4149d0428bc035f874909e31561537dd3041ec8114e888172a126a1239c65f7f

Analysis

max time kernel
41s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe
Size

563KB
MD5

ba2d1086b902c7dd020b6ef246ee36f0
SHA1

efd53015ca9671fb821d3bfd809061d3cba06867
SHA256

4149d0428bc035f874909e31561537dd3041ec8114e888172a126a1239c65f7f
SHA512

8b1b1f6599d36256fc17622992deb29fdffbeea93c5ff84e7c34d31b57605660bf42a57c1a3554007c3195e455387382c837e78eb8a53fa0dd02bd9505bbdb7f
SSDEEP

3072:dCaoAs101Pol0xPTM7mRCAdJSSxPUkl3VyFNdQMQTCk/dN92sdNhavtrVdewnAxk:dqDAwl0xPTMiR9JSSxPUKYGdodH7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Sysqemqokfd.exe
2456	Sysqemfkrva.exe
2660	Sysqemdhmlz.exe
2452	Sysqemdwbqq.exe
2312	Sysqemxyeqq.exe
572	Sysqemmyyir.exe
2176	Sysqemsvhjw.exe
2012	Sysqemnqmyw.exe
1772	Sysqemoeyll.exe
3020	Sysqemjcooo.exe
2576	Sysqemuergo.exe
1828	Sysqemmhfrp.exe
1580	Sysqemdoeou.exe
604	Sysqemamlpn.exe
2272	Sysqemaxnrj.exe
2296	Sysqemwyfef.exe
2052	Sysqemwjphb.exe
2080	Sysqemvbqzv.exe
2616	Sysqemsrykq.exe
2408	Sysqempdtfg.exe
2988	Sysqemzgsav.exe
2572	Sysqembuucq.exe
1476	Sysqemdenkd.exe
2760	Sysqemifdft.exe
776	Sysqemhuqvk.exe
1928	Sysqemmdyya.exe
860	Sysqemyynyg.exe
1168	Sysqemguxdx.exe
1276	Sysqemczuwy.exe
2008	Sysqemwjllq.exe
1632	Sysqemtzbed.exe
832	Sysqemyenlw.exe
1508	Sysqemzsyyl.exe
1136	Sysqemzkzrn.exe
720	Sysqemdpujb.exe
1760	Sysqemdicbv.exe
840	Sysqemkfozg.exe
2504	Sysqemmofxy.exe
2404	Sysqembwxzz.exe
1660	Sysqemggfup.exe
1252	Sysqemkdzuc.exe
1920	Sysqempqtuw.exe
2776	Sysqembdjnv.exe
1680	Sysqemgicuo.exe
2432	Sysqempdbiy.exe
2348	Sysqemxeaie.exe
1064	Sysqemyzrlt.exe
2308	Sysqemdihfk.exe
1160	Sysqemndxar.exe
2592	Sysqemsqqik.exe
2644	Sysqemyjolt.exe
2576	Sysqemnvtqw.exe
2892	Sysqemmgvts.exe
1976	Sysqempmjei.exe
3016	Sysqemgihze.exe
2112	Sysqemlvagx.exe
2212	Sysqemvmfwb.exe
2844	Sysqemxltmz.exe
2464	Sysqemjuxzk.exe
2336	Sysqemmmowc.exe
2188	Sysqemnddwu.exe
2608	Sysqemvwcxa.exe
2456	Sysqemzficy.exe
2244	Sysqemesbkk.exe

Loads dropped DLL 64 IoCs

pid	Process
2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe
2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe
2684	Sysqemqokfd.exe
2684	Sysqemqokfd.exe
2456	Sysqemfkrva.exe
2456	Sysqemfkrva.exe
2660	Sysqemdhmlz.exe
2660	Sysqemdhmlz.exe
2452	Sysqemdwbqq.exe
2452	Sysqemdwbqq.exe
2312	Sysqemxyeqq.exe
2312	Sysqemxyeqq.exe
572	Sysqemmyyir.exe
572	Sysqemmyyir.exe
2176	Sysqemsvhjw.exe
2176	Sysqemsvhjw.exe
2012	Sysqemnqmyw.exe
2012	Sysqemnqmyw.exe
1772	Sysqemoeyll.exe
1772	Sysqemoeyll.exe
3020	Sysqemjcooo.exe
3020	Sysqemjcooo.exe
2576	Sysqemuergo.exe
2576	Sysqemuergo.exe
1828	Sysqemmhfrp.exe
1828	Sysqemmhfrp.exe
1580	Sysqemdoeou.exe
1580	Sysqemdoeou.exe
604	Sysqemamlpn.exe
604	Sysqemamlpn.exe
2272	Sysqemaxnrj.exe
2272	Sysqemaxnrj.exe
2296	Sysqemwyfef.exe
2296	Sysqemwyfef.exe
2052	Sysqemwjphb.exe
2052	Sysqemwjphb.exe
2080	Sysqemvbqzv.exe
2080	Sysqemvbqzv.exe
2616	Sysqemsrykq.exe
2616	Sysqemsrykq.exe
2408	Sysqempdtfg.exe
2408	Sysqempdtfg.exe
2988	Sysqemzgsav.exe
2988	Sysqemzgsav.exe
2572	Sysqembuucq.exe
2572	Sysqembuucq.exe
1476	Sysqemdenkd.exe
1476	Sysqemdenkd.exe
2760	Sysqemifdft.exe
2760	Sysqemifdft.exe
776	Sysqemhuqvk.exe
776	Sysqemhuqvk.exe
1928	Sysqemmdyya.exe
1928	Sysqemmdyya.exe
860	Sysqemyynyg.exe
860	Sysqemyynyg.exe
1168	Sysqemguxdx.exe
1168	Sysqemguxdx.exe
1276	Sysqemczuwy.exe
1276	Sysqemczuwy.exe
2008	Sysqemwjllq.exe
2008	Sysqemwjllq.exe
1632	Sysqemtzbed.exe
1632	Sysqemtzbed.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2684	2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 2684	2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 2684	2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 2684	2820	ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe	28
PID 2684 wrote to memory of 2456	2684	Sysqemqokfd.exe	29
PID 2684 wrote to memory of 2456	2684	Sysqemqokfd.exe	29
PID 2684 wrote to memory of 2456	2684	Sysqemqokfd.exe	29
PID 2684 wrote to memory of 2456	2684	Sysqemqokfd.exe	29
PID 2456 wrote to memory of 2660	2456	Sysqemfkrva.exe	30
PID 2456 wrote to memory of 2660	2456	Sysqemfkrva.exe	30
PID 2456 wrote to memory of 2660	2456	Sysqemfkrva.exe	30
PID 2456 wrote to memory of 2660	2456	Sysqemfkrva.exe	30
PID 2660 wrote to memory of 2452	2660	Sysqemdhmlz.exe	31
PID 2660 wrote to memory of 2452	2660	Sysqemdhmlz.exe	31
PID 2660 wrote to memory of 2452	2660	Sysqemdhmlz.exe	31
PID 2660 wrote to memory of 2452	2660	Sysqemdhmlz.exe	31
PID 2452 wrote to memory of 2312	2452	Sysqemdwbqq.exe	32
PID 2452 wrote to memory of 2312	2452	Sysqemdwbqq.exe	32
PID 2452 wrote to memory of 2312	2452	Sysqemdwbqq.exe	32
PID 2452 wrote to memory of 2312	2452	Sysqemdwbqq.exe	32
PID 2312 wrote to memory of 572	2312	Sysqemxyeqq.exe	33
PID 2312 wrote to memory of 572	2312	Sysqemxyeqq.exe	33
PID 2312 wrote to memory of 572	2312	Sysqemxyeqq.exe	33
PID 2312 wrote to memory of 572	2312	Sysqemxyeqq.exe	33
PID 572 wrote to memory of 2176	572	Sysqemmyyir.exe	34
PID 572 wrote to memory of 2176	572	Sysqemmyyir.exe	34
PID 572 wrote to memory of 2176	572	Sysqemmyyir.exe	34
PID 572 wrote to memory of 2176	572	Sysqemmyyir.exe	34
PID 2176 wrote to memory of 2012	2176	Sysqemsvhjw.exe	35
PID 2176 wrote to memory of 2012	2176	Sysqemsvhjw.exe	35
PID 2176 wrote to memory of 2012	2176	Sysqemsvhjw.exe	35
PID 2176 wrote to memory of 2012	2176	Sysqemsvhjw.exe	35
PID 2012 wrote to memory of 1772	2012	Sysqemnqmyw.exe	36
PID 2012 wrote to memory of 1772	2012	Sysqemnqmyw.exe	36
PID 2012 wrote to memory of 1772	2012	Sysqemnqmyw.exe	36
PID 2012 wrote to memory of 1772	2012	Sysqemnqmyw.exe	36
PID 1772 wrote to memory of 3020	1772	Sysqemoeyll.exe	37
PID 1772 wrote to memory of 3020	1772	Sysqemoeyll.exe	37
PID 1772 wrote to memory of 3020	1772	Sysqemoeyll.exe	37
PID 1772 wrote to memory of 3020	1772	Sysqemoeyll.exe	37
PID 3020 wrote to memory of 2576	3020	Sysqemjcooo.exe	38
PID 3020 wrote to memory of 2576	3020	Sysqemjcooo.exe	38
PID 3020 wrote to memory of 2576	3020	Sysqemjcooo.exe	38
PID 3020 wrote to memory of 2576	3020	Sysqemjcooo.exe	38
PID 2576 wrote to memory of 1828	2576	Sysqemuergo.exe	39
PID 2576 wrote to memory of 1828	2576	Sysqemuergo.exe	39
PID 2576 wrote to memory of 1828	2576	Sysqemuergo.exe	39
PID 2576 wrote to memory of 1828	2576	Sysqemuergo.exe	39
PID 1828 wrote to memory of 1580	1828	Sysqemmhfrp.exe	40
PID 1828 wrote to memory of 1580	1828	Sysqemmhfrp.exe	40
PID 1828 wrote to memory of 1580	1828	Sysqemmhfrp.exe	40
PID 1828 wrote to memory of 1580	1828	Sysqemmhfrp.exe	40
PID 1580 wrote to memory of 604	1580	Sysqemdoeou.exe	41
PID 1580 wrote to memory of 604	1580	Sysqemdoeou.exe	41
PID 1580 wrote to memory of 604	1580	Sysqemdoeou.exe	41
PID 1580 wrote to memory of 604	1580	Sysqemdoeou.exe	41
PID 604 wrote to memory of 2272	604	Sysqemamlpn.exe	42
PID 604 wrote to memory of 2272	604	Sysqemamlpn.exe	42
PID 604 wrote to memory of 2272	604	Sysqemamlpn.exe	42
PID 604 wrote to memory of 2272	604	Sysqemamlpn.exe	42
PID 2272 wrote to memory of 2296	2272	Sysqemaxnrj.exe	43
PID 2272 wrote to memory of 2296	2272	Sysqemaxnrj.exe	43
PID 2272 wrote to memory of 2296	2272	Sysqemaxnrj.exe	43
PID 2272 wrote to memory of 2296	2272	Sysqemaxnrj.exe	43

C:\Users\Admin\AppData\Local\Temp\ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ba2d1086b902c7dd020b6ef246ee36f0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\Sysqemqokfd.exe
  "C:\Users\Admin\AppData\Local\Temp\Sysqemqokfd.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Sysqemfkrva.exe
    "C:\Users\Admin\AppData\Local\Temp\Sysqemfkrva.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Sysqemdhmlz.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysqemdhmlz.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Sysqemdwbqq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdwbqq.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Sysqemxyeqq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxyeqq.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmyyir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmyyir.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsvhjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsvhjw.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnqmyw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnqmyw.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoeyll.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoeyll.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjcooo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjcooo.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuergo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuergo.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhfrp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhfrp.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdoeou.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdoeou.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemamlpn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemamlpn.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaxnrj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaxnrj.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwyfef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwyfef.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwjphb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwjphb.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvbqzv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvbqzv.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsrykq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsrykq.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdtfg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdtfg.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzgsav.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzgsav.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembuucq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembuucq.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifdft.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifdft.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhuqvk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhuqvk.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmdyya.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmdyya.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyynyg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyynyg.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemguxdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemguxdx.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemczuwy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemczuwy.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwjllq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwjllq.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtzbed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtzbed.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyenlw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyenlw.exe"
        33⤵
        Executes dropped EXE
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzsyyl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzsyyl.exe"
        34⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzkzrn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzkzrn.exe"
        35⤵
        Executes dropped EXE
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdpujb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdpujb.exe"
        36⤵
        Executes dropped EXE
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdicbv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdicbv.exe"
        37⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkfozg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkfozg.exe"
        38⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmofxy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmofxy.exe"
        39⤵
        Executes dropped EXE
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembwxzz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembwxzz.exe"
        40⤵
        Executes dropped EXE
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemggfup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemggfup.exe"
        41⤵
        Executes dropped EXE
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkdzuc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkdzuc.exe"
        42⤵
        Executes dropped EXE
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempqtuw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempqtuw.exe"
        43⤵
        Executes dropped EXE
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembdjnv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembdjnv.exe"
        44⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgicuo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgicuo.exe"
        45⤵
        Executes dropped EXE
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdbiy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdbiy.exe"
        46⤵
        Executes dropped EXE
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxeaie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxeaie.exe"
        47⤵
        Executes dropped EXE
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyzrlt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyzrlt.exe"
        48⤵
        Executes dropped EXE
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdihfk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdihfk.exe"
        49⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemndxar.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemndxar.exe"
        50⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsqqik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsqqik.exe"
        51⤵
        Executes dropped EXE
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyjolt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyjolt.exe"
        52⤵
        Executes dropped EXE
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnvtqw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnvtqw.exe"
        53⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmgvts.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmgvts.exe"
        54⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempmjei.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempmjei.exe"
        55⤵
        Executes dropped EXE
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgihze.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgihze.exe"
        56⤵
        Executes dropped EXE
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlvagx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlvagx.exe"
        57⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvmfwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvmfwb.exe"
        58⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxltmz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxltmz.exe"
        59⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjuxzk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjuxzk.exe"
        60⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmmowc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmmowc.exe"
        61⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnddwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnddwu.exe"
        62⤵
        Executes dropped EXE
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvwcxa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvwcxa.exe"
        63⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzficy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzficy.exe"
        64⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemesbkk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemesbkk.exe"
        65⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsajcf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsajcf.exe"
        66⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvvmfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvvmfa.exe"
        67⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwjyap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwjyap.exe"
        68⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwmksd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwmksd.exe"
        69⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtgdqb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtgdqb.exe"
        70⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvqvft.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvqvft.exe"
        71⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemowisw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemowisw.exe"
        72⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzdmqg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzdmqg.exe"
        73⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmpdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmpdx.exe"
        74⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemprkde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemprkde.exe"
        75⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhqlld.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhqlld.exe"
        76⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgfiqu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgfiqu.exe"
        77⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemahlrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemahlrt.exe"
        78⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrcgm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrcgm.exe"
        79⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeudoy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeudoy.exe"
        80⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhmueq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhmueq.exe"
        81⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqwimx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqwimx.exe"
        82⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxdeer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxdeer.exe"
        83⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzguhy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzguhy.exe"
        84⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjcvro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjcvro.exe"
        85⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgwoxe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgwoxe.exe"
        86⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnonps.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnonps.exe"
        87⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcttmq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcttmq.exe"
        88⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeshco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeshco.exe"
        89⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemldifq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemldifq.exe"
        90⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnrlil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnrlil.exe"
        91⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcvrfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcvrfr.exe"
        92⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdufvp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdufvp.exe"
        93⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxpklu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxpklu.exe"
        94⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembiatt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembiatt.exe"
        95⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlpcgx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlpcgx.exe"
        96⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqykbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqykbn.exe"
        97⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempnfqe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempnfqe.exe"
        98⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmzzyx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmzzyx.exe"
        99⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqhrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqhrs.exe"
        100⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnuazd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnuazd.exe"
        101⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkotwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkotwb.exe"
        102⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrpswq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrpswq.exe"
        103⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembkjzx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembkjzx.exe"
        104⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemirerr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemirerr.exe"
        105⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnxyre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnxyre.exe"
        106⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemphqhx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemphqhx.exe"
        107⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemesvma.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemesvma.exe"
        108⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgoypv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgoypv.exe"
        109⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsifpb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsifpb.exe"
        110⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxnzxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxnzxu.exe"
        111⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcpqke.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcpqke.exe"
        112⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktsxw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktsxw.exe"
        113⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyijic.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyijic.exe"
        114⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgqwio.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgqwio.exe"
        115⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqmxse.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqmxse.exe"
        116⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemytlsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemytlsq.exe"
        117⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfbgkl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfbgkl.exe"
        118⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnfqyu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnfqyu.exe"
        119⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemppinm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemppinm.exe"
        120⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwxvfg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwxvfg.exe"
        121⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemebfsy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemebfsy.exe"
        122⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemefqgh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemefqgh.exe"
        123⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlkalz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlkalz.exe"
        124⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsvyyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsvyyo.exe"
        125⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemacuqi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemacuqi.exe"
        126⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkynap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkynap.exe"
        127⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemposvm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemposvm.exe"
        128⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzghbq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzghbq.exe"
        129⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhodtl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhodtl.exe"
        130⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlezoh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlezoh.exe"
        131⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmvgt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmvgt.exe"
        132⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdwklg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdwklg.exe"
        133⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkpjqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkpjqv.exe"
        134⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsxxjp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsxxjp.exe"
        135⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcpmou.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcpmou.exe"
        136⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemegaer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemegaer.exe"
        137⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmkkjj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmkkjj.exe"
        138⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtsyjv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtsyjv.exe"
        139⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyboel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyboel.exe"
        140⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgjbwg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgjbwg.exe"
        141⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnnmjp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnnmjp.exe"
        142⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvvhbj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvvhbj.exe"
        143⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzlewf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzlewf.exe"
        144⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhhojp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhhojp.exe"
        145⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempinkd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempinkd.exe"
        146⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcvju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcvju.exe"
        147⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembcckj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembcckj.exe"
        148⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjkpcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjkpcd.exe"
        149⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqoapm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqoapm.exe"
        150⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylkce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylkce.exe"
        151⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmscv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmscv.exe"
        152⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkfrcj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkfrcj.exe"
        153⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrqphg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrqphg.exe"
        154⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmqso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmqso.exe"
        155⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvyve.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvyve.exe"
        156⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembtppz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembtppz.exe"
        157⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfvxpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfvxpy.exe"
        158⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdtcfm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdtcfm.exe"
        159⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhnkfk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhnkfk.exe"
        160⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsfzkp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsfzkp.exe"
        161⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzqyqm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzqyqm.exe"
        162⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgytiy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgytiy.exe"
        163⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemocevq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemocevq.exe"
        164⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemybisa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemybisa.exe"
        165⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemixjdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemixjdi.exe"
        166⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqbtqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqbtqz.exe"
        167⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxigiu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxigiu.exe"
        168⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfunvj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfunvj.exe"
        169⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmumvx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmumvx.exe"
        170⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrhfvq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrhfvq.exe"
        171⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzptvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzptvd.exe"
        172⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdxyiz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdxyiz.exe"
        173⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqshge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqshge.exe"
        174⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvimta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvimta.exe"
        175⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdblth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdblth.exe"
        176⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhrpod.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhrpod.exe"
        177⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempzdgx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempzdgx.exe"
        178⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdnth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdnth.exe"
        179⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjmrgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjmrgr.exe"
        180⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqcege.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqcege.exe"
        181⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktvta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktvta.exe"
        182⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemecxbg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemecxbg.exe"
        183⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmofmp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmofmp.exe"
        184⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemomlbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemomlbn.exe"
        185⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvgtun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvgtun.exe"
        186⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkdruo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkdruo.exe"
        187⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrhzkf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrhzkf.exe"
        188⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtucua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtucua.exe"
        189⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdiexc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdiexc.exe"
        190⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkyzpw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkyzpw.exe"
        191⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhghir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhghir.exe"
        192⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemutqxx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemutqxx.exe"
        193⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemycecn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemycecn.exe"
        194⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaxhfi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaxhfi.exe"
        195⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuoysf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuoysf.exe"
        196⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemouona.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemouona.exe"
        197⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvukyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvukyo.exe"
        198⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemahwfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemahwfh.exe"
        199⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnnooh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnnooh.exe"
        200⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkkvoi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkkvoi.exe"
        201⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe"
        202⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgaaqd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgaaqd.exe"
        203⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkusoh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkusoh.exe"
        204⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcntgb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcntgb.exe"
        205⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqbes.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqbes.exe"
        206⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaupgu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaupgu.exe"
        207⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwnims.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwnims.exe"
        208⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeohmy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeohmy.exe"
        209⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhajw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhajw.exe"
        210⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemldbce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemldbce.exe"
        211⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnmqcw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnmqcw.exe"
        212⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemptenl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemptenl.exe"
        213⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylsns.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylsns.exe"
        214⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxdqpt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxdqpt.exe"
        215⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcfide.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcfide.exe"
        216⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeskfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeskfz.exe"
        217⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyrbsw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyrbsw.exe"
        218⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdskne.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdskne.exe"
        219⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhxegz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhxegz.exe"
        220⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemecagy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemecagy.exe"
        221⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvjgvj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvjgvj.exe"
        222⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgfzoz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgfzoz.exe"
        223⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmrgdq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmrgdq.exe"
        224⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemunrqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemunrqz.exe"
        225⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrkqqa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrkqqa.exe"
        226⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzpaek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzpaek.exe"
        227⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemljpex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemljpex.exe"
        228⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqoimi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqoimi.exe"
        229⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfdrex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfdrex.exe"
        230⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmeqed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmeqed.exe"
        231⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjbmoe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjbmoe.exe"
        232⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqjihq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqjihq.exe"
        233⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaivwd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaivwd.exe"
        234⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemamhpr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemamhpr.exe"
        235⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtojpr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtojpr.exe"
        236⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembwxhl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembwxhl.exe"
        237⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemipfam.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemipfam.exe"
        238⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemftass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemftass.exe"
        239⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmuwcg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmuwcg.exe"
        240⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrrtsm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrrtsm.exe"
        241⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjgtir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjgtir.exe"
        242⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe"
        243⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhzqkz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhzqkz.exe"
        244⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgvcie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgvcie.exe"
        245⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfbyd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfbyd.exe"
        246⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvzjfb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvzjfb.exe"
        247⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxcjno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxcjno.exe"
        248⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhjnlg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhjnlg.exe"
        249⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofyik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofyik.exe"
        250⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgjvtl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgjvtl.exe"
        251⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfqtjf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfqtjf.exe"
        252⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiewla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiewla.exe"
        253⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhpgwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhpgwo.exe"
        254⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembyzet.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembyzet.exe"
        255⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlmbhd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlmbhd.exe"
        256⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnlpwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnlpwb.exe"
        257⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfgbl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfgbl.exe"
        258⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemznucx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemznucx.exe"
        259⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyydet.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyydet.exe"
        260⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaqvum.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaqvum.exe"
        261⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmdjcg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmdjcg.exe"
        262⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmzvad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmzvad.exe"
        263⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemipdsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemipdsq.exe"
        264⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnfzfm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnfzfm.exe"
        265⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemalsnt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemalsnt.exe"
        266⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemexlvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemexlvf.exe"
        267⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemopylr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemopylr.exe"
        268⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcssk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcssk.exe"
        269⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvmqu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvmqu.exe"
        270⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsuqne.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsuqne.exe"
        271⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmpeny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmpeny.exe"
        272⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemruxvr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemruxvr.exe"
        273⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaiaqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaiaqv.exe"
        274⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrtltc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrtltc.exe"
        275⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofhyn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofhyn.exe"
        276⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqwvok.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqwvok.exe"
        277⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnqpli.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnqpli.exe"
        278⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxiern.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxiern.exe"
        279⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwlmoe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwlmoe.exe"
        280⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemghfzu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemghfzu.exe"
        281⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdbyek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdbyek.exe"
        282⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwahf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwahf.exe"
        283⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsbtpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsbtpm.exe"
        284⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvbpl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvbpl.exe"
        285⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemimfco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemimfco.exe"
        286⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlttmd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlttmd.exe"
        287⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempbyst.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempbyst.exe"
        288⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxjmsg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxjmsg.exe"
        289⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlqxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlqxk.exe"
        290⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqampe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqampe.exe"
        291⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemniuir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemniuir.exe"
        292⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsscdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsscdi.exe"
        293⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemolvig.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemolvig.exe"
        294⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcavc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcavc.exe"
        295⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuhdqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuhdqr.exe"
        296⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwbvi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwbvi.exe"
        297⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeldys.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeldys.exe"
        298⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmnln.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmnln.exe"
        299⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsxxok.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsxxok.exe"
        300⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzivtz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzivtz.exe"
        301⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjhijl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjhijl.exe"
        302⤵
        
        PID:2620

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

Filesize
563KB

MD5
b5c2b133dd68e5b46bd48a56ac9422c0

SHA1
e0866a57f5fad4ec450db38af0ac700dad31d6cd

SHA256
7cf751782438a307d271f78e9003edd2e0cc8f7172e2d5391fbe3046aad6d169

SHA512
212b6ed5fa0947b88916c75f72f30d810a4102e06d4288c87c90b59fd556531e4c77e9ae2e4c7d91a56a40ac8ff4a334721c7ee7678d59d519bee64071cdf6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqemqokfd.exe

Filesize
563KB

MD5
08b5f5e37529da2ede48c4c96e39a0eb

SHA1
e56058ec39567f82290f32d65e5254f893da928b

SHA256
82faea2048c33d787f6a6f0e0a543b3184b5ee644ee7662f2c30030eba7c4fef

SHA512
0fcc2481049b812c9d83be168af220ca285ae83af335a58de4d7b4f06f98c1d92f87f81b9f86fd7a8ffb2deda9cf7489ff0948621300c6cacad1c98122107cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
402291ad5d1e9a8107fdd1ee9cc2d5b2

SHA1
de3166ee8a539e818a90b3603f84db114e1b25e4

SHA256
ed15afc74245be8f70b0a1de8ef0ac499432b138ee13c8a42f99a85db848803d

SHA512
1855614da29f5504578edadfd6ffde2c735d0fedbbe91e795f874a489a9e07a0702b5166a65c27bc64ae9dadf37049c5910eaa87f1bc1b5e9fdf2c05e20ffe0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
a0e0a4f166ce308a0dbfb88ebdbf552e

SHA1
a23a19fdcc0fb8e18febfb34c38c6d4451a6ed05

SHA256
c4d91668963dd9b3f696414367e5aeff9e1675d4c18c3834eeb9728bf8c0f2de

SHA512
fbb70de420707f58857fae7a3bf3b39a14936f5b162a50f203af9785ebd59d9d1d7e3b997faae2b8e9acd917af4b88ef7d95c1c1a29e0dfe7064f11cc23a466e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
6e772531e1c1e3fd8f73c1c925e7075b

SHA1
194cd4af042a526488d15a927e8d0d4b56147fc7

SHA256
7c0d4a1d0f4b4eb56858bd45486d6485cb901da441b03b8dbbcf9c15b8d8cd75

SHA512
67b8518b6dd2233cf97e2168b2544c7eab5dea4cadab869fdde88501261d53df360ce9d0270a235bd47261b8703f00b58182eefee613f515ac95b77919cf1825

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
1f9c9d3062a6f623ba7da8651e1f1506

SHA1
a49143111bf6732515611d1fc4b554213707621b

SHA256
d931154d622c3c934aa9c3a64f93c5c184dcc4c6cc2805986e08db6c2cfec3a3

SHA512
22bb87c4034bdadb858387eca742e6bd99d93da037c4afca9ae50509daafb9eced47d7045e40b52e72f76b5f40049992aa7bbf34330bc4f2450bd25503e8515a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
ffe47e534add92239e80e666532b3c44

SHA1
974a6d0454b652b7311996c23f65c38299a23319

SHA256
cfa9459fad7fab11a7ea25549ab68302f2d9a0e052d69bf35797d6afdadfdd5d

SHA512
43981a9317ddb6926443ee0d21304ba3ed2cdaf69668cf8b05657567295d3334c4d3dca9d243937aa0e531885250abad24bdbf2385c03cf4986d2b388ff0ddfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
49af3c28228b974b873cf129ed8ca442

SHA1
062c712ca769cb7a7e5fd5d5536c49d7b5a0284c

SHA256
29f25d0299c30ee8b768d3770f08ac132394b88c9e7b5970e4c25de5fd98aae9

SHA512
511dcf75e14eae7d3b86616a00aa985fdf8f677b0561f8466f5382160564fcb528336e66054fdfeb4c997b9146b3efa06dde6c2101a67e930df9e543bcbc7bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
c98e7d7524387358a5f4ffc881bda97a

SHA1
1b2b3300e052dcd65d02772aa98a5fd348c1fcba

SHA256
4813ef9967778c273a87b5d64e446f60a9819433cf97ffe4cea0aa7ac5260822

SHA512
b19a5bd07b3a67b1a33734aff888125c3b91aa7276dbce956677dbaa481e74c4b8108f38a852d8cfd80733d5c4cd70d4ecd626481c3db3f4948cdc1c8ff46a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
1b20f1db705c06839e04a98ec92de4be

SHA1
c48a9f354bbe4ec23ffc6d9212e3597ed7f9c8b4

SHA256
bb9442ec9dda8f001977f94a6a385eb383984194079c3fb3d91e0c1a85a96415

SHA512
5a22bda1831fb7cc1fce00f57bcf7ceff7dd77ad6b3106d96556f5d954ea6297d1219fd1ac28550e058445a3807f00173bab2036bd9af5801757eae45abf4f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
7d67cee8c14d0dc2148341d8d6f72af0

SHA1
5f2c5b941ccc260a67dfed774202cd51d7461e66

SHA256
dd9e5dc8afbb3696d316c4fd7268f4b9207accda4d0b6f9e3eda5df7c80f4162

SHA512
89da6b2bc0cc42f71af3901da20529b14268a176ae57e2b08d81275ffe344296a497de33d45e3a30e78dcc3a86232cc3195773631905b086f535ff6d68fa3bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2d427cf6b644918edb720dfe3f1e4517

SHA1
3fb8f95ba6ee79330e83c0b6dcb8b31dc026080d

SHA256
a4a7d3cc0d7b04bc3644fca10c37571f0f24a5703ab8393186291c6fe6d428ef

SHA512
30be7eaf49ef580e074598591a4498aa12d12cf594554161d93069ea0c8d97310a97f4a5b4a9698d45309c0486395284d14570e1d4231f84931ea0a82ade9582

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
33eb991486dbaf5d0c157cb427a7cd94

SHA1
eb3f33cd22669c55119af85a6d30854897610f57

SHA256
9ef6041f149c429b36a27a1884ab9d14e3b1345fcb1521351ff1fbcad2ed34df

SHA512
20f1ab84c1aa70c34f31d5c623557d8c65c12b47e19a450c621cd65725bc5b3e7e53eb0b0e8cfc6b5d05151bd6f10b96f4d39675959d3de092617314ac46a8dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
c8766e585329ec372a5701137a1d5408

SHA1
42d429d4bd75484176670b9ef297213a2d0fbd1a

SHA256
66deabd90e09cbf9f33414130b48380e1cc10613b756eb00a375c9ed2a3c2590

SHA512
8841c065992be6f38b6a4660cfe5cce52c02fc4d3150c511b7c43fc19b916b55536e9d8eecf2d476c6ff6098d2f0b85f9b9a777c4f905600182252c62e25ac23

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemdhmlz.exe

Filesize
563KB

MD5
090f7d30d7b4ae88d7f0b2a8ccfc71c4

SHA1
ca4a160f4ab95bb3122854307d0451b6e36f2c31

SHA256
747f4eb75f3d209429521e74678c5e5a9e0bd6a3809c5d6f67150db9e817d10e

SHA512
342d7c16618ca1e8a129e16d29b6f912bbe9225562b16f9c7ad70c2f0d830472708608b3c40c996efcdd973e69dc05e9bf904bd7653e8524399dd78555f59538

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemdwbqq.exe

Filesize
563KB

MD5
23c317f3c9e442584dcea1da05142b16

SHA1
433da28791b76123050425e652d8c01999604221

SHA256
d431b47a577ddd34f57d2c77a2b3a92e627f31a8afbc289723c28ecb80e8ea05

SHA512
ff2fc937fc225da44e91671b68e0bc7e3d9aee3fa842b450ce02d589a74cc419f073b7fce6e43679b8a0f07921059999c6dc959c79195deffb4409d39933d88c

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemfkrva.exe

Filesize
563KB

MD5
db7c9f45cb0a5261c5da3545fb95f5c3

SHA1
3e9d7356d212a6a42036eab0b3e90ebf56a7a2da

SHA256
344239d92e25912d05cf80cf81de7a57ae00c98d1a47b3fee8bd41332214f8df

SHA512
c452f55b62880729a3578ba9c1367e16c553c897c0bf0df741d74653764c047d415a05b06fbbda21602ab059b34743b54bf37503764ecb154ea68bda0fda8748

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemjcooo.exe

Filesize
564KB

MD5
59028c6b1555bf16079e174027820404

SHA1
b483352a984fac66e07fd7b9deb1f44134257249

SHA256
157c28a5ce527fda56c4935d9c12863df341d5c3ab77cf501cf85e808748b9a8

SHA512
8c8d71bf0cb3003d2fc11204d4babcafc890820b2854d906eab82afe1013b2f4388db08da707abc66315d025d22de490c5712b1687524694229b7a4c64438cbe

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemmhfrp.exe

Filesize
564KB

MD5
ee56c346d92f3287db526060f99de13f

SHA1
bd57f0a3187f386826ed682fb1e4fc3118cdd75a

SHA256
032b2cbb22db451c8ddce557f179a453b050af9a40d0857b8d2b1f765a6ed4b9

SHA512
78db1faa3223b077b8d1742f9aff9f6915215f74bd5572ea12f8feaa30b46cee027b78e7f412d298a02b34bd4f7201486bb79f99ae402244e43dadb0e9d3260b

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemmyyir.exe

Filesize
563KB

MD5
52f1d320ac6e5798b9dc31b251c221da

SHA1
9aa7ec23d51f12de34ec913d9c3a38fab2c82f3b

SHA256
9c77c6a526bc55ad89ed6057e107fb6651c1c472556684af26e90a030977b4e8

SHA512
7a567444dbd75cd7e347c3060b83e187ac652db251fca3a647876dfa0757adbe6f5f695fb602fe1ec1066ba182109f76cf10e4516c578e74eb240258d220002a

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemnqmyw.exe

Filesize
564KB

MD5
849b892ad58d636ba3ed708b4f63cdbf

SHA1
1fe67c61e37bb2a5e24d9d358f47ae08a85bae7e

SHA256
24f29485f9a38b2c1233fb0babc8afeb866ddfac6551d15933627199637a2f13

SHA512
71c87fc91ed6134f07a0073345ae792e1a4071d3da1e97516d1f66ec433e64cc5b6f33d42b95a87b9ccad9424a467eabdf69cea60d126fa7cfc3b3eb88d71691

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemoeyll.exe

Filesize
564KB

MD5
084cdc3285ea5d564f4035735d8c35a1

SHA1
dc2f8cd92797d377dd5c9849f2cc8f2bd0de85a5

SHA256
ff45b35c79674e65c2437e078bfd425ad10568f1b92991be7bd0e8c4d488c954

SHA512
3ff3e11dcbb0388244c245d72bba8a46fd170695f8eeaa88f6da8d588a162e24cf150b2827d325f0e6df100aaf60896b24dee201d517271b899bebf27db1ddd3

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemsvhjw.exe

Filesize
563KB

MD5
dddb367476de1ae1d1186e7570c174c9

SHA1
fafe98225805eb3ab4d9266c914239b64a43dd6f

SHA256
0507d7637b166da2647569f00162ff4944f39b90a6d579bd3ac24ef398f8e43c

SHA512
55c961f30ea1753c947a20b1fcd0c2ae415650979d03acc015b7d2b2d00b4e42b1e0055c541c5a1ad3322924331c82afba3e18bbd89737fcde32ed8fc8c725c8

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemuergo.exe

Filesize
564KB

MD5
eb1ff6706dc03658e03b5050b489f870

SHA1
f39ddf52354854daf4ba8046bfbc9845e8b4f409

SHA256
910dfc28242a5724898c5641279c88afa7ce4ddd99233724021cdd76a0f59f3a

SHA512
01fb37f4b9c5d28964698ba05471e72963b557116748771dd9290e856e9461b1cd0d310996e69fbde6e00600bac6791c1ee77655302bd09463dcd534539d2fdc

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemxyeqq.exe

Filesize
563KB

MD5
2109e4dc47078691d09e846c389fbd08

SHA1
788abf77dd8fd21257d7dd720335ab4e71f63d46

SHA256
15818cc93a9a920be7eb69803d0f2883d3aa1546b7448e05e9e54d81f6b2b100

SHA512
01cac8b5caeb04675be1852b08cc9c750a0863b69f0a8f588313c2f4dab70c68e25d7a3b06e1b481424a2f91e7561305f388d16bb21510d89c5f3732eb2e4642

Download Submit