ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038

Analysis

max time kernel
44s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe
Size

624KB
MD5

729e66cd0bacb2c1a09df690bc0045e6
SHA1

c5f6d0ec914ae9daaaadbbbf30a3e29b921d88fc
SHA256

ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038
SHA512

baff44457d5d2c68d64405142791b024ed596c4610638bdef69fbe2954ca918f76e23b12351eb7c0467d1425481e0db06913aab9592e078f6fb48deef6f2941d
SSDEEP

6144:dqDAwl0xPTMiR9JSSxPUKYGdodH2USiZTK40G:d+67XR9JSSxvYGdodH2UvRK4B

Score

9^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 13 IoCs

resource	yara_rule
behavioral1/files/0x00230000000122f8-5.dat	UPX
behavioral1/files/0x00220000000122f4-18.dat	UPX
behavioral1/files/0x001a000000012300-20.dat	UPX
behavioral1/files/0x000800000001269e-33.dat	UPX
behavioral1/files/0x00080000000126c7-46.dat	UPX
behavioral1/files/0x00080000000126f7-60.dat	UPX
behavioral1/files/0x00090000000139d6-73.dat	UPX
behavioral1/files/0x0006000000014c67-86.dat	UPX
behavioral1/files/0x0006000000014e3d-99.dat	UPX
behavioral1/files/0x0006000000014ec4-113.dat	UPX
behavioral1/files/0x0006000000014fe1-126.dat	UPX
behavioral1/files/0x0006000000015264-140.dat	UPX
behavioral1/files/0x0006000000015364-153.dat	UPX

Executes dropped EXE 64 IoCs

pid	Process
2252	Sysqemfnqyi.exe
2488	Sysqemlckgo.exe
2524	Sysqemvmyou.exe
2856	Sysqemehwjj.exe
1248	Sysqemghmwn.exe
2556	Sysqemyomus.exe
1128	Sysqemutgmf.exe
1640	Sysqemlagjj.exe
952	Sysqemyfyrj.exe
772	Sysqemaxnrj.exe
1724	Sysqemobuph.exe
1060	Sysqemypvsq.exe
1560	Sysqemftdhz.exe
608	Sysqemfitnz.exe
2884	Sysqemgweio.exe
1700	Sysqemyvhfn.exe
1888	Sysqemkthsv.exe
2924	Sysqemqvqnl.exe
2548	Sysqemmlygg.exe
2240	Sysqemtwwlv.exe
2656	Sysqemvkigs.exe
1840	Sysqemxuzvl.exe
2072	Sysqemfnzol.exe
1916	Sysqemtrvgs.exe
2348	Sysqemypxgf.exe
2180	Sysqemahpwx.exe
2852	Sysqemnqsra.exe
2564	Sysqemuucwr.exe
2156	Sysqemtipmi.exe
1632	Sysqemyvjub.exe
1968	Sysqemaxjco.exe
2728	Sysqemmsqcb.exe
2076	Sysqemoguxq.exe
3008	Sysqemqmihg.exe
240	Sysqempqtuw.exe
900	Sysqemrdwfr.exe
2468	Sysqemdnakn.exe
2308	Sysqemizush.exe
2068	Sysqemuqvpr.exe
2448	Sysqemwwbag.exe
2912	Sysqemyooql.exe
2384	Sysqemfwkif.exe
2332	Sysqemhycqr.exe
2020	Sysqemrfonc.exe
1996	Sysqemzbybt.exe
1112	Sysqembxbdo.exe
1152	Sysqemgjnlh.exe
1960	Sysqemlaryv.exe
1844	Sysqemkssqx.exe
3012	Sysqemncsgp.exe
1032	Sysqemoivbf.exe
1804	Sysqemwjubt.exe
2312	Sysqemavltm.exe
2728	Sysqemizvgv.exe
1268	Sysqemcmbhp.exe
1704	Sysqemhzvpj.exe
2372	Sysqemndcea.exe
2744	Sysqemsqwml.exe
756	Sysqemhngkl.exe
2336	Sysqemmvleh.exe
864	Sysqemlsyuy.exe
1448	Sysqemitgpo.exe
2732	Sysqemsttft.exe
1748	Sysqemzpdsk.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe
2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe
2252	Sysqemfnqyi.exe
2252	Sysqemfnqyi.exe
2488	Sysqemlckgo.exe
2488	Sysqemlckgo.exe
2524	Sysqemvmyou.exe
2524	Sysqemvmyou.exe
2856	Sysqemehwjj.exe
2856	Sysqemehwjj.exe
1248	Sysqemghmwn.exe
1248	Sysqemghmwn.exe
2556	Sysqemyomus.exe
2556	Sysqemyomus.exe
1128	Sysqemutgmf.exe
1128	Sysqemutgmf.exe
1640	Sysqemlagjj.exe
1640	Sysqemlagjj.exe
952	Sysqemyfyrj.exe
952	Sysqemyfyrj.exe
772	Sysqemaxnrj.exe
772	Sysqemaxnrj.exe
1724	Sysqemobuph.exe
1724	Sysqemobuph.exe
1060	Sysqemypvsq.exe
1060	Sysqemypvsq.exe
1560	Sysqemftdhz.exe
1560	Sysqemftdhz.exe
608	Sysqemfitnz.exe
608	Sysqemfitnz.exe
2884	Sysqemgweio.exe
2884	Sysqemgweio.exe
1700	Sysqemyvhfn.exe
1700	Sysqemyvhfn.exe
1888	Sysqemkthsv.exe
1888	Sysqemkthsv.exe
2924	Sysqemqvqnl.exe
2924	Sysqemqvqnl.exe
2548	Sysqemmlygg.exe
2548	Sysqemmlygg.exe
2240	Sysqemtwwlv.exe
2240	Sysqemtwwlv.exe
2656	Sysqemvkigs.exe
2656	Sysqemvkigs.exe
1840	Sysqemxuzvl.exe
1840	Sysqemxuzvl.exe
2072	Sysqemfnzol.exe
2072	Sysqemfnzol.exe
1916	Sysqemtrvgs.exe
1916	Sysqemtrvgs.exe
2348	Sysqemypxgf.exe
2348	Sysqemypxgf.exe
2180	Sysqemahpwx.exe
2180	Sysqemahpwx.exe
2852	Sysqemnqsra.exe
2852	Sysqemnqsra.exe
2564	Sysqemuucwr.exe
2564	Sysqemuucwr.exe
2156	Sysqemtipmi.exe
2156	Sysqemtipmi.exe
1632	Sysqemyvjub.exe
1632	Sysqemyvjub.exe
1968	Sysqemaxjco.exe
1968	Sysqemaxjco.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2252	2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe	28
PID 2696 wrote to memory of 2252	2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe	28
PID 2696 wrote to memory of 2252	2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe	28
PID 2696 wrote to memory of 2252	2696	ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe	28
PID 2252 wrote to memory of 2488	2252	Sysqemfnqyi.exe	29
PID 2252 wrote to memory of 2488	2252	Sysqemfnqyi.exe	29
PID 2252 wrote to memory of 2488	2252	Sysqemfnqyi.exe	29
PID 2252 wrote to memory of 2488	2252	Sysqemfnqyi.exe	29
PID 2488 wrote to memory of 2524	2488	Sysqemlckgo.exe	30
PID 2488 wrote to memory of 2524	2488	Sysqemlckgo.exe	30
PID 2488 wrote to memory of 2524	2488	Sysqemlckgo.exe	30
PID 2488 wrote to memory of 2524	2488	Sysqemlckgo.exe	30
PID 2524 wrote to memory of 2856	2524	Sysqemvmyou.exe	31
PID 2524 wrote to memory of 2856	2524	Sysqemvmyou.exe	31
PID 2524 wrote to memory of 2856	2524	Sysqemvmyou.exe	31
PID 2524 wrote to memory of 2856	2524	Sysqemvmyou.exe	31
PID 2856 wrote to memory of 1248	2856	Sysqemehwjj.exe	32
PID 2856 wrote to memory of 1248	2856	Sysqemehwjj.exe	32
PID 2856 wrote to memory of 1248	2856	Sysqemehwjj.exe	32
PID 2856 wrote to memory of 1248	2856	Sysqemehwjj.exe	32
PID 1248 wrote to memory of 2556	1248	Sysqemghmwn.exe	33
PID 1248 wrote to memory of 2556	1248	Sysqemghmwn.exe	33
PID 1248 wrote to memory of 2556	1248	Sysqemghmwn.exe	33
PID 1248 wrote to memory of 2556	1248	Sysqemghmwn.exe	33
PID 2556 wrote to memory of 1128	2556	Sysqemyomus.exe	34
PID 2556 wrote to memory of 1128	2556	Sysqemyomus.exe	34
PID 2556 wrote to memory of 1128	2556	Sysqemyomus.exe	34
PID 2556 wrote to memory of 1128	2556	Sysqemyomus.exe	34
PID 1128 wrote to memory of 1640	1128	Sysqemutgmf.exe	35
PID 1128 wrote to memory of 1640	1128	Sysqemutgmf.exe	35
PID 1128 wrote to memory of 1640	1128	Sysqemutgmf.exe	35
PID 1128 wrote to memory of 1640	1128	Sysqemutgmf.exe	35
PID 1640 wrote to memory of 952	1640	Sysqemlagjj.exe	36
PID 1640 wrote to memory of 952	1640	Sysqemlagjj.exe	36
PID 1640 wrote to memory of 952	1640	Sysqemlagjj.exe	36
PID 1640 wrote to memory of 952	1640	Sysqemlagjj.exe	36
PID 952 wrote to memory of 772	952	Sysqemyfyrj.exe	37
PID 952 wrote to memory of 772	952	Sysqemyfyrj.exe	37
PID 952 wrote to memory of 772	952	Sysqemyfyrj.exe	37
PID 952 wrote to memory of 772	952	Sysqemyfyrj.exe	37
PID 772 wrote to memory of 1724	772	Sysqemaxnrj.exe	38
PID 772 wrote to memory of 1724	772	Sysqemaxnrj.exe	38
PID 772 wrote to memory of 1724	772	Sysqemaxnrj.exe	38
PID 772 wrote to memory of 1724	772	Sysqemaxnrj.exe	38
PID 1724 wrote to memory of 1060	1724	Sysqemobuph.exe	39
PID 1724 wrote to memory of 1060	1724	Sysqemobuph.exe	39
PID 1724 wrote to memory of 1060	1724	Sysqemobuph.exe	39
PID 1724 wrote to memory of 1060	1724	Sysqemobuph.exe	39
PID 1060 wrote to memory of 1560	1060	Sysqemypvsq.exe	40
PID 1060 wrote to memory of 1560	1060	Sysqemypvsq.exe	40
PID 1060 wrote to memory of 1560	1060	Sysqemypvsq.exe	40
PID 1060 wrote to memory of 1560	1060	Sysqemypvsq.exe	40
PID 1560 wrote to memory of 608	1560	Sysqemftdhz.exe	41
PID 1560 wrote to memory of 608	1560	Sysqemftdhz.exe	41
PID 1560 wrote to memory of 608	1560	Sysqemftdhz.exe	41
PID 1560 wrote to memory of 608	1560	Sysqemftdhz.exe	41
PID 608 wrote to memory of 2884	608	Sysqemfitnz.exe	42
PID 608 wrote to memory of 2884	608	Sysqemfitnz.exe	42
PID 608 wrote to memory of 2884	608	Sysqemfitnz.exe	42
PID 608 wrote to memory of 2884	608	Sysqemfitnz.exe	42
PID 2884 wrote to memory of 1700	2884	Sysqemgweio.exe	43
PID 2884 wrote to memory of 1700	2884	Sysqemgweio.exe	43
PID 2884 wrote to memory of 1700	2884	Sysqemgweio.exe	43
PID 2884 wrote to memory of 1700	2884	Sysqemgweio.exe	43

C:\Users\Admin\AppData\Local\Temp\ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe
"C:\Users\Admin\AppData\Local\Temp\ab05cf286ab51692afa6e8f41e18e93378765146457a770ea5c755b3a9a99038.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\Sysqemfnqyi.exe
  "C:\Users\Admin\AppData\Local\Temp\Sysqemfnqyi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Sysqemlckgo.exe
    "C:\Users\Admin\AppData\Local\Temp\Sysqemlckgo.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Sysqemvmyou.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysqemvmyou.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Sysqemehwjj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemehwjj.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Sysqemghmwn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemghmwn.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyomus.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyomus.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemutgmf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemutgmf.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlagjj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlagjj.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyfyrj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyfyrj.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaxnrj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaxnrj.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemobuph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemobuph.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemypvsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemypvsq.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemftdhz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemftdhz.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfitnz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfitnz.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgweio.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgweio.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvhfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvhfn.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkthsv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkthsv.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqvqnl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqvqnl.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmlygg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmlygg.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtwwlv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtwwlv.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvkigs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvkigs.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxuzvl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxuzvl.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfnzol.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfnzol.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtrvgs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtrvgs.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemypxgf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemypxgf.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemahpwx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemahpwx.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnqsra.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnqsra.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuucwr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuucwr.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtipmi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtipmi.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvjub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvjub.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaxjco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaxjco.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmsqcb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmsqcb.exe"
        33⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoguxq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoguxq.exe"
        34⤵
        Executes dropped EXE
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqmihg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqmihg.exe"
        35⤵
        Executes dropped EXE
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempqtuw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempqtuw.exe"
        36⤵
        Executes dropped EXE
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrdwfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrdwfr.exe"
        37⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdnakn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdnakn.exe"
        38⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizush.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizush.exe"
        39⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqvpr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqvpr.exe"
        40⤵
        Executes dropped EXE
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwwbag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwwbag.exe"
        41⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyooql.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyooql.exe"
        42⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwkif.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwkif.exe"
        43⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhycqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhycqr.exe"
        44⤵
        Executes dropped EXE
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfonc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfonc.exe"
        45⤵
        Executes dropped EXE
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzbybt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzbybt.exe"
        46⤵
        Executes dropped EXE
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxbdo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxbdo.exe"
        47⤵
        Executes dropped EXE
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgjnlh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgjnlh.exe"
        48⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlaryv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlaryv.exe"
        49⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkssqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkssqx.exe"
        50⤵
        Executes dropped EXE
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemncsgp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemncsgp.exe"
        51⤵
        Executes dropped EXE
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoivbf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoivbf.exe"
        52⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwjubt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwjubt.exe"
        53⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemavltm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemavltm.exe"
        54⤵
        Executes dropped EXE
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizvgv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizvgv.exe"
        55⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmbhp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmbhp.exe"
        56⤵
        Executes dropped EXE
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhzvpj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhzvpj.exe"
        57⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemndcea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemndcea.exe"
        58⤵
        Executes dropped EXE
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsqwml.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsqwml.exe"
        59⤵
        Executes dropped EXE
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhngkl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhngkl.exe"
        60⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmvleh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmvleh.exe"
        61⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlsyuy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlsyuy.exe"
        62⤵
        Executes dropped EXE
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemitgpo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemitgpo.exe"
        63⤵
        Executes dropped EXE
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsttft.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsttft.exe"
        64⤵
        Executes dropped EXE
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe"
        65⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemotjii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemotjii.exe"
        66⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqsqxg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqsqxg.exe"
        67⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxsyt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxsyt.exe"
        68⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqtiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqtiv.exe"
        69⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoavdm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoavdm.exe"
        70⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtqsqa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtqsqa.exe"
        71⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmsvqa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmsvqa.exe"
        72⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhswz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhswz.exe"
        73⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvuyb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvuyb.exe"
        74⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdgtdy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdgtdy.exe"
        75⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemptiwx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemptiwx.exe"
        76⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxmhwm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxmhwm.exe"
        77⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemotqek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemotqek.exe"
        78⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtkmrg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtkmrg.exe"
        79⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnerhy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnerhy.exe"
        80⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyasro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyasro.exe"
        81⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrrhzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrrhzg.exe"
        82⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuywkv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuywkv.exe"
        83⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemndjpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemndjpy.exe"
        84⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcakcw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcakcw.exe"
        85⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwcnuv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwcnuv.exe"
        86⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembpgcp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembpgcp.exe"
        87⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaaqfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaaqfd.exe"
        88⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwcki.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwcki.exe"
        89⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrhplv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrhplv.exe"
        90⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe"
        91⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempwlln.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempwlln.exe"
        92⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsczvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsczvd.exe"
        93⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemveftn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemveftn.exe"
        94⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyrivi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyrivi.exe"
        95⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhivlu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhivlu.exe"
        96⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkanbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkanbn.exe"
        97⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqqwtt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqqwtt.exe"
        98⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyidta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyidta.exe"
        99⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemckjrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemckjrs.exe"
        100⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmglut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmglut.exe"
        101⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsyipc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsyipc.exe"
        102⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvmlrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvmlrx.exe"
        103⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemutjpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemutjpq.exe"
        104⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzgdxb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzgdxb.exe"
        105⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvyma.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvyma.exe"
        106⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqeminnkf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqeminnkf.exe"
        107⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempnkut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempnkut.exe"
        108⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxvxvn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxvxvn.exe"
        109⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgbiij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgbiij.exe"
        110⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlobqc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlobqc.exe"
        111⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsoqaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsoqaq.exe"
        112⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuypyj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuypyj.exe"
        113⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemarknm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemarknm.exe"
        114⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlkalz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlkalz.exe"
        115⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzvvic.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzvvic.exe"
        116⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemewdds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemewdds.exe"
        117⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdpngg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdpngg.exe"
        118⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgzewz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgzewz.exe"
        119⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaqdjv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaqdjv.exe"
        120⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwczjc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwczjc.exe"
        121⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgumzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgumzg.exe"
        122⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoyoey.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoyoey.exe"
        123⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemilces.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemilces.exe"
        124⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmchzo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmchzo.exe"
        125⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjsorb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjsorb.exe"
        126⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemotxmr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemotxmr.exe"
        127⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhzkru.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhzkru.exe"
        128⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdnfl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdnfl.exe"
        129⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuipxz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuipxz.exe"
        130⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembmrki.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembmrki.exe"
        131⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemibkht.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemibkht.exe"
        132⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifmvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifmvd.exe"
        133⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemecrfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemecrfd.exe"
        134⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmgbsv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmgbsv.exe"
        135⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemitvin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemitvin.exe"
        136⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemncddd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemncddd.exe"
        137⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwsdj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwsdj.exe"
        138⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembkvge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembkvge.exe"
        139⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdmnoq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdmnoq.exe"
        140⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlqxbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlqxbh.exe"
        141⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuilbo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuilbo.exe"
        142⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrnpbm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrnpbm.exe"
        143⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsiqtt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsiqtt.exe"
        144⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxjywj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxjywj.exe"
        145⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlzizr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlzizr.exe"
        146⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemomlbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemomlbn.exe"
        147⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdrupl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdrupl.exe"
        148⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiizch.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiizch.exe"
        149⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeftcu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeftcu.exe"
        150⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjvypi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjvypi.exe"
        151⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyhvut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyhvut.exe"
        152⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizlzy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizlzy.exe"
        153⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkrahq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkrahq.exe"
        154⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxerxw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxerxw.exe"
        155⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzruar.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzruar.exe"
        156⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvefi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvefi.exe"
        157⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqrwas.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqrwas.exe"
        158⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqgtxj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqgtxj.exe"
        159⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmobqe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmobqe.exe"
        160⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmgkiy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmgkiy.exe"
        161⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkvgij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkvgij.exe"
        162⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkohbl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkohbl.exe"
        163⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeimid.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeimid.exe"
        164⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdqjbk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdqjbk.exe"
        165⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgpywu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgpywu.exe"
        166⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnaxbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnaxbr.exe"
        167⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwwuwn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwwuwn.exe"
        168⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemddhwz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemddhwz.exe"
        169⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaupgu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaupgu.exe"
        170⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemamyzo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemamyzo.exe"
        171⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhjjwz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhjjwz.exe"
        172⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmkrrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmkrrq.exe"
        173⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsoahb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsoahb.exe"
        174⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxbtpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxbtpu.exe"
        175⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhpvsw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhpvsw.exe"
        176⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjgjhu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjgjhu.exe"
        177⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdqmvl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdqmvl.exe"
        178⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvipxs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvipxs.exe"
        179⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwqac.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwqac.exe"
        180⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhxfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhxfr.exe"
        181⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfdfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfdfz.exe"
        182⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktiah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktiah.exe"
        183⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempjnap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempjnap.exe"
        184⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwhii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwhii.exe"
        185⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvnjiu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvnjiu.exe"
        186⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkzpoy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkzpoy.exe"
        187⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeijbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeijbh.exe"
        188⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtgstv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtgstv.exe"
        189⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemducwx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemducwx.exe"
        190⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemflilv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemflilv.exe"
        191⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjqlmi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjqlmi.exe"
        192⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempzthy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempzthy.exe"
        193⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwoeek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwoeek.exe"
        194⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaejzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaejzg.exe"
        195⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfkdrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfkdrt.exe"
        196⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkllmb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkllmb.exe"
        197⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrtixq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrtixq.exe"
        198⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtdzui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtdzui.exe"
        199⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyxpuh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyxpuh.exe"
        200⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemipfam.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemipfam.exe"
        201⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnuqzf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnuqzf.exe"
        202⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrvghe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrvghe.exe"
        203⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrhsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrhsl.exe"
        204⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjzusf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjzusf.exe"
        205⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuuvcn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuuvcn.exe"
        206⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylsxj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylsxj.exe"
        207⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemghccb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemghccb.exe"
        208⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe"
        209⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnpxdb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnpxdb.exe"
        210⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxkvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxkvo.exe"
        211⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcfgni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcfgni.exe"
        212⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhooqy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhooqy.exe"
        213⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvhinh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvhinh.exe"
        214⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdhhno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdhhno.exe"
        215⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaxonp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaxonp.exe"
        216⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzfdyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzfdyp.exe"
        217⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmohtr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmohtr.exe"
        218⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuogtg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuogtg.exe"
        219⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembocdu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembocdu.exe"
        220⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdkfgp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdkfgp.exe"
        221⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiewla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiewla.exe"
        222⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemppvyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemppvyp.exe"
        223⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemexprx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemexprx.exe"
        224⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmbreh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmbreh.exe"
        225⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywgem.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywgem.exe"
        226⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemydejm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemydejm.exe"
        227⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdcef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdcef.exe"
        228⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemruwhc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemruwhc.exe"
        229⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifhce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifhce.exe"
        230⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkphzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkphzw.exe"
        231⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhubsj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhubsj.exe"
        232⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemormpv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemormpv.exe"
        233⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdgvhb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdgvhb.exe"
        234⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemihecs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemihecs.exe"
        235⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemexlvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemexlvf.exe"
        236⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyhndk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyhndk.exe"
        237⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyhlse.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyhlse.exe"
        238⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcitau.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcitau.exe"
        239⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeluip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeluip.exe"
        240⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmltiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmltiv.exe"
        241⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvddah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvddah.exe"
        242⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxjjlx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxjjlx.exe"
        243⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrlmlw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrlmlw.exe"
        244⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhnwe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhnwe.exe"
        245⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyergf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyergf.exe"
        246⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfeqgt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfeqgt.exe"
        247⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmfmrz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmfmrz.exe"
        248⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemumaru.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemumaru.exe"
        249⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemluyhf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemluyhf.exe"
        250⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsfxmc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsfxmc.exe"
        251⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwahf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwahf.exe"
        252⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmalmw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmalmw.exe"
        253⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvbpl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvbpl.exe"
        254⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhnquq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhnquq.exe"
        255⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqematezs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqematezs.exe"
        256⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemksqxd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemksqxd.exe"
        257⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeyyag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeyyag.exe"
        258⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmdjfp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmdjfp.exe"
        259⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnxkfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnxkfd.exe"
        260⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnmikv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnmikv.exe"
        261⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqememist.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqememist.exe"
        262⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemglwir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemglwir.exe"
        263⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemykhgq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemykhgq.exe"
        264⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemajnvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemajnvo.exe"
        265⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfatvw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfatvw.exe"
        266⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkmnvp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkmnvp.exe"
        267⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrnjgd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrnjgd.exe"
        268⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemndobz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemndobz.exe"
        269⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempfgjl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempfgjl.exe"
        270⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuvleh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuvleh.exe"
        271⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhloi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhloi.exe"
        272⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmoxla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmoxla.exe"
        273⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsguoj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsguoj.exe"
        274⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemccvzq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemccvzq.exe"
        275⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwexzq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwexzq.exe"
        276⤵
        
        PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

Filesize
624KB

MD5
67914b9f59435a1237ea0b7b6fde5d4b

SHA1
d527d27aa7ba1f520056451afc7506c6ed55725f

SHA256
75fffea870042d2797252a1a05f4b14a9209ff33183b9c84e58b10cb5cdab076

SHA512
abe02dffb2415fdf35bdbb0e978497a053d320257e9a437e4fbaec740ed5d00a06073dc3dcf07eb0c6deff9fb04ce596111c3aa50b21c4b5921795180d3864a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqemfnqyi.exe

Filesize
624KB

MD5
0b4da765ff725d11af51c0b507898aac

SHA1
e9ccff75149c13def37d945056cc86bda9d300a4

SHA256
b4447b20ffeaa9552b406a0676a5ef91fe0183eba8f00984b17f0571139df737

SHA512
c82be31f9aaf413e13023cfcab6ca5cfb2a5d4008570cdde4660ba79b309c1ce8d0f1494e97f57ff73b6ee795f149aa7527b1a635d89641ef3e6ce0a890a99bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
ba327356b91b2927cc9d2ee621d655d8

SHA1
bdc02634870dd34c7de1c390892166f208d8a5b6

SHA256
98609c95874440be5194ce97a64b39af8b55a0737259045ca2d69783727a908f

SHA512
921f299e9507ef035c7e5444c47ca0549eb30462b0dbe04451e985fc797a05695f18526ea83e749bea514cc96a60aac3c7f5f76fb592096433c2cd0ae309f552

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
5179cb27779c81ab690a54139a15513e

SHA1
86744a22bc412f6183165db61e9703bc61390a77

SHA256
33b05de2af2e49826eeba109aa39d290fc5c896700783882afebfdf44e703c7b

SHA512
adab09d50cc1128491fb239201726d646e0cbdea61166cbbb0b0a8561190c04c274c16401bb9d7a83e1c5f999723ee5335cd8f1a3551430fba8736b8c6dd22f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
f27178070793c34dab59940717aaa293

SHA1
2af48f0b4fe70a0993124dc64189242faeaf77f9

SHA256
5de1206fa8cbbb18fc1b1775b11d3b599643ce7dd5845e0e0891ed29cc321c8f

SHA512
eadcd7e848c1325cb4c9706f7c472304ff3577f6475f4a47820e4283e051cbce5aea716e17bd8d5a42101e495712372c22a8b385f6511fd43e9cf710b95086d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
88ec3fcf65b0217578056f4b3cc208c8

SHA1
2551e71a7d36a9c6aefa99e480193cd2bcd6bce0

SHA256
d45afd85461ad16304dc668859d0a5070f019a13c59538644fb2ec9cd1d1ce0f

SHA512
86dd0dae15aaeb0add6c3e22f4ac11f615ee2b38b879e9e72132a59136daaf667b3be3597712c1fb30a05885dd4180b23a33297043bc1d386a6acf701bf32cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
a26db08eaefafaf2be3e9d4e89704439

SHA1
8831897f120c260cde20bcd595283b51e673f90f

SHA256
da7351369be10b432a4c5c11645779a728e13f442e7bab4b76607a0e16d5405c

SHA512
46fd43352ca110a42e226020297aa139d08b8a333e1bae6fea4d52c09865d89e0f4f8c469f067d108ee473fd541f2565dbf4420153db1602789eff880307eac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2845a332b4f92d6edff68a1bcdcc0540

SHA1
c2642ab6108bb0d1406d511c19564dcef48f548b

SHA256
7c92c68f80ed7e94bdf284a89f3e2c81611a1a62c428f27359e46b1404797fa1

SHA512
6b9d540f3bf5ef6530a3464b150a5dcc70b0c2d16349c79308366bbcc6c6ff1f746a04dde0465063d9a008c21dcdaad5dd71117936977cdccb38ac9e68acd171

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
ecc1740a23f442efd48d10f22faed2fd

SHA1
068a39c77d6c37e33e39931785b846e709d1438f

SHA256
d2bba4d294d44db9b2e23fab8637176e69d2fd5ce453bfdc6b50ac8a464d7905

SHA512
78f01bf64d0d1ba88ec16ae42a2137059c7428f2cfe10c7fc32d247943f4ed8be03aa3f027b1819ab6eb51d43420dc19084ebfb2d265d476d9c2b9002ed19648

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
3f43d935276965b0b193d345938aebca

SHA1
4bfebcc4ab3053be0cf2133e439e8049dfe4e2b6

SHA256
df8d7846f5380374af151a2a5d629cd856b6e70f373852209f099cb108d4311b

SHA512
89c81574cdb26b3e03409c9281c22b7af44469a108f15e02bedd958c5ca478051dfdad3e02fe500cb0ec4a2fb9594a3538b4af06e2da3be5e4a227cf3a5c2e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
77cb74e0b64da881e2412049d39ef789

SHA1
dc8b0fc5069445764cb7235e40af3a23a6949fed

SHA256
a8ef9360f4eb28b52d45d9011407c35f765ae15d6044d74c001961712541b841

SHA512
5fbf221093e65ea8ae352d6dca178998d4677fea1fec6133b765b39855309eee37240501970b3a90a2ec5ebd2e8939975aee3be60916796be85741f93023c8f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
f3e7c9607013b82185dce6b37ea8acdd

SHA1
51e6b30e1cff4083152cf2151ae31d4b7196da15

SHA256
362661bfbd1435489fa9d0a5e75dcb1afe8c695ff0f5a92a041b97882bddf808

SHA512
7b73002ad0bf1bc7d5adbf4b9cbffc2d3e4a22cbbbacb61f02d9e8c7c1428d997039949efa71d98ec570615615a243908eb3f83dfe11fcfc357c45f1328deb3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
711454c70612e33cbe639a0cee5e3c91

SHA1
6ca85c792349dd8439a1c96fb67733d756bace30

SHA256
44bba7901ea2704736b24604a5b1a987920047acf5c517bfc4d30d77d2b1c43d

SHA512
9207748aba4d1001e74ee06f2baa334db5ae9e7c7c11264f88bf0da1f101f3990bb29b8f32a89735104d59ae5138e10740c3cb60019fb125f8a011e42c459b55

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemaxnrj.exe

Filesize
624KB

MD5
c4461f7cb1cf241a69fc8c72e093dd13

SHA1
e3c73b8b6358c430a64eb3f9f2d198f282d76826

SHA256
b2291a5d753525f2eaf363a184cfb697e25f1d8222272a90d3acc5b4044c5095

SHA512
eb3ccf7eebc38ef64f451270df6b4dacfc6a309fb0ccb5b07970a0d0f0c139dd25ffb904b48e4a70991e7bc87922659844cded0a837f03a3ab6af5437436adee

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemehwjj.exe

Filesize
624KB

MD5
4487c87d58cb9a41a51d8407291be5a3

SHA1
5552d9bceec93559e7461655ae98989b76ec5a44

SHA256
97cef8d5363ea9bdfe31c305bcc0f326dc864f7b7538425b0f0a41c8d174fe9b

SHA512
9c7c68d2cee0c4bd9e8c1bcfe3c5aa50832016176b741da3912eebae4b1828f9e1d6ba121e46f7d004bfc834a9cfd862c36b4cec4a1917934eb7f1bc1a35b0ae

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemghmwn.exe

Filesize
624KB

MD5
7eaa2347f335517cfc2afb710f41c5ae

SHA1
7fbb4e99724dda2512781cfea6831b8168397324

SHA256
97d0b42f348b300679eb2cdc66703dfab866fa89d51e00010f05c115c9f5a6f2

SHA512
8acabf2f2186519c904ab1b3160cce1df3ab4bbfa7b584eb72f62351235042f07f33d75169efec4108151ec0e65d9de966bddd42947cb400fdd242ce3404c16e

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemlagjj.exe

Filesize
624KB

MD5
5320862921f7b196a29d16ba1098fe11

SHA1
aed8ca6273154f0aab5fbb59b6199b0b7b8b2840

SHA256
84d9c46258b1861ee8c7bf14e2b322e67703d99793c2b6ec3138bdd49167f6bb

SHA512
cf435afac5f55b2a6b7469ab1c9fb58053e3637ed67c09ed3246ca632e2adad326f7577332c9f34a42d6c89839c8143fae1fb14bea4ff862d65158758256cebc

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemlckgo.exe

Filesize
624KB

MD5
50636044d3decf1132037a4e66c3aeda

SHA1
b1d29bcc6cecdfca0e97f2e227bab4f44ba27a21

SHA256
6e17c0d866513c277f205f63d3627980fbd66eda611430e7cd0cd3824296f5c3

SHA512
06e1a171f8b0dd77d935e3c71ab375cfe8c14a23b51e1373f7ccfbac9d1001715fb3ff79e9ed9e0dc0ddb411dff1e17faa3715d24e948abba66d7436634fac08

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemobuph.exe

Filesize
624KB

MD5
bad33937d9aab3895b76b135d6cd2bcc

SHA1
50c65c5547f23127a3dd67ad56cfe49ef8e54f97

SHA256
3ba11482b7fa0551279b5b29dafa680c8ac3d40059f3ba7417b6fe8f8e16d3fd

SHA512
79d0db9ea4cae0d653f408735600288aaee8299c11ed461f204324249728be0fca557c49debb08016f56db316fe04bfa347f09dd5e47484ff2d3f4885409606e

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemutgmf.exe

Filesize
624KB

MD5
b016012471a01d572da817cf7f83b6ae

SHA1
9e5d1661ce0a6560a5b409906078cc963a25acdf

SHA256
e794fe1a231bf69eab329f43112f31b041bbf0e8390d11db281196192c009dcb

SHA512
a3962144c2efbd554b6e378ac9794c3463b2886b6859186ed25b1f76e5a0d381087c5e6e78792040d6a29c3877cd70bca25577b8702b36220bd46972664a2d73

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemvmyou.exe

Filesize
624KB

MD5
08e51120256e2cd8a70d1472276825de

SHA1
ea6c60bafeccf7ce8964b159b944ece564eddf8b

SHA256
955ab249446377ffe3c13450a39f82ea922dda32407f65d1fa7f03509c9c3fb8

SHA512
bf0573d323ff96876f8f1f3e0cc3d3d185122ea7490baa1366871a1298b5c9f2f381f0bc68bc2eba8b52707a92aff43f936447cbfee274b530c83b8698f9f7e7

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemyfyrj.exe

Filesize
624KB

MD5
c11addbddce9fdfc34af961cc2649ff7

SHA1
595f4f034d345505415d12f2df292eccb00ea6af

SHA256
a7ea45e3e2ed0f0f504b24302cd5fe8c384482b0fd628839cd67c1a8846e1081

SHA512
67521c9cdfeb721030ae869aa34d8b6aa32da9faec68c443128ce76bca9ae651dae7d6fe81155b31b4dac4e6e3313ef9233018320f0513b3bf0d505fc575809d

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemyomus.exe

Filesize
624KB

MD5
7b01e88b4d5a2ea782db0462a635280d

SHA1
c15e16116c96dd72419b634a8f6d5d4ac402473f

SHA256
b6cb0c227372053e80c0db3192ea2fa20aa3cb9d4973788001967235dbc4fa08

SHA512
9ac0a29de34f2ad6003982386686427415907119e856dca81c4ea76cf6bbfba4495968e549cada6a6d9a72c2252338b484935770681495c8e6003d4016171599

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemypvsq.exe

Filesize
625KB

MD5
b783aadc89121b906ee061102c2a84fa

SHA1
ef95c7fc13b10393a5e68ea63e6cbc521b7d9cf8

SHA256
741b1ff88eb9e2745c8dbc499dfcf020d975fdd9252bbd97562fca10d42a564e

SHA512
689f597f6da08bd78010c4af8f985688d226fd84fbd3d37f9724abf561fead30fd3071b9ee2f23858aafafd55601bc7feeefe5f15b5afafa39eb8e8f357773dc

Download Submit
memory/2872-718-0x0000000002D60000-0x00000000039AA000-memory.dmp

Filesize
12.3MB

Download