.exe
        749⤵
        
        PID:2756
        
        \??\c:\rllllll.exe
        
        c:\rllllll.exe
        750⤵
        System Location Discovery: System Language Discovery
        
        PID:1420
        
        \??\c:\btttnn.exe
        
        c:\btttnn.exe
        751⤵
        
        PID:3496
        
        \??\c:\vdppj.exe
        
        c:\vdppj.exe
        752⤵
        
        PID:3832
        
        \??\c:\rlfxxxx.exe
        
        c:\rlfxxxx.exe
        753⤵
        
        PID:4796
        
        \??\c:\nbtthh.exe
        
        c:\nbtthh.exe
        754⤵
        
        PID:3160
        
        \??\c:\1bnnbh.exe
        
        c:\1bnnbh.exe
        755⤵
        
        PID:1576
        
        \??\c:\vdjjd.exe
        
        c:\vdjjd.exe
        756⤵
        
        PID:228
        
        \??\c:\ddjjd.exe
        
        c:\ddjjd.exe
        757⤵
        
        PID:3208
        
        \??\c:\rlxrlxf.exe
        
        c:\rlxrlxf.exe
        758⤵
        
        PID:1924
        
        \??\c:\nhbthn.exe
        
        c:\nhbthn.exe
        759⤵
        
        PID:1720
        
        \??\c:\vpddd.exe
        
        c:\vpddd.exe
        760⤵
        
        PID:1588
        
        \??\c:\3pppj.exe
        
        c:\3pppj.exe
        761⤵
        
        PID:464
        
        \??\c:\fxffxfx.exe
        
        c:\fxffxfx.exe
        762⤵
        
        PID:1764
        
        \??\c:\thbhbn.exe
        
        c:\thbhbn.exe
        763⤵
        
        PID:1688
        
        \??\c:\jdjpp.exe
        
        c:\jdjpp.exe
        764⤵
        
        PID:4452
        
        \??\c:\jdppj.exe
        
        c:\jdppj.exe
        765⤵
        
        PID:3720
        
        \??\c:\flxxxff.exe
        
        c:\flxxxff.exe
        766⤵
        
        PID:3360
        
        \??\c:\3nttth.exe
        
        c:\3nttth.exe
        767⤵
        
        PID:1228
        
        \??\c:\hthhnt.exe
        
        c:\hthhnt.exe
        768⤵
        
        PID:1504
        
        \??\c:\dvddj.exe
        
        c:\dvddj.exe
        769⤵
        
        PID:4800
        
        \??\c:\fxrlrxf.exe
        
        c:\fxrlrxf.exe
        770⤵
        
        PID:2896
        
        \??\c:\llfllrf.exe
        
        c:\llfllrf.exe
        771⤵
        
        PID:704
        
        \??\c:\hhtnnt.exe
        
        c:\hhtnnt.exe
        772⤵
        
        PID:2228
        
        \??\c:\jpvvp.exe
        
        c:\jpvvp.exe
        773⤵
        
        PID:1448
        
        \??\c:\lrrrlll.exe
        
        c:\lrrrlll.exe
        774⤵
        
        PID:3372
        
        \??\c:\xfxxxxl.exe
        
        c:\xfxxxxl.exe
        775⤵
        
        PID:2988
        
        \??\c:\tttbtt.exe
        
        c:\tttbtt.exe
        776⤵
        
        PID:3744
        
        \??\c:\pjddd.exe
        
        c:\pjddd.exe
        777⤵
        
        PID:2196
        
        \??\c:\xxrlllr.exe
        
        c:\xxrlllr.exe
        778⤵
        
        PID:4164
        
        \??\c:\hhhttt.exe
        
        c:\hhhttt.exe
        779⤵
        
        PID:808
        
        \??\c:\bhbtnt.exe
        
        c:\bhbtnt.exe
        780⤵
        
        PID:4236
        
        \??\c:\pjpjj.exe
        
        c:\pjpjj.exe
        781⤵
        
        PID:1104
        
        \??\c:\rfrlfff.exe
        
        c:\rfrlfff.exe
        782⤵
        
        PID:4772
        
        \??\c:\lflfxrl.exe
        
        c:\lflfxrl.exe
        783⤵
        
        PID:320
        
        \??\c:\7tbbtt.exe
        
        c:\7tbbtt.exe
        784⤵
        
        PID:4884
        
        \??\c:\jjvvp.exe
        
        c:\jjvvp.exe
        785⤵
        
        PID:4284
        
        \??\c:\rrxxxxf.exe
        
        c:\rrxxxxf.exe
        786⤵
        
        PID:828
        
        \??\c:\lfffxrl.exe
        
        c:\lfffxrl.exe
        787⤵
        
        PID:3328
        
        \??\c:\thttnt.exe
        
        c:\thttnt.exe
        788⤵
        
        PID:1036
        
        \??\c:\9pvvp.exe
        
        c:\9pvvp.exe
        789⤵
        
        PID:1376
        
        \??\c:\llfxflf.exe
        
        c:\llfxflf.exe
        790⤵
        
        PID:3252
        
        \??\c:\lffffll.exe
        
        c:\lffffll.exe
        791⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        \??\c:\nbnnnn.exe
        
        c:\nbnnnn.exe
        792⤵
        
        PID:4384
        
        \??\c:\vjdjj.exe
        
        c:\vjdjj.exe
        793⤵
        
        PID:832
        
        \??\c:\xrlxffl.exe
        
        c:\xrlxffl.exe
        794⤵
        
        PID:4176
        
        \??\c:\ththhh.exe
        
        c:\ththhh.exe
        795⤵
        
        PID:1048
        
        \??\c:\pjjdp.exe
        
        c:\pjjdp.exe
        796⤵
        
        PID:4416
        
        \??\c:\djppj.exe
        
        c:\djppj.exe
        797⤵
        
        PID:2260
        
        \??\c:\flrlfxr.exe
        
        c:\flrlfxr.exe
        798⤵
        
        PID:2348
        
        \??\c:\htbbtb.exe
        
        c:\htbbtb.exe
        799⤵
        
        PID:5056
        
        \??\c:\vjvpj.exe
        
        c:\vjvpj.exe
        800⤵
        
        PID:4508
        
        \??\c:\3ffxrfx.exe
        
        c:\3ffxrfx.exe
        801⤵
        
        PID:1008
        
        \??\c:\tbnnbb.exe
        
        c:\tbnnbb.exe
        802⤵
        
        PID:4724
        
        \??\c:\jdpvv.exe
        
        c:\jdpvv.exe
        803⤵
        
        PID:4512
        
        \??\c:\vdjdd.exe
        
        c:\vdjdd.exe
        804⤵
        
        PID:4092
        
        \??\c:\rfrfffx.exe
        
        c:\rfrfffx.exe
        805⤵
        
        PID:3960
        
        \??\c:\htnbtb.exe
        
        c:\htnbtb.exe
        806⤵
        
        PID:5084
        
        \??\c:\9vvvd.exe
        
        c:\9vvvd.exe
        807⤵
        
        PID:3088
        
        \??\c:\djpjv.exe
        
        c:\djpjv.exe
        808⤵
        
        PID:1652
        
        \??\c:\lxrlffx.exe
        
        c:\lxrlffx.exe
        809⤵
        
        PID:3496
        
        \??\c:\hntntt.exe
        
        c:\hntntt.exe
        810⤵
        
        PID:1136
        
        \??\c:\htbhbb.exe
        
        c:\htbhbb.exe
        811⤵
        
        PID:5004
        
        \??\c:\vpvpp.exe
        
        c:\vpvpp.exe
        812⤵
        
        PID:3628
        
        \??\c:\xfxxllx.exe
        
        c:\xfxxllx.exe
        813⤵
        
        PID:5012
        
        \??\c:\9xxxxxx.exe
        
        c:\9xxxxxx.exe
        814⤵
        
        PID:228
        
        \??\c:\bbhnnn.exe
        
        c:\bbhnnn.exe
        815⤵
        
        PID:2476
        
        \??\c:\dppdv.exe
        
        c:\dppdv.exe
        816⤵
        
        PID:1924
        
        \??\c:\xxflffx.exe
        
        c:\xxflffx.exe
        817⤵
        
        PID:1720
        
        \??\c:\3ffflff.exe
        
        c:\3ffflff.exe
        818⤵
        
        PID:1588
        
        \??\c:\3nttnn.exe
        
        c:\3nttnn.exe
        819⤵
        
        PID:1524
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        820⤵
        
        PID:1764
        
        \??\c:\xxlrlrl.exe
        
        c:\xxlrlrl.exe
        821⤵
        
        PID:1460
        
        \??\c:\bbhhbh.exe
        
        c:\bbhhbh.exe
        822⤵
        
        PID:4452
        
        \??\c:\bbbnhb.exe
        
        c:\bbbnhb.exe
        823⤵
        
        PID:1192
        
        \??\c:\rlxxxfl.exe
        
        c:\rlxxxfl.exe
        824⤵
        
        PID:2468
        
        \??\c:\7llfrrf.exe
        
        c:\7llfrrf.exe
        825⤵
        
        PID:1228
        
        \??\c:\hbnhbn.exe
        
        c:\hbnhbn.exe
        826⤵
        
        PID:1504
        
        \??\c:\pdvpj.exe
        
        c:\pdvpj.exe
        827⤵
        
        PID:2676
        
        \??\c:\jpvjd.exe
        
        c:\jpvjd.exe
        828⤵
        
        PID:704
        
        \??\c:\7rxxlff.exe
        
        c:\7rxxlff.exe
        829⤵
        
        PID:2716
        
        \??\c:\hnnhbt.exe
        
        c:\hnnhbt.exe
        830⤵
        
        PID:632
        
        \??\c:\nhbnht.exe
        
        c:\nhbnht.exe
        831⤵
        
        PID:3372
        
        \??\c:\vdvpd.exe
        
        c:\vdvpd.exe
        832⤵
        
        PID:3468
        
        \??\c:\rllfrrx.exe
        
        c:\rllfrrx.exe
        833⤵
        
        PID:2152
        
        \??\c:\hnhbnn.exe
        
        c:\hnhbnn.exe
        834⤵
        
        PID:4908
        
        \??\c:\ppppd.exe
        
        c:\ppppd.exe
        835⤵
        
        PID:936
        
        \??\c:\dpppj.exe
        
        c:\dpppj.exe
        836⤵
        
        PID:4236
        
        \??\c:\xfxlfff.exe
        
        c:\xfxlfff.exe
        837⤵
        
        PID:3748
        
        \??\c:\7hhbbb.exe
        
        c:\7hhbbb.exe
        838⤵
        
        PID:4772
        
        \??\c:\1vppp.exe
        
        c:\1vppp.exe
        839⤵
        
        PID:3320
        
        \??\c:\1jpdv.exe
        
        c:\1jpdv.exe
        840⤵
        
        PID:1660
        
        \??\c:\5flflfl.exe
        
        c:\5flflfl.exe
        841⤵
        
        PID:4284
        
        \??\c:\ntbthh.exe
        
        c:\ntbthh.exe
        842⤵
        
        PID:880
        
        \??\c:\jdvdd.exe
        
        c:\jdvdd.exe
        843⤵
        
        PID:3328
        
        \??\c:\fllllll.exe
        
        c:\fllllll.exe
        844⤵
        
        PID:1036
        
        \??\c:\xflfxxr.exe
        
        c:\xflfxxr.exe
        845⤵
        
        PID:3316
        
        \??\c:\bthhbb.exe
        
        c:\bthhbb.exe
        846⤵
        
        PID:916
        
        \??\c:\ppvvv.exe
        
        c:\ppvvv.exe
        847⤵
        
        PID:4448
        
        \??\c:\llrlfll.exe
        
        c:\llrlfll.exe
        848⤵
        
        PID:4384
        
        \??\c:\hhtbbt.exe
        
        c:\hhtbbt.exe
        849⤵
        
        PID:564
        
        \??\c:\vvdvp.exe
        
        c:\vvdvp.exe
        850⤵
        System Location Discovery: System Language Discovery
        
        PID:4960
        
        \??\c:\3ddjd.exe
        
        c:\3ddjd.exe
        851⤵
        
        PID:4264
        
        \??\c:\lxflxxr.exe
        
        c:\lxflxxr.exe
        852⤵
        
        PID:3752
        
        \??\c:\bttnbb.exe
        
        c:\bttnbb.exe
        853⤵
        
        PID:5036
        
        \??\c:\bbhbnb.exe
        
        c:\bbhbnb.exe
        854⤵
        
        PID:1020
        
        \??\c:\jpvpj.exe
        
        c:\jpvpj.exe
        855⤵
        
        PID:1436
        
        \??\c:\flffxff.exe
        
        c:\flffxff.exe
        856⤵
        
        PID:2624
        
        \??\c:\nbtbbb.exe
        
        c:\nbtbbb.exe
        857⤵
        
        PID:2352
        
        \??\c:\dvdvp.exe
        
        c:\dvdvp.exe
        858⤵
        
        PID:3936
        
        \??\c:\rffrrrr.exe
        
        c:\rffrrrr.exe
        859⤵
        
        PID:2288
        
        \??\c:\xlrrlfx.exe
        
        c:\xlrrlfx.exe
        860⤵
        
        PID:4756
        
        \??\c:\3bnntt.exe
        
        c:\3bnntt.exe
        861⤵
        
        PID:4928
        
        \??\c:\bbbttt.exe
        
        c:\bbbttt.exe
        862⤵
        
        PID:868
        
        \??\c:\dpddv.exe
        
        c:\dpddv.exe
        863⤵
        
        PID:2804
        
        \??\c:\nhntbb.exe
        
        c:\nhntbb.exe
        864⤵
        
        PID:2020
        
        \??\c:\pjjdv.exe
        
        c:\pjjdv.exe
        865⤵
        
        PID:1800
        
        \??\c:\3vdvp.exe
        
        c:\3vdvp.exe
        866⤵
        
        PID:1424
        
        \??\c:\rllfllf.exe
        
        c:\rllfllf.exe
        867⤵
        
        PID:5048
        
        \??\c:\bhnttb.exe
        
        c:\bhnttb.exe
        868⤵
        
        PID:996
        
        \??\c:\jpvpj.exe
        
        c:\jpvpj.exe
        869⤵
        
        PID:1128
        
        \??\c:\jdddd.exe
        
        c:\jdddd.exe
        870⤵
        
        PID:4856
        
        \??\c:\fxfrllf.exe
        
        c:\fxfrllf.exe
        871⤵
        
        PID:1580
        
        \??\c:\bntnnb.exe
        
        c:\bntnnb.exe
        872⤵
        
        PID:4292
        
        \??\c:\vvvpj.exe
        
        c:\vvvpj.exe
        873⤵
        
        PID:452
        
        \??\c:\ddppj.exe
        
        c:\ddppj.exe
        874⤵
        
        PID:1352
        
        \??\c:\5xrlrrr.exe
        
        c:\5xrlrrr.exe
        875⤵
        
        PID:4108
        
        \??\c:\nnbbtn.exe
        
        c:\nnbbtn.exe
        876⤵
        
        PID:2364
        
        \??\c:\pvjpp.exe
        
        c:\pvjpp.exe
        877⤵
        
        PID:2592
        
        \??\c:\llrrrrr.exe
        
        c:\llrrrrr.exe
        878⤵
        
        PID:3664
        
        \??\c:\thtttt.exe
        
        c:\thtttt.exe
        879⤵
        
        PID:1304
        
        \??\c:\9tnhhb.exe
        
        c:\9tnhhb.exe
        880⤵
        
        PID:2032
        
        \??\c:\fxllfll.exe
        
        c:\fxllfll.exe
        881⤵
        
        PID:4800
        
        \??\c:\llrrffl.exe
        
        c:\llrrffl.exe
        882⤵
        
        PID:3528
        
        \??\c:\bntnbb.exe
        
        c:\bntnbb.exe
        883⤵
        
        PID:3036
        
        \??\c:\bnthbh.exe
        
        c:\bnthbh.exe
        884⤵
        
        PID:4312
        
        \??\c:\vjvvv.exe
        
        c:\vjvvv.exe
        885⤵
        
        PID:1820
        
        \??\c:\rrlfrrf.exe
        
        c:\rrlfrrf.exe
        886⤵
        
        PID:2056
        
        \??\c:\1thbtt.exe
        
        c:\1thbtt.exe
        887⤵
        
        PID:3240
        
        \??\c:\1ttnbb.exe
        
        c:\1ttnbb.exe
        888⤵
        
        PID:4588
        
        \??\c:\ddpjj.exe
        
        c:\ddpjj.exe
        889⤵
        
        PID:736
        
        \??\c:\rxfxrrr.exe
        
        c:\rxfxrrr.exe
        890⤵
        
        PID:4476
        
        \??\c:\5bhtnh.exe
        
        c:\5bhtnh.exe
        891⤵
        
        PID:1476
        
        \??\c:\7pvvj.exe
        
        c:\7pvvj.exe
        892⤵
        
        PID:2248
        
        \??\c:\lfllfll.exe
        
        c:\lfllfll.exe
        893⤵
        
        PID:1284
        
        \??\c:\bnthbb.exe
        
        c:\bnthbb.exe
        894⤵
        
        PID:3396
        
        \??\c:\tbbbnn.exe
        
        c:\tbbbnn.exe
        895⤵
        
        PID:4012
        
        \??\c:\3jvpp.exe
        
        c:\3jvpp.exe
        896⤵
        
        PID:1644
        
        \??\c:\lrxrlfx.exe
        
        c:\lrxrlfx.exe
        897⤵
        
        PID:3536
        
        \??\c:\xxfxxrl.exe
        
        c:\xxfxxrl.exe
        898⤵
        
        PID:384
        
        \??\c:\hhhbtn.exe
        
        c:\hhhbtn.exe
        899⤵
        
        PID:2224
        
        \??\c:\pjjvp.exe
        
        c:\pjjvp.exe
        900⤵
        
        PID:3096
        
        \??\c:\pdjdv.exe
        
        c:\pdjdv.exe
        901⤵
        
        PID:4332
        
        \??\c:\flxxlrx.exe
        
        c:\flxxlrx.exe
        902⤵
        
        PID:2424
        
        \??\c:\tntttb.exe
        
        c:\tntttb.exe
        903⤵
        
        PID:2984
        
        \??\c:\ddddj.exe
        
        c:\ddddj.exe
        904⤵
        
        PID:3924
        
        \??\c:\ppvjd.exe
        
        c:\ppvjd.exe
        905⤵
        
        PID:3356
        
        \??\c:\lxlllll.exe
        
        c:\lxlllll.exe
        906⤵
        
        PID:564
        
        \??\c:\ttbnhb.exe
        
        c:\ttbnhb.exe
        907⤵
        
        PID:1336
        
        \??\c:\nthbtt.exe
        
        c:\nthbtt.exe
        908⤵
        
        PID:4264
        
        \??\c:\ppvpj.exe
        
        c:\ppvpj.exe
        909⤵
        
        PID:3752
        
        \??\c:\fxrrrrr.exe
        
        c:\fxrrrrr.exe
        910⤵
        
        PID:1840
        
        \??\c:\ttbbhb.exe
        
        c:\ttbbhb.exe
        911⤵
        
        PID:1020
        
        \??\c:\jvdvp.exe
        
        c:\jvdvp.exe
        912⤵
        
        PID:3600
        
        \??\c:\7rxrxrx.exe
        
        c:\7rxrxrx.exe
        913⤵
        
        PID:2624
        
        \??\c:\bttnnh.exe
        
        c:\bttnnh.exe
        914⤵
        
        PID:2352
        
        \??\c:\1pppp.exe
        
        c:\1pppp.exe
        915⤵
        
        PID:3632
        
        \??\c:\7pjjd.exe
        
        c:\7pjjd.exe
        916⤵
        
        PID:4152
        
        \??\c:\lllfxll.exe
        
        c:\lllfxll.exe
        917⤵
        
        PID:2504
        
        \??\c:\hnthtt.exe
        
        c:\hnthtt.exe
        918⤵
        
        PID:1420
        
        \??\c:\bbnhnn.exe
        
        c:\bbnhnn.exe
        919⤵
        
        PID:1652
        
        \??\c:\djpjd.exe
        
        c:\djpjd.exe
        920⤵
        
        PID:2804
        
        \??\c:\9flrrxr.exe
        
        c:\9flrrxr.exe
        921⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        \??\c:\5htnnn.exe
        
        c:\5htnnn.exe
        922⤵
        
        PID:1244
        
        \??\c:\jjppj.exe
        
        c:\jjppj.exe
        923⤵
        
        PID:3208
        
        \??\c:\nhbnnn.exe
        
        c:\nhbnnn.exe
        924⤵
        
        PID:2632
        
        \??\c:\hbbtnn.exe
        
        c:\hbbtnn.exe
        925⤵
        
        PID:3244
        
        \??\c:\7ppjd.exe
        
        c:\7ppjd.exe
        926⤵
        
        PID:1924
        
        \??\c:\lxffxxx.exe
        
        c:\lxffxxx.exe
        927⤵
        
        PID:3652
        
        \??\c:\5bhhhn.exe
        
        c:\5bhhhn.exe
        928⤵
        
        PID:1892
        
        \??\c:\1tnbnn.exe
        
        c:\1tnbnn.exe
        929⤵
        
        PID:1688
        
        \??\c:\jddvp.exe
        
        c:\jddvp.exe
        930⤵
        
        PID:1764
        
        \??\c:\7frlffx.exe
        
        c:\7frlffx.exe
        931⤵
        
        PID:3720
        
        \??\c:\lrrrrfx.exe
        
        c:\lrrrrfx.exe
        932⤵
        
        PID:3360
        
        \??\c:\htbbtn.exe
        
        c:\htbbtn.exe
        933⤵
        
        PID:4972
        
        \??\c:\vvddv.exe
        
        c:\vvddv.exe
        934⤵
        
        PID:2468
        
        \??\c:\ppddp.exe
        
        c:\ppddp.exe
        935⤵
        
        PID:1228
        
        \??\c:\tnhbhn.exe
        
        c:\tnhbhn.exe
        936⤵
        
        PID:3336
        
        \??\c:\btnhhh.exe
        
        c:\btnhhh.exe
        937⤵
        
        PID:4672
        
        \??\c:\djpjv.exe
        
        c:\djpjv.exe
        938⤵
        
        PID:4040
        
        \??\c:\fxxlxxr.exe
        
        c:\fxxlxxr.exe
        939⤵
        
        PID:704
        
        \??\c:\hhntbt.exe
        
        c:\hhntbt.exe
        940⤵
        
        PID:2568
        
        \??\c:\thhhtn.exe
        
        c:\thhhtn.exe
        941⤵
        
        PID:3120
        
        \??\c:\djpjv.exe
        
        c:\djpjv.exe
        942⤵
        
        PID:1964
        
        \??\c:\llxrffx.exe
        
        c:\llxrffx.exe
        943⤵
        
        PID:3680
        
        \??\c:\bbtnhn.exe
        
        c:\bbtnhn.exe
        944⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        \??\c:\dvjdv.exe
        
        c:\dvjdv.exe
        945⤵
        
        PID:1120
        
        \??\c:\vpjjd.exe
        
        c:\vpjjd.exe
        946⤵
        
        PID:4976
        
        \??\c:\xfllxff.exe
        
        c:\xfllxff.exe
        947⤵
        
        PID:1816
        
        \??\c:\hnbthh.exe
        
        c:\hnbthh.exe
        948⤵
        
        PID:2276
        
        \??\c:\thnbhh.exe
        
        c:\thnbhh.exe
        949⤵
        
        PID:3204
        
        \??\c:\dpvpj.exe
        
        c:\dpvpj.exe
        950⤵
        
        PID:2952
        
        \??\c:\frxxrrr.exe
        
        c:\frxxrrr.exe
        951⤵
        
        PID:3996
        
        \??\c:\5hnhhh.exe
        
        c:\5hnhhh.exe
        952⤵
        
        PID:4196
        
        \??\c:\pjvvv.exe
        
        c:\pjvvv.exe
        953⤵
        
        PID:4760
        
        \??\c:\9pddv.exe
        
        c:\9pddv.exe
        954⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        \??\c:\tnbtnt.exe
        
        c:\tnbtnt.exe
        955⤵
        
        PID:1036
        
        \??\c:\bntnhb.exe
        
        c:\bntnhb.exe
        956⤵
        
        PID:1388
        
        \??\c:\dvpjd.exe
        
        c:\dvpjd.exe
        957⤵
        
        PID:4492
        
        \??\c:\xlxllxf.exe
        
        c:\xlxllxf.exe
        958⤵
        
        PID:2176
        
        \??\c:\hnhhbh.exe
        
        c:\hnhhbh.exe
        959⤵
        
        PID:4384
        
        \??\c:\tnbbhn.exe
        
        c:\tnbbhn.exe
        960⤵
        
        PID:4668
        
        \??\c:\jdjdv.exe
        
        c:\jdjdv.exe
        961⤵
        
        PID:3576
        
        \??\c:\9djjd.exe
        
        c:\9djjd.exe
        962⤵
        
        PID:2180
        
        \??\c:\xrllfff.exe
        
        c:\xrllfff.exe
        963⤵
        
        PID:2348
        
        \??\c:\9bbtbh.exe
        
        c:\9bbtbh.exe
        964⤵
        
        PID:5056
        
        \??\c:\jjpjd.exe
        
        c:\jjpjd.exe
        965⤵
        
        PID:2828
        
        \??\c:\9pddv.exe
        
        c:\9pddv.exe
        966⤵
        
        PID:856
        
        \??\c:\llrrlrr.exe
        
        c:\llrrlrr.exe
        967⤵
        
        PID:3020
        
        \??\c:\nbthbb.exe
        
        c:\nbthbb.exe
        968⤵
        
        PID:1808
        
        \??\c:\pjddd.exe
        
        c:\pjddd.exe
        969⤵
        
        PID:3936
        
        \??\c:\rllfrll.exe
        
        c:\rllfrll.exe
        970⤵
        
        PID:3040
        
        \??\c:\nttttt.exe
        
        c:\nttttt.exe
        971⤵
        
        PID:3960
        
        \??\c:\ddddp.exe
        
        c:\ddddp.exe
        972⤵
        
        PID:4928
        
        \??\c:\7rrfrrl.exe
        
        c:\7rrfrrl.exe
        973⤵
        
        PID:868
        
        \??\c:\rxfxrrl.exe
        
        c:\rxfxrrl.exe
        974⤵
        
        PID:2264
        
        \??\c:\hbnnhh.exe
        
        c:\hbnnhh.exe
        975⤵
        
        PID:5052
        
        \??\c:\ppvvj.exe
        
        c:\ppvvj.exe
        976⤵
        
        PID:1136
        
        \??\c:\lffxxxr.exe
        
        c:\lffxxxr.exe
        977⤵
        
        PID:3580
        
        \??\c:\hhtnbb.exe
        
        c:\hhtnbb.exe
        978⤵
        
        PID:3228
        
        \??\c:\nhtnhh.exe
        
        c:\nhtnhh.exe
        979⤵
        
        PID:1608
        
        \??\c:\ddpjj.exe
        
        c:\ddpjj.exe
        980⤵
        
        PID:4612
        
        \??\c:\9rlfrrl.exe
        
        c:\9rlfrrl.exe
        981⤵
        
        PID:2476
        
        \??\c:\xxffxrl.exe
        
        c:\xxffxrl.exe
        982⤵
        
        PID:4436
        
        \??\c:\5ntttn.exe
        
        c:\5ntttn.exe
        983⤵
        
        PID:1444
        
        \??\c:\pdpjd.exe
        
        c:\pdpjd.exe
        984⤵
        
        PID:1524
        
        \??\c:\rlrlfll.exe
        
        c:\rlrlfll.exe
        985⤵
        
        PID:1892
        
        \??\c:\hhnhhh.exe
        
        c:\hhnhhh.exe
        986⤵
        
        PID:412
        
        \??\c:\tbntbh.exe
        
        c:\tbntbh.exe
        987⤵
        
        PID:4128
        
        \??\c:\jjppd.exe
        
        c:\jjppd.exe
        988⤵
        
        PID:3720
        
        \??\c:\lffxrfr.exe
        
        c:\lffxrfr.exe
        989⤵
        
        PID:3360
        
        \??\c:\hhnbbn.exe
        
        c:\hhnbbn.exe
        990⤵
        
        PID:4168
        
        \??\c:\jvjvj.exe
        
        c:\jvjvj.exe
        991⤵
        
        PID:2468
        
        \??\c:\3fllrrr.exe
        
        c:\3fllrrr.exe
        992⤵
        
        PID:1504
        
        \??\c:\flrlxxl.exe
        
        c:\flrlxxl.exe
        993⤵
        
        PID:3336
        
        \??\c:\hhtthh.exe
        
        c:\hhtthh.exe
        994⤵
        
        PID:4080
        
        \??\c:\dvvpj.exe
        
        c:\dvvpj.exe
        995⤵
        
        PID:1448
        
        \??\c:\vppjv.exe
        
        c:\vppjv.exe
        996⤵
        
        PID:1724
        
        \??\c:\rfffxxr.exe
        
        c:\rfffxxr.exe
        997⤵
        
        PID:2568
        
        \??\c:\btbtnn.exe
        
        c:\btbtnn.exe
        998⤵
        
        PID:3120
        
        \??\c:\vjjdv.exe
        
        c:\vjjdv.exe
        999⤵
        
        PID:1964
        
        \??\c:\jdppd.exe
        
        c:\jdppd.exe
        1000⤵
        
        PID:64
        
        \??\c:\llfrffr.exe
        
        c:\llfrffr.exe
        1001⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
        
        \??\c:\ttnttt.exe
        
        c:\ttnttt.exe
        1002⤵
        
        PID:1120
        
        \??\c:\ppppj.exe
        
        c:\ppppj.exe
        1003⤵
        
        PID:2248
        
        \??\c:\9rllfff.exe
        
        c:\9rllfff.exe
        1004⤵
        
        PID:3472
        
        \??\c:\rxxlllx.exe
        
        c:\rxxlllx.exe
        1005⤵
        
        PID:2276
        
        \??\c:\hbbnht.exe
        
        c:\hbbnht.exe
        1006⤵
        
        PID:852
        
        \??\c:\ddjjj.exe
        
        c:\ddjjj.exe
        1007⤵
        
        PID:1644
        
        \??\c:\7jdvp.exe
        
        c:\7jdvp.exe
        1008⤵
        
        PID:880
        
        \??\c:\flrrllf.exe
        
        c:\flrrllf.exe
        1009⤵
        
        PID:1464
        
        \??\c:\tnntnh.exe
        
        c:\tnntnh.exe
        1010⤵
        
        PID:4760
        
        \??\c:\htbnnt.exe
        
        c:\htbnnt.exe
        1011⤵
        
        PID:2296
        
        \??\c:\jvddv.exe
        
        c:\jvddv.exe
        1012⤵
        
        PID:4420
        
        \??\c:\xrfxxxr.exe
        
        c:\xrfxxxr.exe
        1013⤵
        
        PID:1616
        
        \??\c:\tbnnnn.exe
        
        c:\tbnnnn.exe
        1014⤵
        
        PID:4492
        
        \??\c:\tttttb.exe
        
        c:\tttttb.exe
        1015⤵
        
        PID:3004
        
        \??\c:\vjvvp.exe
        
        c:\vjvvp.exe
        1016⤵
        
        PID:1048
        
        \??\c:\xxlxrxx.exe
        
        c:\xxlxrxx.exe
        1017⤵
        
        PID:3984
        
        \??\c:\1nbhhh.exe
        
        c:\1nbhhh.exe
        1018⤵
        
        PID:3708
        
        \??\c:\djddd.exe
        
        c:\djddd.exe
        1019⤵
        
        PID:2180
        
        \??\c:\lxxrrrr.exe
        
        c:\lxxrrrr.exe
        1020⤵
        
        PID:1404
        
        \??\c:\tbbbbt.exe
        
        c:\tbbbbt.exe
        1021⤵
        
        PID:4740
        
        \??\c:\hhttbb.exe
        
        c:\hhttbb.exe
        1022⤵
        
        PID:1020
        
        \??\c:\jjvpv.exe
        
        c:\jjvpv.exe
        1023⤵
        
        PID:3600
        
        \??\c:\5ffxrxx.exe
        
        c:\5ffxrxx.exe
        1024⤵
        
        PID:1932

Network

DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

21.49.80.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.49.80.91.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

21.49.80.91.in-addr.arpa

dns

70 B
145 B
1
1

DNS Request

21.49.80.91.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1tbnbt.exe

Filesize
454KB

MD5
b6133aa9b1534211af3186b9a5a58ca5

SHA1
dd41be4a59a7f0f855cf76204e43f997128fbfa6

SHA256
334a17e9810b79a86b6b5650a6a29ec0582925a204e2edc153dba60a13c06b17

SHA512
c3dedaada1d8205efe184df2c99bee95fd4e4b7c41ccbbe0db8fd241309345ae02ff0a42344180267c931bb51e40ef8cfd82e04a12f91f6b0a23661b45e8bd7f

Download Submit
C:\ffrrlrx.exe

Filesize
455KB

MD5
cdbab990e49ad5d1f9e459456429da9a

SHA1
dd21ed2a5f157f500ef08881634865187903ddeb

SHA256
c805fce39e9d0e9c2ea92c3293769a4ddcc88018f5c3cdade21072d997d4238d

SHA512
6d3f7f94029cc8ca6950a94fdc6a44933a4e530cf68e85e71ccf83c1b16dac5b0bdf55cc0919073b11c7358f93a200306b740c6ed6ffa6e6ad3dc0fcf303c14f

Download Submit
C:\hhbthb.exe

Filesize
455KB

MD5
50a1354c984d74c8ecde1e8ffc75be72

SHA1
d231bb3f123ca020bc65397883115a2f90ced1c2

SHA256
53bc638b97cdd3a650b0f3bc8a000945fd6cab99c83f20b147d6ce716593465c

SHA512
db71839e0d2d25f568d64e76a8f3ae47f5eb76d2e972584adc414f16a4564ff23b07e8ddfe88bbe76c1eeafed3e30eae91df64b914058dad2c0eba82ed14e064

Download Submit
C:\lllfxrr.exe

Filesize
454KB

MD5
3c520d437e0d08b6662c8135edd3e10c

SHA1
b0cbc69637672275727fa817b3fbe93143669036

SHA256
0f4add8a13dba917c128f1e11b88c8cbdc9989a5d69d6d650b9c3b11560f6e76

SHA512
488718d13bd7b5a9f647af493c906281a044f8058cf43bbd4cc30f2f5236515abad89fb6097fae070676ceff75f8b94412c147ef53f9ffeed8f1ab27396c53a4

Download Submit
C:\nhhtnn.exe

Filesize
454KB

MD5
16b4d73b957ac458238973aabfa4b949

SHA1
037f9085ccec66229810ff6336eb23a7c72fc125

SHA256
cfa459a1b68aff003801ee0889c6c5f1bcc534ddac70a856a832e75a8626fb63

SHA512
a64d0005bb6b25d40e063d4c4802c9703ff6a9643f3e07cab938768aa9126d9df6a30872d404bc725897efdb9695d83d98fd17d602a1daf56b212d4c15166ceb

Download Submit
C:\pdvpd.exe

Filesize
455KB

MD5
f1ff258b84e3865c308d03ebfad1849c

SHA1
6b16a44256fcd25d34cf9873ad37af39b8bdcb34

SHA256
e09815d23e28fcde362749e95f9a433f356208c6ca7ac0cd9246bcedbd201d3b

SHA512
5e4b6dd6496282c21a25c1dd39c9c92fcd7ac82fb12e201beb84daacccd1ac13fca5b498f9328b2c01051a0733bf18520b38d88466b04e1f18e58753da03d187

Download Submit
C:\pjjdp.exe

Filesize
455KB

MD5
bfe9a6c9f0d5018a8788921bd5301063

SHA1
4e5117e7444dfcdfb11a9f56bd679dfea2b1d6c9

SHA256
4451d3e8316a932e8889cc8e5fcc5dfd19233d1bf98f66ef4bf2bae8ae8ef02d

SHA512
fd0549d6769ff17feb0d7c58f08aae5b8785e7ab75a8c9e26ad4ce7ef86f8cdaf39abe68002a7c63196f5b20c1b3f1a86162b811cb0f5fb9c507d9cc8a249478

Download Submit
C:\pjjdp.exe

Filesize
455KB

MD5
e92e5e7e78584e5b9c023569d42d12ce

SHA1
fd0b92635b4a5f2dad0787c5182c1bca4cad5274

SHA256
2c3dccff585a891869d7737687eae64078c2a4cf5f6d15c66557c7b4cd351fab

SHA512
23a5fdb57905a7811d1da501696dd56d8a5d9fee8b83b93eb03134ed456a47d977499fce9228a115fcfc587c4448915581903820ed583fb3b3824942e8463ea2

Download Submit
C:\rfxxxxx.exe

Filesize
455KB

MD5
9087afa691d7a01d3e46293b5d8cbbc7

SHA1
9f7a2be7fd9d7519c7c79c337be8207c6e6d5731

SHA256
330ca085226baddfbd99285e281a84b0c67c346d06e3f63cafea5b2313b491c0

SHA512
fbf5210b348c4c887e6524a2b18dd2928af3a345a79e5668505ad374a64d847223cc3723c652fb0d04229f1665f46c74f6fdc8d388792b7564c0a78e72ad43ad

Download Submit
C:\rlrlffx.exe

Filesize
454KB

MD5
52a0da0c80bf0324965392ba7c29df75

SHA1
4f32f9e395d759d17fa7922063dd8a19f700c911

SHA256
6df0347ac0701714a5a63d4cab4adc8ea2d8100768049001696e2eb757f70795

SHA512
c4c933ad015128ea415faad0e7271dd13bedbbc31d39a0759c01da9cd0034f94ca6e4511bf7e48f939f2123298a10f51646863845502cdc447478b54f4c14ac0

Download Submit
C:\rxxrlfx.exe

Filesize
455KB

MD5
96dfa2cacefb60de9818d28031807fad

SHA1
66cc33dbcb9b5666a68a901e0755edd8fbf494ee

SHA256
15adee6325ab0251ebcd2a90890c2d9de05124b888e8db74df4978217054a691

SHA512
61b2d914b693a750ec203961ae7727b1d870fe27c23b859180d11c64904adffd0d75fc960acea928c2079d38df87b6f7894c962032ead70fc7c90e8f0f48f10d

Download Submit
C:\tnnhbt.exe

Filesize
455KB

MD5
d4f1dd5e4c343d1093b328671092ba55

SHA1
a71f63606a6125049f2319cc8b9db5630ca960c2

SHA256
66cb94084fefb0bd402b6844a8c74d94c6195ace52d2f23d2ca14b559ef5157d

SHA512
81a42efcdb38c2d5eff5ccb66fb3729404351064a7950b74212936ec62a629cdb64c01ed45c8c71ad3789595c7b44b956c07722b7b69438adccca3a89739a36b

Download Submit
C:\xffxlrf.exe

Filesize
454KB

MD5
dd0a6706574ebba121df88dd74e938e2

SHA1
1e4aa536818c02d943954cb8bf243a37968c0562

SHA256
c9f892f8d7b2f8f03cd7f3a5cf8872e2c418bd00e18793f165b5f3a52a8c0b90

SHA512
44ceb7c88a74527316a6460fb8abcec1e2062c0a31bfc43f50f50c3cfd0114c40651860470a2e69c79152fe2b61b998b3b3deb2c5ac99ce1863e4ee44588f9c5

Download Submit
C:\xrrlxrl.exe

Filesize
454KB

MD5
24bfe29de3e13dd2803f674d05040dfc

SHA1
71b13afc08c034afe8dfe85f884512052974bb14

SHA256
b69bce73bd1b04e7e7560fd70b49920c6357bf41dac24f9513657a06831b7235

SHA512
07f8ab23ddc2db8dc4a7651066bfd3ce5e48258b8e877e8ed0308a52c2e11c5d386e3971d3f4bba5e161405b8e1a40e4fa0ef8579915552254e8e90436fca845

Download Submit
C:\xrxlrrl.exe

Filesize
455KB

MD5
81c9231978150a6baf1db2db4d064eba

SHA1
1bce276285776a1816346ebe69841e0370d153cf

SHA256
08f8c5a4cf0d181883082de99f57254f3d1859ff9248f2ce9a85bd574ef6b4b6

SHA512
9b6baa27ad1a88c38bbf51b2adf43538c081d536477278cac25d5cb06794f3807918a4d8ddbef34d63797bcbd458ebdbe30a34ac8cb87f548dce7158a9b7aca3

Download Submit
\??\c:\3jdvv.exe

Filesize
454KB

MD5
2d742eed97304e9aca9eaba5863f04f4

SHA1
28748e39f90126b46f5a4db5896a4254ddbd7729

SHA256
d701e5e4c3c4974142f642ad131c7f229fa6da65f50397c087738caf566220f8

SHA512
faf55b071fd07503179e2fa55acb08ba6e0adc539a441c2a08ed07bb438096d866227918e1d826de1c70c51772a5e4ee45b2d995e768be3aa0838eeeb3e44b41

Download Submit
\??\c:\3lrlfff.exe

Filesize
454KB

MD5
32e9e02f5b457cceb7a0f4873ccd4f53

SHA1
2ac5352b6b8855140fb62925aff5f36331bda229

SHA256
8e8ba88eb332c9583147e9483dc95493c70e55d0b5e6d0d39a7f7650fff6f352

SHA512
8e60ad6809a3cdfb41ebfd8928e5135452a7ffc69313dbffd08cf4f6343d306a456cd55914214bbd772c3e2eb7d78c087403fae1f71d3915865d63a9a44c8f4c

Download Submit
\??\c:\3tnhtn.exe

Filesize
455KB

MD5
0dedf726ef1dd676fc356629faa63f71

SHA1
43f6a1513251432d6603b1681999b8442d73a7a4

SHA256
c764f23f3e414b35c81c327516a020df0d7fbe29245e704d6267018be0c33895

SHA512
14a6b3c314876a49d29e62a5cf783afac9c3dab24ad9523c43d059498fe31ca708393a5fd537c75bab44bf0deed7e528707948ca6e6627cf83932b5043885849

Download Submit
\??\c:\9rlxlfx.exe

Filesize
455KB

MD5
623cf940761ea4f8b86275f66d868062

SHA1
c9648605db7fb3530178dd1549948a1c9669877f

SHA256
f203378ab0116d0561309522770a2ea31fa115c38f0a9a26de322dd77bba5f9e

SHA512
c35099b65f713b4c10299bafde4238136c64514264aa3ed5e15696c04c114e8802f3f7fb940f8a7f03506fb24d945066238afcd79d0fcd94a97c27a13f6885b4

Download Submit
\??\c:\dppdv.exe

Filesize
455KB

MD5
adb8d5387e24c523a25163ed1f496706

SHA1
fae59714a0addf1ecad66b475caface36445031d

SHA256
2ec44220fe74ea1b7aa62ef715326e0a9000d8f1f3825e34b5c3106d8f087162

SHA512
abef190462a45383299d3cefcdc52ce93a0f8b01f481cac143ba0ddd5d0f13e9a2c2e4228fdbc61df247d84e2136c898c45a252b7cbdda279565f2a585bac19a

Download Submit
\??\c:\fxfxxrr.exe

Filesize
454KB

MD5
faddcab79ee51c5aa710cf3c6d8f8002

SHA1
cfc9726e5f5a692125ffe108c749476cccf5c166

SHA256
f41c2d7c92c3d9096d27c92e53ec78b8c9553c011225ae2f6ea36e76f4a2f183

SHA512
cbd6f54f1414bf9d583f9c0f506026f01caaefc8dbb58ccd9a7ef8a82044395ff5e77a18b0b752eccd65c807a0fdb0d9028ef0368af514c20de71c0d52062c9a

Download Submit
\??\c:\hbbbtn.exe

Filesize
454KB

MD5
4a0da9b6f496615a2773dad6bdeca7a7

SHA1
a472c3be9b320ee8cba5dd43dd07b93778773280

SHA256
fe78e02e22645a83898ff8f20e906ec3ebfe154972b9dfd0cdb98c26c10d414e

SHA512
ed669389fc5345d0b8221a106114e6ea5936d8e70698a86562baa73ebe1c6b3b7b072addb12936043875af1e03e8232d75a778a0df790443490307712444b054

Download Submit
\??\c:\hnthbt.exe

Filesize
455KB

MD5
0faf68036fb86d15ca0af233254b24a3

SHA1
6e4fb14891436952e3312e00d1dce79d852071a2

SHA256
f76c8da078021094828fae945fd947a5a8b62f4b82fc9dffc1bb874a5645dcc8

SHA512
cf4a35b94a496382f270ccec55359f3bd32f71403031601244592e74303e8d0c6cce9e2fb136617f346fc06cf785baac6c26635c6876fc12404897a507dcef99

Download Submit
\??\c:\httnhh.exe

Filesize
455KB

MD5
7590d393b8ce7867a4792c7c5b227716

SHA1
7ba1820dece7757ecf98cb3cc194ca8533b1286f

SHA256
6a49515985f37d516e5fc2bcdf7bc893aa6390076e2502c404a8482b466c4865

SHA512
989c5c28abf333b22a60e64fe9b93b3caa4bd9b160cf8c39ec4405c9934b76db7c2ec74b8c65806a7adbe4f4454f3295d6ba670dc8ba8c4f93cf7b9129ab8605

Download Submit
\??\c:\jdjdv.exe

Filesize
454KB

MD5
20a00d6dd3a80b53603435f70a222f71

SHA1
19e9fc8117a6a4f1055bdb5820d7cc25714b7b41

SHA256
9d6cecd35003215d344efd222f152c9ac8a03d0b84353a5cb8d63ec010d227dd

SHA512
2683d88713100af61598055a9e90e9a6d86a158847c4efa507e24e9e031ac3768aad6bf3410230e93e338f38e8dbf63949d0a2ce2ef2b37ef8bb49ba48ea1853

Download Submit
\??\c:\lfrlffr.exe

Filesize
454KB

MD5
6b2f37f8ad79aa914f9a9f00702aabcb

SHA1
fa6523e34436bbe1df6f0197c4033d21a53ee2bc

SHA256
370208d1e309d6950b7ca11cee61cd153d26fd89e785c07485c414c15b97d7a0

SHA512
3938c0aabcabebefcdd0297f37cc8914a1c3cb21b303df107066a8483fc21b9599c920b092118bfe44047501877c54a58058b9a61b4924b18a7bfae9a42cf66c

Download Submit
\??\c:\llxfxfl.exe

Filesize
454KB

MD5
996a5f78657ea22022819bd343622243

SHA1
cf0aa3c31730b293b71b5a4baed9721f0be0a9ff

SHA256
a5f6d458d7553166e6d70e92471bf709287b478dbadfb7f5feb0dfb1923e5b1f

SHA512
b17ec8e9276caff6bd5bb1dd6e6357ab8681b9e62b1d362a1b8beb0361962a665c83b992952bafc4e5e9504a0a3c6042805eaa578ef84b466a1c57a366712d13

Download Submit
\??\c:\ntbtnh.exe

Filesize
454KB

MD5
d87a9d1d6fee4c36acf8d31089a4d166

SHA1
fd5f89f604f66579d873c5258d94060d3c9ade5f

SHA256
6f4acadca9d2b2c9934b64fb8733b53241a7a7f3f8a7923efb948338d1481fe2

SHA512
18bad79d589d1cdf26c8f6316c1931f476e5c0305bc8b9648f9710fd67ef1b8220cf7351aea89d7664e8f63106b35065019b6770c1942dd52f9cf085dc221d87

Download Submit
\??\c:\ttbtnb.exe

Filesize
454KB

MD5
a533b0c3f2393e6738d2da5c4d42c289

SHA1
81a7cbd215c282608f961ec8fc97f6bd0e53b895

SHA256
27ebee777f55ea169c3708114e3077412bd3da5a9a8048a5264416fd248ae1bd

SHA512
6bf1ab299ef5f2537251613f7fa2b9b943bcb6ca1f86218a8304b72e5b023c962c11e254a069b57ec4f988f0aad1f827e6a4b232b2f011dd2c40b77dd7442afd

Download Submit
\??\c:\vdpjd.exe

Filesize
454KB

MD5
21d9555c4d693464122d8e56ebd33871

SHA1
bb243da4d94c70afce1da4faf0741cb743c26897

SHA256
27a30ac3d22a5772ee55e5ebddb2f991a87520e50ce061ae8c2ac561584470cd

SHA512
9b0a6bee878627a4ed2520602311facc61adbb93773dff1e35bda6068962823030d2ec6abaf11015cb48f123b0f349bb76306242bdaa906af0d82f71df9ae340

Download Submit
\??\c:\vjpjv.exe

Filesize
455KB

MD5
3046c9bd03e5db60a05e6e892b9cd9e6

SHA1
d872807790a07cf48c0b35db1030ab3cbd4de11a

SHA256
bf9b98a3b5beeece98780cc04ea193521cc88b32747ad69e56f96aaaa9257542

SHA512
56f74e1fc665af7fa98bde087ab54b9926aa6469703f5a5835943fd96831754e4fd6cd3a477200b84aa128dd0446dc9cf6454c822ab8619e8c710d23c27eb78a

Download Submit
\??\c:\vpvdp.exe

Filesize
454KB

MD5
6c2dd054c23c70355504286f1f8e3904

SHA1
0db8793a9bc8896b1479e0e7486af9fc5e323977

SHA256
422e037e7ef36632abfa1ef57d6bb9c8a7f37c929bbecddf828669018afebb79

SHA512
474760531890cdb338f37182769dabfe8a887a6387c91765072820e177348f0d5e7620a4df4b215661992676d792b1919d18288656b28f8209dd5ec6c6761b0f

Download Submit
memory/220-232-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/384-464-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/704-175-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/856-304-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/880-357-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/884-492-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1012-1351-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1048-257-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1048-1848-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1120-678-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1136-126-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1176-737-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1176-74-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1176-523-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1196-46-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-19-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1228-393-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1388-457-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1484-280-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1524-371-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1568-553-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1608-353-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1640-86-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-375-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1788-281-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1852-75-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1928-324-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1928-320-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1952-24-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1952-33-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2020-103-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2096-527-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2196-185-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-93-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-736-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2608-397-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2628-379-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2652-383-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2672-149-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-1858-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2844-68-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3200-441-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3240-194-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3244-361-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3348-127-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-334-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3436-537-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3452-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3496-204-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3496-855-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3576-30-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3576-1517-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-297-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3744-428-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3752-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3808-81-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4004-249-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4008-38-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4016-240-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4184-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4184-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4312-638-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4392-253-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4476-210-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4520-52-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4532-158-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4728-145-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4756-264-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5036-58-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5048-110-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5052-104-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.