83b34ad7d9eddf93b67cba2f9dd9bbbd8b0442cebf895b3dbbfb64c0a075dd03

Analysis

max time kernel
65s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 01:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe
Size

114KB
MD5

69b3d62688020331acb3aded5d444ee0
SHA1

fdac8ee21ebc0e437be7830ed5e837acda096edc
SHA256

83b34ad7d9eddf93b67cba2f9dd9bbbd8b0442cebf895b3dbbfb64c0a075dd03
SHA512

12e05cceb2dfb5d59b4169c5ac55196cc36627ad3bfeeb62e772a58ae400d6d40275c24d2d3a9164bdc26db5b9a8d773db97d7710baecfd8d4a83a7cf4977970
SSDEEP

1536:+YjIyeC1eUfKjkhBYJ7mTCbqODiC1ZsyHZK0FjlqsS5eHyG9LU3YG8nU:LdEUfKj8BYbDiC1ZTK7sxtLUIGB

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2864	Sysqembtdwt.exe
2236	Sysqemjxnjk.exe
2688	Sysqemabbue.exe
2468	Sysqemspazp.exe
1936	Sysqemxqiuf.exe
1656	Sysqemksocr.exe
1752	Sysqemhtgpm.exe
1908	Sysqemrpzhc.exe
1496	Sysqembolfn.exe
2292	Sysqemjhkkk.exe
1624	Sysqemoisfa.exe
108	Sysqemdcpac.exe
2152	Sysqemagksi.exe
2060	Sysqemvjopg.exe
2144	Sysqemakxkx.exe
2808	Sysqemkrjih.exe
2608	Sysqemohgcd.exe
1684	Sysqemgweio.exe
1728	Sysqemliyph.exe
1788	Sysqemdtlih.exe
2908	Sysqemibidd.exe
336	Sysqemxvfpm.exe
2604	Sysqemdenkd.exe
1216	Sysqemvsmqn.exe
2472	Sysqemuhjvf.exe
1768	Sysqemkejvr.exe
3056	Sysqemmojtj.exe
1984	Sysqemceusq.exe
2568	Sysqemtluqn.exe
1908	Sysqemlwhiu.exe
2252	Sysqemqqpit.exe
2228	Sysqemixrvy.exe
1560	Sysqemipaos.exe
2976	Sysqemaaggs.exe
1048	Sysqemzwsdx.exe
2232	Sysqemjsria.exe
2144	Sysqemjlrbc.exe
1936	Sysqembzqge.exe
1600	Sysqemlvrqu.exe
1820	Sysqemboodd.exe
2728	Sysqemgpwgm.exe
1760	Sysqemxpyqz.exe
1960	Sysqemcurys.exe
1740	Sysqemuiqed.exe
2496	Sysqemcnsrm.exe
2864	Sysqemxpwos.exe
2152	Sysqemzokeq.exe
3044	Sysqemumdol.exe
2444	Sysqemtipmi.exe
308	Sysqeminxmv.exe
2412	Sysqemdicbv.exe
2452	Sysqemvtquv.exe
920	Sysqemupczz.exe
2364	Sysqemmdtwc.exe
2980	Sysqemrmjzs.exe
2952	Sysqemkxora.exe
1732	Sysqemmkruv.exe
2232	Sysqemevfmd.exe
2836	Sysqemlolrs.exe
2164	Sysqemdzrja.exe
2912	Sysqemlhmkm.exe
1820	Sysqemasjxw.exe
2900	Sysqemckauo.exe
1064	Sysqemngbfd.exe

Loads dropped DLL 64 IoCs

pid	Process
2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe
2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe
2864	Sysqembtdwt.exe
2864	Sysqembtdwt.exe
2236	Sysqemjxnjk.exe
2236	Sysqemjxnjk.exe
2688	Sysqemabbue.exe
2688	Sysqemabbue.exe
2468	Sysqemspazp.exe
2468	Sysqemspazp.exe
1936	Sysqemxqiuf.exe
1936	Sysqemxqiuf.exe
1656	Sysqemksocr.exe
1656	Sysqemksocr.exe
1752	Sysqemhtgpm.exe
1752	Sysqemhtgpm.exe
1908	Sysqemrpzhc.exe
1908	Sysqemrpzhc.exe
1496	Sysqembolfn.exe
1496	Sysqembolfn.exe
2292	Sysqemjhkkk.exe
2292	Sysqemjhkkk.exe
1624	Sysqemoisfa.exe
1624	Sysqemoisfa.exe
108	Sysqemdcpac.exe
108	Sysqemdcpac.exe
2152	Sysqemagksi.exe
2152	Sysqemagksi.exe
2060	Sysqemvjopg.exe
2060	Sysqemvjopg.exe
2144	Sysqemakxkx.exe
2144	Sysqemakxkx.exe
2808	Sysqemkrjih.exe
2808	Sysqemkrjih.exe
2608	Sysqemohgcd.exe
2608	Sysqemohgcd.exe
1684	Sysqemgweio.exe
1684	Sysqemgweio.exe
1728	Sysqemliyph.exe
1728	Sysqemliyph.exe
1788	Sysqemdtlih.exe
1788	Sysqemdtlih.exe
2908	Sysqemibidd.exe
2908	Sysqemibidd.exe
336	Sysqemxvfpm.exe
336	Sysqemxvfpm.exe
2604	Sysqemdenkd.exe
2604	Sysqemdenkd.exe
1216	Sysqemvsmqn.exe
1216	Sysqemvsmqn.exe
2472	Sysqemuhjvf.exe
2472	Sysqemuhjvf.exe
1768	Sysqemkejvr.exe
1768	Sysqemkejvr.exe
3056	Sysqemmojtj.exe
3056	Sysqemmojtj.exe
1984	Sysqemceusq.exe
1984	Sysqemceusq.exe
2568	Sysqemtluqn.exe
2568	Sysqemtluqn.exe
1908	Sysqemlwhiu.exe
1908	Sysqemlwhiu.exe
2252	Sysqemqqpit.exe
2252	Sysqemqqpit.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0007000000014b9f-7.dat	upx
behavioral1/memory/2864-16-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0008000000014b54-22.dat	upx
behavioral1/files/0x0007000000014bed-24.dat	upx
behavioral1/memory/2236-31-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0007000000014c65-38.dat	upx
behavioral1/memory/2688-51-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0007000000014fa6-53.dat	upx
behavioral1/memory/2468-65-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x000900000001488c-67.dat	upx
behavioral1/memory/2052-74-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1936-77-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0009000000015539-84.dat	upx
behavioral1/memory/2864-91-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1656-99-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2236-98-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0008000000015d30-101.dat	upx
behavioral1/memory/2688-107-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0007000000015d47-118.dat	upx
behavioral1/memory/1752-125-0x0000000003540000-0x00000000035D1000-memory.dmp	upx
behavioral1/memory/2468-132-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0006000000015d5f-141.dat	upx
behavioral1/memory/1496-142-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0006000000015d7f-150.dat	upx
behavioral1/memory/1936-157-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1496-156-0x0000000003430000-0x00000000034C1000-memory.dmp	upx
behavioral1/files/0x0006000000015d87-168.dat	upx
behavioral1/memory/1624-179-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0006000000015d8f-183.dat	upx
behavioral1/memory/108-193-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1752-192-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2152-208-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1908-207-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2060-219-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1496-218-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2144-228-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1624-239-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2292-238-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2808-243-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2608-254-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/108-261-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1728-275-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1788-288-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2060-285-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2144-295-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2908-296-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/336-309-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2808-308-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2604-325-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2608-321-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1216-338-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2472-348-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1768-362-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1684-361-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2908-379-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/3056-376-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1788-375-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/3056-388-0x0000000003490000-0x0000000003521000-memory.dmp	upx
behavioral1/memory/2568-401-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/336-408-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1908-416-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2252-429-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2164-927-0x0000000000400000-0x0000000000491000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemkxora.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemuqyrr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzbydk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemoymfh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemeqyni.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemfwnfr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemvmlrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjhkkk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemvsmqn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemlcnso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemwwbag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemdmlpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtcrvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemvjopg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemibidd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemcnsrm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemijthv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemslvmp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemgkfrx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemkshjw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsavrr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemxvfpm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemlwhiu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemlvrqu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtipmi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemalbpp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemkrjih.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtkjcn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemyetaz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemngmmg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemmdtwc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzokeq.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqempjwaq.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemlgciw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtqhyh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemgknct.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemposvm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemdzrja.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemecziz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemctnum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemrigjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemdicbv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqembguay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemhonaj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqembzqge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzvaca.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemrfvga.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtmpdx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjbltp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemboodd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemiyjeh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzrbdd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemwpide.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemhlyad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemittuy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemmkruv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemautnp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtvtxe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemuxtnw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzehme.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemgbqct.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsvyyo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemixrvy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjsria.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2864	2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2864	2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2864	2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2864	2052	69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe	28
PID 2864 wrote to memory of 2236	2864	Sysqembtdwt.exe	29
PID 2864 wrote to memory of 2236	2864	Sysqembtdwt.exe	29
PID 2864 wrote to memory of 2236	2864	Sysqembtdwt.exe	29
PID 2864 wrote to memory of 2236	2864	Sysqembtdwt.exe	29
PID 2236 wrote to memory of 2688	2236	Sysqemjxnjk.exe	30
PID 2236 wrote to memory of 2688	2236	Sysqemjxnjk.exe	30
PID 2236 wrote to memory of 2688	2236	Sysqemjxnjk.exe	30
PID 2236 wrote to memory of 2688	2236	Sysqemjxnjk.exe	30
PID 2688 wrote to memory of 2468	2688	Sysqemabbue.exe	31
PID 2688 wrote to memory of 2468	2688	Sysqemabbue.exe	31
PID 2688 wrote to memory of 2468	2688	Sysqemabbue.exe	31
PID 2688 wrote to memory of 2468	2688	Sysqemabbue.exe	31
PID 2468 wrote to memory of 1936	2468	Sysqemspazp.exe	32
PID 2468 wrote to memory of 1936	2468	Sysqemspazp.exe	32
PID 2468 wrote to memory of 1936	2468	Sysqemspazp.exe	32
PID 2468 wrote to memory of 1936	2468	Sysqemspazp.exe	32
PID 1936 wrote to memory of 1656	1936	Sysqemxqiuf.exe	33
PID 1936 wrote to memory of 1656	1936	Sysqemxqiuf.exe	33
PID 1936 wrote to memory of 1656	1936	Sysqemxqiuf.exe	33
PID 1936 wrote to memory of 1656	1936	Sysqemxqiuf.exe	33
PID 1656 wrote to memory of 1752	1656	Sysqemksocr.exe	34
PID 1656 wrote to memory of 1752	1656	Sysqemksocr.exe	34
PID 1656 wrote to memory of 1752	1656	Sysqemksocr.exe	34
PID 1656 wrote to memory of 1752	1656	Sysqemksocr.exe	34
PID 1752 wrote to memory of 1908	1752	Sysqemhtgpm.exe	35
PID 1752 wrote to memory of 1908	1752	Sysqemhtgpm.exe	35
PID 1752 wrote to memory of 1908	1752	Sysqemhtgpm.exe	35
PID 1752 wrote to memory of 1908	1752	Sysqemhtgpm.exe	35
PID 1908 wrote to memory of 1496	1908	Sysqemrpzhc.exe	36
PID 1908 wrote to memory of 1496	1908	Sysqemrpzhc.exe	36
PID 1908 wrote to memory of 1496	1908	Sysqemrpzhc.exe	36
PID 1908 wrote to memory of 1496	1908	Sysqemrpzhc.exe	36
PID 1496 wrote to memory of 2292	1496	Sysqembolfn.exe	37
PID 1496 wrote to memory of 2292	1496	Sysqembolfn.exe	37
PID 1496 wrote to memory of 2292	1496	Sysqembolfn.exe	37
PID 1496 wrote to memory of 2292	1496	Sysqembolfn.exe	37
PID 2292 wrote to memory of 1624	2292	Sysqemjhkkk.exe	38
PID 2292 wrote to memory of 1624	2292	Sysqemjhkkk.exe	38
PID 2292 wrote to memory of 1624	2292	Sysqemjhkkk.exe	38
PID 2292 wrote to memory of 1624	2292	Sysqemjhkkk.exe	38
PID 1624 wrote to memory of 108	1624	Sysqemoisfa.exe	39
PID 1624 wrote to memory of 108	1624	Sysqemoisfa.exe	39
PID 1624 wrote to memory of 108	1624	Sysqemoisfa.exe	39
PID 1624 wrote to memory of 108	1624	Sysqemoisfa.exe	39
PID 108 wrote to memory of 2152	108	Sysqemdcpac.exe	40
PID 108 wrote to memory of 2152	108	Sysqemdcpac.exe	40
PID 108 wrote to memory of 2152	108	Sysqemdcpac.exe	40
PID 108 wrote to memory of 2152	108	Sysqemdcpac.exe	40
PID 2152 wrote to memory of 2060	2152	Sysqemagksi.exe	41
PID 2152 wrote to memory of 2060	2152	Sysqemagksi.exe	41
PID 2152 wrote to memory of 2060	2152	Sysqemagksi.exe	41
PID 2152 wrote to memory of 2060	2152	Sysqemagksi.exe	41
PID 2060 wrote to memory of 2144	2060	Sysqemvjopg.exe	64
PID 2060 wrote to memory of 2144	2060	Sysqemvjopg.exe	64
PID 2060 wrote to memory of 2144	2060	Sysqemvjopg.exe	64
PID 2060 wrote to memory of 2144	2060	Sysqemvjopg.exe	64
PID 2144 wrote to memory of 2808	2144	Sysqemakxkx.exe	43
PID 2144 wrote to memory of 2808	2144	Sysqemakxkx.exe	43
PID 2144 wrote to memory of 2808	2144	Sysqemakxkx.exe	43
PID 2144 wrote to memory of 2808	2144	Sysqemakxkx.exe	43

C:\Users\Admin\AppData\Local\Temp\69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\69b3d62688020331acb3aded5d444ee0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\Sysqembtdwt.exe
  "C:\Users\Admin\AppData\Local\Temp\Sysqembtdwt.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Sysqemjxnjk.exe
    "C:\Users\Admin\AppData\Local\Temp\Sysqemjxnjk.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Sysqemabbue.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysqemabbue.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Sysqemspazp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemspazp.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Sysqemxqiuf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxqiuf.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemksocr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemksocr.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhtgpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhtgpm.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrpzhc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrpzhc.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembolfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembolfn.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjhkkk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjhkkk.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoisfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoisfa.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdcpac.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdcpac.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemagksi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemagksi.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvjopg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvjopg.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemakxkx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemakxkx.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkrjih.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkrjih.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemohgcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemohgcd.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgweio.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgweio.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemliyph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemliyph.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdtlih.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdtlih.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemibidd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemibidd.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxvfpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxvfpm.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvsmqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvsmqn.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuhjvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuhjvf.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkejvr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkejvr.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmojtj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmojtj.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemceusq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemceusq.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtluqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtluqn.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlwhiu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlwhiu.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqqpit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqqpit.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemixrvy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemixrvy.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemipaos.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemipaos.exe"
        34⤵
        Executes dropped EXE
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaaggs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaaggs.exe"
        35⤵
        Executes dropped EXE
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwsdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwsdx.exe"
        36⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjsria.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjsria.exe"
        37⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlrbc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlrbc.exe"
        38⤵
        Executes dropped EXE
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembzqge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembzqge.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlvrqu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlvrqu.exe"
        40⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemboodd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemboodd.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgpwgm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgpwgm.exe"
        42⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxpyqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxpyqz.exe"
        43⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcurys.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcurys.exe"
        44⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuiqed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuiqed.exe"
        45⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcnsrm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcnsrm.exe"
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxpwos.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxpwos.exe"
        47⤵
        Executes dropped EXE
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzokeq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzokeq.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemumdol.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemumdol.exe"
        49⤵
        Executes dropped EXE
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtipmi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtipmi.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqeminxmv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqeminxmv.exe"
        51⤵
        Executes dropped EXE
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdicbv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdicbv.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvtquv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvtquv.exe"
        53⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemupczz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemupczz.exe"
        54⤵
        Executes dropped EXE
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmdtwc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmdtwc.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrmjzs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrmjzs.exe"
        56⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkxora.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkxora.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmkruv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmkruv.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemevfmd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemevfmd.exe"
        59⤵
        Executes dropped EXE
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlolrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlolrs.exe"
        60⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdzrja.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdzrja.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlhmkm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlhmkm.exe"
        62⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemasjxw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemasjxw.exe"
        63⤵
        Executes dropped EXE
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemckauo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemckauo.exe"
        64⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemngbfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemngbfd.exe"
        65⤵
        Executes dropped EXE
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemslvmp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemslvmp.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkvifw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkvifw.exe"
        67⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtkjcn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtkjcn.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmrlhs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmrlhs.exe"
        69⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemecziz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemecziz.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwqpfc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwqpfc.exe"
        71⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlnxno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlnxno.exe"
        72⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembguay.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembguay.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlcnso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlcnso.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyetaz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyetaz.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizush.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizush.exe"
        76⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylrfq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylrfq.exe"
        77⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcbvam.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcbvam.exe"
        78⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxmfp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxmfp.exe"
        79⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzcfni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzcfni.exe"
        80⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrjisn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrjisn.exe"
        81⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwwbag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwwbag.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeqyni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeqyni.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemautnp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemautnp.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtudsu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtudsu.exe"
        85⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqeminanv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqeminanv.exe"
        86⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemayggd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemayggd.exe"
        87⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxcjgk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxcjgk.exe"
        88⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmwgtt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmwgtt.exe"
        89⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfonc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfonc.exe"
        90⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhcono.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhcono.exe"
        91⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeokjm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeokjm.exe"
        92⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtlsiz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtlsiz.exe"
        93⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemegttg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemegttg.exe"
        94⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemspegv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemspegv.exe"
        95⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvzvdo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvzvdo.exe"
        96⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkssqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkssqx.exe"
        97⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnzhbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnzhbn.exe"
        98⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcvpbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcvpbz.exe"
        99⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemejreu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemejreu.exe"
        100⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxqujr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxqujr.exe"
        101⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwyrtz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwyrtz.exe"
        102⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoaetz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoaetz.exe"
        103⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnbfet.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnbfet.exe"
        104⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgmtea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgmtea.exe"
        105⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkrmeu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkrmeu.exe"
        106⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxtstf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxtstf.exe"
        107⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcuaov.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcuaov.exe"
        108⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsnxjf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsnxjf.exe"
        109⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmlzd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmlzd.exe"
        110⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmtnea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmtnea.exe"
        111⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqyrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqyrr.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiyjeh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiyjeh.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqriwn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqriwn.exe"
        114⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgkfrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgkfrx.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemijthv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemijthv.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdilry.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdilry.exe"
        117⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnhqpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnhqpi.exe"
        118⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemceypv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemceypv.exe"
        119⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempcsrd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempcsrd.exe"
        120⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemctnum.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemctnum.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhork.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhork.exe"
        122⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemegqxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemegqxh.exe"
        123⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhikl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhikl.exe"
        124⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrxusr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrxusr.exe"
        125⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaluhh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaluhh.exe"
        126⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkwihp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkwihp.exe"
        127⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnjlkk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnjlkk.exe"
        128⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcdhxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcdhxu.exe"
        129⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkdgxb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkdgxb.exe"
        130⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe"
        131⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgicxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgicxh.exe"
        132⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtyxaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtyxaq.exe"
        133⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembdhfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembdhfz.exe"
        134⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtnufh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtnufh.exe"
        135⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaztke.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaztke.exe"
        136⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqlbfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqlbfa.exe"
        137⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemytoxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemytoxu.exe"
        138⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnqwxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnqwxh.exe"
        139⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempaovz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempaovz.exe"
        140⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhonaj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhonaj.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkubdz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkubdz.exe"
        142⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzrbdd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzrbdd.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeevlw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeevlw.exe"
        144⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwpide.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwpide.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemafnya.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemafnya.exe"
        146⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmpdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmpdx.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsmmvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsmmvf.exe"
        148⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhfjip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhfjip.exe"
        149⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfrfvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfrfvf.exe"
        150⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwfdr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwfdr.exe"
        151⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzbydk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzbydk.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemorklr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemorklr.exe"
        153⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwzfld.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwzfld.exe"
        154⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjbltp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjbltp.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqxvgg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqxvgg.exe"
        156⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfuvgt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfuvgt.exe"
        157⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkgpom.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkgpom.exe"
        158⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaambo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaambo.exe"
        159⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcklyg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcklyg.exe"
        160⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempmrgz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempmrgz.exe"
        161⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzehme.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzehme.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrsyrp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrsyrp.exe"
        163⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwiey.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwiey.exe"
        164⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrokol.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrokol.exe"
        165⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqhthf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqhthf.exe"
        166⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdjzwr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdjzwr.exe"
        167⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemivsek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemivsek.exe"
        168⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdmlpf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdmlpf.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxlred.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxlred.exe"
        170⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjnxmw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjnxmw.exe"
        171⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoonhf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoonhf.exe"
        172⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeikco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeikco.exe"
        173⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdewzl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdewzl.exe"
        174⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwlymq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwlymq.exe"
        175⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvqcj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvqcj.exe"
        176⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqrpht.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqrpht.exe"
        177⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsbgxl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsbgxl.exe"
        178⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhyofy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhyofy.exe"
        179⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempgcxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempgcxk.exe"
        180⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwnfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwnfr.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemclufs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemclufs.exe"
        182⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfrst.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfrst.exe"
        183⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemojmsa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemojmsa.exe"
        184⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgqoxf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgqoxf.exe"
        185⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemldifq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemldifq.exe"
        186⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvcucj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvcucj.exe"
        187⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemapokc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemapokc.exe"
        188⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsdepf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsdepf.exe"
        189⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemziodw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemziodw.exe"
        190⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempewdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempewdi.exe"
        191⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtvtxe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtvtxe.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmuddb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmuddb.exe"
        193⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcrvw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcrvw.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlypay.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlypay.exe"
        195⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe"
        196⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizanc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizanc.exe"
        197⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkjrlu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkjrlu.exe"
        198⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdqbqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdqbqr.exe"
        199⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmonw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmonw.exe"
        200⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxtnw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxtnw.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqcyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqcyy.exe"
        202⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgvtam.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgvtam.exe"
        203⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjflqe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjflqe.exe"
        204⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembmnvb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembmnvb.exe"
        205⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembfood.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembfood.exe"
        206⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempfhbt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempfhbt.exe"
        207⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvopwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvopwb.exe"
        208⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkwbdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkwbdi.exe"
        209⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeknyq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeknyq.exe"
        210⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrigjl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrigjl.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvsrf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvsrf.exe"
        212⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlvleu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlvleu.exe"
        213⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqifln.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqifln.exe"
        214⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqhrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqhrs.exe"
        215⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemngmmg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemngmmg.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfrreo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfrreo.exe"
        217⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcgyeh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcgyeh.exe"
        218⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsavrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsavrr.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzefei.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzefei.exe"
        220⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmuahr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmuahr.exe"
        221⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrhtpk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrhtpk.exe"
        222⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgbqct.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgbqct.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemluyjs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemluyjs.exe"
        224⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembcrjr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembcrjr.exe"
        225⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfplrk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfplrk.exe"
        226⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvmlrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvmlrx.exe"
        227⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemakqhk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemakqhk.exe"
        228⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemphqhx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemphqhx.exe"
        229⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqgcn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqgcn.exe"
        230⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhsmsy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhsmsy.exe"
        231⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgknct.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgknct.exe"
        232⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzvaca.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzvaca.exe"
        233⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgdoun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgdoun.exe"
        234⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsifpb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsifpb.exe"
        235⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemafpcs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemafpcs.exe"
        236⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtmspx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtmspx.exe"
        237⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemseaar.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemseaar.exe"
        238⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfkkcf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfkkcf.exe"
        239⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempjwaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempjwaq.exe"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhujsy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhujsy.exe"
        241⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoymfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoymfh.exe"
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemerisr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemerisr.exe"
        243⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjecak.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjecak.exe"
        244⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvyiqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvyiqv.exe"
        245⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemalbpp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemalbpp.exe"
        246⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlgciw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlgciw.exe"
        247⤵
        System Location Discovery: System Language Discovery
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhlyad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhlyad.exe"
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemasani.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemasani.exe"
        249⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcgdqd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcgdqd.exe"
        250⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoijgo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoijgo.exe"
        251⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjsivg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjsivg.exe"
        252⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylfiq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylfiq.exe"
        253⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdbcde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdbcde.exe"
        254⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsvyyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsvyyo.exe"
        255⤵
        System Location Discovery: System Language Discovery
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfxfgz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfxfgz.exe"
        256⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvbnbd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvbnbd.exe"
        257⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemposvm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemposvm.exe"
        258⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeioiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeioiv.exe"
        259⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhodtl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhodtl.exe"
        260⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwhrou.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwhrou.exe"
        261⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwaayo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwaayo.exe"
        262⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemllxty.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemllxty.exe"
        263⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtqhyh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtqhyh.exe"
        264⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemimhyu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemimhyu.exe"
        265⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnzbgn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnzbgn.exe"
        266⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcwjgz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcwjgz.exe"
        267⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnoyme.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnoyme.exe"
        268⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfdprp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfdprp.exe"
        269⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfvga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfvga.exe"
        270⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhzeg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhzeg.exe"
        271⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhsrv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhsrv.exe"
        272⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrutmr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrutmr.exe"
        273⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyfrro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyfrro.exe"
        274⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqqfjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqqfjw.exe"
        275⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsdimr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsdimr.exe"
        276⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemittuy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemittuy.exe"
        277⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkshjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkshjw.exe"
        278⤵
        System Location Discovery: System Language Discovery
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrjot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrjot.exe"
        279⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkkquq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkkquq.exe"
        280⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzsbcx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzsbcx.exe"
        281⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeiywt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeiywt.exe"
        282⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcvju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcvju.exe"
        283⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemexwuk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemexwuk.exe"
        284⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtnhcr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtnhcr.exe"
        285⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqememtzb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqememtzb.exe"
        286⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqslcp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqslcp.exe"
        287⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtyref.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtyref.exe"
        288⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemisozo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemisozo.exe"
        289⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnitmk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnitmk.exe"
        290⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzczcw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzczcw.exe"
        291⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmpisc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmpisc.exe"
        292⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmqso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmqso.exe"
        293⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemehtcj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemehtcj.exe"
        294⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwsgur.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwsgur.exe"
        295⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqqxpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqqxpm.exe"
        296⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfvxpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfvxpy.exe"
        297⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcwnko.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcwnko.exe"
        298⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmzcuc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmzcuc.exe"
        299⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzxxxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzxxxk.exe"
        300⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmosab.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmosab.exe"
        301⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlsmxy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlsmxy.exe"
        302⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembdbsh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembdbsh.exe"
        303⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoysin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoysin.exe"
        304⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemekpdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemekpdx.exe"
        305⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgfsfs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgfsfs.exe"
        306⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvcafe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvcafe.exe"
        307⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcgkso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcgkso.exe"
        308⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvomyt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvomyt.exe"
        309⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfunvj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfunvj.exe"
        310⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemugnqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemugnqn.exe"
        311⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Sysqememofd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqememofd.exe"
        312⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxtqti.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxtqti.exe"
        313⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemebllc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemebllc.exe"
        314⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtyllo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtyllo.exe"
        315⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembcwyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembcwyy.exe"
        316⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtrudi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtrudi.exe"
        317⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgppgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgppgr.exe"
        318⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvimta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvimta.exe"
        319⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemivdig.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemivdig.exe"
        320⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxsdqt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxsdqt.exe"
        321⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvtbg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvtbg.exe"
        322⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzggto.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzggto.exe"
        323⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhncla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhncla.exe"
        324⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdnth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdnth.exe"
        325⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemznfjz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemznfjz.exe"
        326⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrbdok.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrbdok.exe"
        327⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyrroe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyrroe.exe"
        328⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemodobf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemodobf.exe"
        329⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqyqea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqyqea.exe"
        330⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemijewi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemijewi.exe"
        331⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsiqtt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsiqtt.exe"
        332⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhbnoc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhbnoc.exe"
        333⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhqcub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhqcub.exe"
        334⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwuoq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwuoq.exe"
        335⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwcizf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwcizf.exe"
        336⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgbmwp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgbmwp.exe"
        337⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiaamn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiaamn.exe"
        338⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemylxzx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemylxzx.exe"
        339⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemasdjm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemasdjm.exe"
        340⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqlaww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqlaww.exe"
        341⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxpkkf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxpkkf.exe"
        342⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfmsjs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfmsjs.exe"
        343⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemplwhk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemplwhk.exe"
        344⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhwkhk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhwkhk.exe"
        345⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjvypi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjvypi.exe"
        346⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwihmo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwihmo.exe"
        347⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvmtks.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvmtks.exe"
        348⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizlzy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizlzy.exe"
        349⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemagkxd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemagkxd.exe"
        350⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempzhkm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempzhkm.exe"
        351⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrnkni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrnkni.exe"
        352⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjjjsk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjjjsk.exe"
        353⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemphgiy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemphgiy.exe"
        354⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeeoik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeeoik.exe"
        355⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdwpse.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdwpse.exe"
        356⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtqlno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtqlno.exe"
        357⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtfjsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtfjsf.exe"
        358⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqgfp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqgfp.exe"
        359⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhxvqw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhxvqw.exe"
        360⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaffdt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaffdt.exe"
        361⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzxgnn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzxgnn.exe"
        362⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrmfsy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrmfsy.exe"
        363⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvnno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvnno.exe"
        364⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmsnnb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmsnnb.exe"
        365⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtoxak.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtoxak.exe"
        366⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlkwgv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlkwgv.exe"
        367⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqppno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqppno.exe"
        368⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiadgo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiadgo.exe"
        369⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkzjvu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkzjvu.exe"
        370⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemckwnt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemckwnt.exe"
        371⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemefzqo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemefzqo.exe"
        372⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempbaie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempbaie.exe"
        373⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjcuqc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjcuqc.exe"
        374⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe"
        375⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemetvtz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemetvtz.exe"
        376⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtnsgi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtnsgi.exe"
        377⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdmwet.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdmwet.exe"
        378⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvivjd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvivjd.exe"
        379⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxzbyb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxzbyb.exe"
        380⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempkorj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempkorj.exe"
        381⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrcoob.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrcoob.exe"
        382⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcntgb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcntgb.exe"
        383⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeawjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeawjw.exe"
        384⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtttwg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtttwg.exe"
        385⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemquljk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemquljk.exe"
        386⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifzbj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifzbj.exe"
        387⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktbme.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktbme.exe"
        388⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcpsrp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcpsrp.exe"
        389⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmoeoz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmoeoz.exe"
        390⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfvgue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfvgue.exe"
        391⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhmujc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhmujc.exe"
        392⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlzorw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlzorw.exe"
        393⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmkakk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmkakk.exe"
        394⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhajw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhajw.exe"
        395⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgjien.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgjien.exe"
        396⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyxhkp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyxhkp.exe"
        397⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemielhi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemielhi.exe"
        398⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxpicr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxpicr.exe"
        399⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcgnxf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcgnxf.exe"
        400⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempiter.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempiter.exe"
        401⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuvmmk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuvmmk.exe"
        402⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmfafs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmfafs.exe"
        403⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrktml.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrktml.exe"
        404⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjykso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjykso.exe"
        405⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoisne.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoisne.exe"
        406⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgwrsp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgwrsp.exe"
        407⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiruuk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiruuk.exe"
        408⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemarwip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemarwip.exe"
        409⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkblsc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkblsc.exe"
        410⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemajfsj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemajfsj.exe"
        411⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcilih.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcilih.exe"
        412⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemupnve.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemupnve.exe"
        413⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtlzsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtlzsi.exe"
        414⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmtjff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmtjff.exe"
        415⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdzib.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdzib.exe"
        416⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemospnd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemospnd.exe"
        417⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvzlnx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvzlnx.exe"
        418⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktiah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktiah.exe"
        419⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemquqvx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemquqvx.exe"
        420⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfkbdw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfkbdw.exe"
        421⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzxoyf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzxoyf.exe"
        422⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemritqm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemritqm.exe"
        423⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwjkld.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwjkld.exe"
        424⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmdggn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmdggn.exe"
        425⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjpsoy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjpsoy.exe"
        426⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemberli.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemberli.exe"
        427⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaadqf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaadqf.exe"
        428⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvywbi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvywbi.exe"
        429⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemalpju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemalpju.exe"
        430⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmrgdq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmrgdq.exe"
        431⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmyejh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmyejh.exe"
        432⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzdnlv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzdnlv.exe"
        433⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywwwp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywwwp.exe"
        434⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoptrz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoptrz.exe"
        435⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembnoth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembnoth.exe"
        436⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqzlgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqzlgr.exe"
        437⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsrcwj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsrcwj.exe"
        438⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkfbbu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkfbbu.exe"
        439⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempgjek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempgjek.exe"
        440⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemirwwk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemirwwk.exe"
        441⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfxmi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfxmi.exe"
        442⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvjth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvjth.exe"
        443⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmwrox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmwrox.exe"
        444⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzyxej.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzyxej.exe"
        445⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyrgol.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyrgol.exe"
        446⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemokvju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemokvju.exe"
        447⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqyxmp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqyxmp.exe"
        448⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemimwrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemimwrs.exe"
        449⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemibuxj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemibuxj.exe"
        450⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemudamd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemudamd.exe"
        451⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrekrz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrekrz.exe"
        452⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlmfe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlmfe.exe"
        453⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjevpy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjevpy.exe"
        454⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemypskh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemypskh.exe"
        455⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdgoxd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdgoxd.exe"
        456⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemszlsn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemszlsn.exe"
        457⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempadfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempadfj.exe"
        458⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfqpfp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfqpfp.exe"
        459⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmykfc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmykfc.exe"
        460⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcvkfo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcvkfo.exe"
        461⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeekug.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeekug.exe"
        462⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtyzpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtyzpq.exe"
        463⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwiyfi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwiyfi.exe"
        464⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlbvas.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlbvas.exe"
        465⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdqlfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdqlfj.exe"
        466⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsqeky.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsqeky.exe"
        467⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemardkn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemardkn.exe"
        468⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempolsz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempolsz.exe"
        469⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemohmdt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemohmdt.exe"
        470⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjjqar.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjjqar.exe"
        471⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemepgvu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemepgvu.exe"
        472⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwalvc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwalvc.exe"
        473⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembffdv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembffdv.exe"
        474⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqfyik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqfyik.exe"
        475⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgrydg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgrydg.exe"
        476⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvoglt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvoglt.exe"
        477⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzfdyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzfdyp.exe"
        478⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsmnlu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsmnlu.exe"
        479⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwfbm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwfbm.exe"
        480⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjtnby.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjtnby.exe"
        481⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofyik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofyik.exe"
        482⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgqmbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgqmbr.exe"
        483⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqtblf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqtblf.exe"
        484⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgmygo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgmygo.exe"
        485⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqeodb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqeodb.exe"
        486⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemitmje.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemitmje.exe"
        487⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkrayb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkrayb.exe"
        488⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemadxtl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemadxtl.exe"
        489⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfqrte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfqrte.exe"
        490⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaojmz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaojmz.exe"
        491⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwzwh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwzwh.exe"
        492⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoeswo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoeswo.exe"
        493⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtrmez.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtrmez.exe"
        494⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlfcjk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlfcjk.exe"
        495⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtjnwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtjnwb.exe"
        496⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemigvwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemigvwo.exe"
        497⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvtemt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvtemt.exe"
        498⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlmbhd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlmbhd.exe"
        499⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnlpwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnlpwb.exe"
        500⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcfmjc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcfmjc.exe"
        501⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmeqhv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmeqhv.exe"
        502⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemepdzv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemepdzv.exe"
        503⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmhczj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmhczj.exe"
        504⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemznucx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemznucx.exe"
        505⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgrehp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgrehp.exe"
        506⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwkacy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwkacy.exe"
        507⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembmjxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembmjxh.exe"
        508⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtihcr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtihcr.exe"
        509⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdkxmf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdkxmf.exe"
        510⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqbspv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqbspv.exe"
        511⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsiwmg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsiwmg.exe"
        512⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhfems.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhfems.exe"
        513⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemojozc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemojozc.exe"
        514⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhubsj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhubsj.exe"
        515⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembwvzp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembwvzp.exe"
        516⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqpsuz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqpsuz.exe"
        517⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvyiph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvyiph.exe"
        518⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnjnip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnjnip.exe"
        519⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemszsul.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemszsul.exe"
        520⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlzuii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlzuii.exe"
        521⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemptchh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemptchh.exe"
        522⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhamvm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhamvm.exe"
        523⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhwzsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhwzsi.exe"
        524⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzdbfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzdbfn.exe"
        525⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembcpnl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembcpnl.exe"
        526⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlbtsw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlbtsw.exe"
        527⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemohhvl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemohhvl.exe"
        528⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgwyaw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgwyaw.exe"
        529⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnpxft.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnpxft.exe"
        530⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfwhsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfwhsq.exe"
        531⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemumqlw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemumqlw.exe"
        532⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmwvde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmwvde.exe"
        533⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemubfiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemubfiv.exe"
        534⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmpeny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmpeny.exe"
        535⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemruxvr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemruxvr.exe"
        536⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjflnz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjflnz.exe"
        537⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnviin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnviin.exe"
        538⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdoedx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdoedx.exe"
        539⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemibydq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemibydq.exe"
        540⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaiaqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaiaqv.exe"
        541⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhtzvk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhtzvk.exe"
        542⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxnviu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxnviu.exe"
        543⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemergwl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemergwl.exe"
        544⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuoowx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuoowx.exe"
        545⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemekpof.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemekpof.exe"
        546⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtgpor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtgpor.exe"
        547⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgxrra.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgxrra.exe"
        548⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembznog.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembznog.exe"
        549⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlklyt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlklyt.exe"
        550⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdvqrb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdvqrb.exe"
        551⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfittw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfittw.exe"
        552⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvbqgy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvbqgy.exe"
        553⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfacmq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfacmq.exe"
        554⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxxtrb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxxtrb.exe"
        555⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzhsgt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzhsgt.exe"
        556⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhpeos.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhpeos.exe"
        557⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtrkwl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtrkwl.exe"
        558⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlfabo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlfabo.exe"
        559⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtjlof.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtjlof.exe"
        560⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemglrer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemglrer.exe"
        561⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemntmwd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemntmwd.exe"
        562⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfaobi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfaobi.exe"
        563⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkfijb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkfijb.exe"
        564⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemayfel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemayfel.exe"
        565⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcxtui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcxtui.exe"
        566⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrfeup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrfeup.exe"
        567⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrjqzm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrjqzm.exe"
        568⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjqser.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjqser.exe"
        569⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemovmmc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemovmmc.exe"
        570⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdsump.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdsump.exe"
        571⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgyaxe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgyaxe.exe"
        572⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxykpr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxykpr.exe"
        573⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuzuun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuzuun.exe"
        574⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempbyst.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempbyst.exe"
        575⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrlqpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrlqpm.exe"
        576⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlszz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlszz.exe"
        577⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrhcni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrhcni.exe"
        578⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjsqfq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjsqfq.exe"
        579⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemobyah.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemobyah.exe"
        580⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdygil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdygil.exe"
        581⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfmjko.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfmjko.exe"
        582⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxizpr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxizpr.exe"
        583⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuygqs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuygqs.exe"
        584⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnfivp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnfivp.exe"
        585⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemahoka.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemahoka.exe"
        586⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsscdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsscdi.exe"
        587⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemufffd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemufffd.exe"
        588⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmqsyl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmqsyl.exe"
        589⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlxqqk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlxqqk.exe"
        590⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgwiag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgwiag.exe"
        591⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnhhfd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnhhfd.exe"
        592⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgpjli.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgpjli.exe"
        593⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkfogw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkfogw.exe"
        594⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdqbyd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdqbyd.exe"
        595⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkxpyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkxpyy.exe"
        596⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzuxyk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzuxyk.exe"
        597⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcblbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcblbz.exe"
        598⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrylim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrylim.exe"
        599⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeoodu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeoodu.exe"
        600⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemthlye.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemthlye.exe"
        601⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqjttm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqjttm.exe"
        602⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiivla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiivla.exe"
        603⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnkdgq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnkdgq.exe"
        604⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemddata.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemddata.exe"
        605⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemklvtm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemklvtm.exe"
        606⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcwjlu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcwjlu.exe"
        607⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfoabm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfoabm.exe"
        608⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrlsea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrlsea.exe"
        609⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwuazr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwuazr.exe"
        610⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemomcre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemomcre.exe"
        611⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyidbm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyidbm.exe"
        612⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoyojt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoyojt.exe"
        613⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqxczq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqxczq.exe"
        614⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemihqrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemihqrq.exe"
        615⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxxzjf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxxzjf.exe"
        616⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempeboc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempeboc.exe"
        617⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjguwh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjguwh.exe"
        618⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzzrrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzzrrr.exe"
        619⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmyuma.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmyuma.exe"
        620⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdmlrk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdmlrk.exe"
        621⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqcnut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqcnut.exe"
        622⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjntut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjntut.exe"
        623⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemowjpj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemowjpj.exe"
        624⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemglauu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemglauu.exe"
        625⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkbehq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkbehq.exe"
        626⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcpvms.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcpvms.exe"
        627⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhrlhj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhrlhj.exe"
        628⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemabrhq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemabrhq.exe"
        629⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhrmzd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhrmzd.exe"
        630⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwouzp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwouzp.exe"
        631⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembtohi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembtohi.exe"
        632⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtetzq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtetzq.exe"
        633⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemynjuy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemynjuy.exe"
        634⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnkjcl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnkjcl.exe"
        635⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxbsr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxbsr.exe"
        636⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqxmfg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqxmfg.exe"
        637⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxylfv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxylfv.exe"
        638⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempmkcf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempmkcf.exe"
        639⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzloiq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzloiq.exe"
        640⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrinna.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrinna.exe"
        641⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrpkkr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrpkkr.exe"
        642⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlbpc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlbpc.exe"
        643⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemobgkq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemobgkq.exe"
        644⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdncxa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdncxa.exe"
        645⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlnbxo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlnbxo.exe"
        646⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhysy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhysy.exe"
        647⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaomlk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaomlk.exe"
        648⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemplukw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemplukw.exe"
        649⤵
        
        PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

Filesize
115KB

MD5
222d9109d2199aeb98dbab14d2624f87

SHA1
c7070986c327e32acb1bd3d826d8ca000f12e51a

SHA256
90611cd1be8ba1ab42213600c7836397b5b51f0f07577e0b205bb19dab6a2171

SHA512
7bc66ae393642019bcbf60d327ef5e30025b2082cd176f43033b837849935aab5e67ae373afc0b41ffd86a72cccb5208794cb69b48bf3ffe8b662ccd3a8e46f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqembolfn.exe

Filesize
115KB

MD5
d9610c5588fad1be51f981bbb1ee492b

SHA1
52626bcfb636b796c48f1fba6b844b7b5a83dfb6

SHA256
c49c888c986e3d6546afbf16eb32415c869d0b97c756df0dacb18fe0c6f93085

SHA512
d93af614b6b67a6ba9832322c002bb99e35f3bf94c6b1e692730f8356db3adb9719ecef8758cef79c4403094ab9946f0877be8a6923b873c94a3eb509e452c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
6222bb238265844a73fd869b33ff0ef3

SHA1
069179b42948eb191af650fc7e7454818a6b508c

SHA256
31d42e2f4f89a423073f53e8f7f9c0524fc90e48488db37809c90c46839ecba1

SHA512
f2ef061f6fe2f9185c4588d377e5275d8519422fdfc8cb8e8d76705f9a4083624a1e6d5db9555a7ce6ac4bb5030dd42598bcbdca130725ff5ddd7f004c0bedb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
1178c9e7763a049dd5aa9b1bb33b3e4a

SHA1
da4e308cc42b42068c8e58d18c4904ebf2f466ca

SHA256
eab4eb482eb93f4759c856d6d80612d19f5416e53a23b68867b14e80e18ffdbd

SHA512
78202cac63c9c83968bff96dba8e35f928a0f496635e7cf2461e6fa380c3c1a0aca34067a9891a0ae763444482b1bef879b3bb05cb28a96f1f1b620b8c2b013e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
883a1e4db632bf7cdc9ac22904db9392

SHA1
3ac939f1440a0633e569f8e03792d1823389cd82

SHA256
58fc4d112e7c37af9d1481edb545b17048642b3bfc9518d6c53ed3fad8d332fd

SHA512
6e6f458c01d9d049863ed10d29a0406eabba8c9204633c054de4c6153468756528d6f7cd06a286ef480190db6902831979fd12ab52a79e91f1c0c2968d33739e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
d67da8cec9d744f80097924ba1ce3952

SHA1
f38edd5f553ea946924ee5b1773978f0e5519123

SHA256
7b31fc1a5a98956cc22bda2adca6a4e6c630697301fb70fb052280203acfc0f4

SHA512
1cce92750f5a8b713066e8c6cb5093b157d477e837d8d0b9be46640ff1bd1adb3ad8318376146a70dd0fc192c183503202ab395b57bb578a79dc3781bae575bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2bc7348d72c1c7fa7d1c8c951d12b2cb

SHA1
50b6d19b678a45b8eb721a298a074a92cd1c7f91

SHA256
8e8d9549379a473743ce746214fd8b08638aee41a386d9a42e75c89c35c327d2

SHA512
f634b29e75ecd3217ee442fb02da6dd73116318f7a671be3ce1e80b08a6c9640f79cdd504c7a965b239fe3fc54ad740de81cb2143e15e42944546f5a8b93bf1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2c57174e03603ddd4224c7fa44b838b6

SHA1
2b4dad364c557e4e589cb3bec51a4e74c1d5211e

SHA256
982ada11f021f9708e5e2554adff211a2f53a89e7db6717bdf9e9179b5194c42

SHA512
4347ea4ee08006014e3a0098533ab6777acd26d30d849c382a1e321cb380a1f7fc50fea1d9f3039ad81c56d785632316358a90f07b9a18a5a0af2a61283b5564

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
0352db286144e0604c998f88eff293e4

SHA1
809cd518e83816f0424ad90bbb3d7ab3f552fe10

SHA256
498b3e3b8a33d9e8cc91e1975159ca7d747b6414f521ef61a3a3c5fc71e03660

SHA512
d5bdcb90b52f911e2b1787171bc4311770724e3314a06768a745a9df7a237de343da77adf1777f31e392575180fc79702e79e822c68dad1e61e1e645d5cbe28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
af5083fa080ef5817718b7d504e0eb9f

SHA1
de43c979429a5daae32a41cf9c1b35d4f9e4504c

SHA256
0e411701212b783f406b60a129227bac03e03e57f284cc767562f1c2daf941dc

SHA512
c187c1b8162181681cb09bfc517b0ee37f46d5aac4ce8fb33ce1cae87d8fc8c0753225ded6d4730fa94e3d46c44acbe45fd26beecd304d2718526752b3408ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
d98c13e1fcc691abcb864fefc94fa190

SHA1
647f5245a33621f686e23b623acca9eb0dc47a8c

SHA256
fc18fe0d1cc9828319faeb4a0b59cf37dbd7fa9eb787610385a3e48262e5b1f5

SHA512
29298d1e162244d8c34f9ae4332bf2ff9a746afa2e55a238801264efd9833567971270feadbe0dc8bfe99e9e4f06a620034c7c50c1068436a05cb2ca7f04e10e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
d95c772a62a1b177b8f2405e910df61f

SHA1
a32fc2475854c50a21dad422cdcfbe1567a26cef

SHA256
68b7dd0a963958d0008434c3b04f45c4f0b21299f9397e79bdf2ba78250708c3

SHA512
0dd9c9568435d66ac803d98f1635159d0cbc97f25bfa6523588233407d914770011424900a48628856e6ef15350fe5ebfdb797ffbf316dbc6e3c58e0c56da737

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2c91711892ca2cd1047c00736d75ab80

SHA1
25c04ae48e833d54fab58bde7d4928b36691feeb

SHA256
b3801332faabb543cf169b5867b7c73d78579d448f1988127191fb1cc51cbe5b

SHA512
b860a614c57aeaa9e820d66760323dda5057de6d8de4c0e7110ee8e1a253b6968f796839ab353e8cab5768f54cea37967197f63947c0f273a5c14689c229b2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
2e511f6a0c7b8f74ff7f5cca4a7dc1f6

SHA1
d19faf790e2ebca65a24c82b50d46f26ab64aacf

SHA256
8df063bb629108d5b4fea617c5fad54ce2e2c4860b895f33a94e2638c3d6933e

SHA512
717705837b9948068954560d70aa66b7ffc3947a031bb254739c6bae9cc999099d0255b021620617ee193860496721f187d0e05d7d95b7cec2e6a3fd0a0b143d

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemabbue.exe

Filesize
115KB

MD5
27621d1211890ce7cb5ce123de46241b

SHA1
a18edb86c824650cc20b3e02c3fd79c086ea7918

SHA256
83d5834549b29d5895dc10fd56e3d40050173b7a20bc39c3d88daebabe171fe0

SHA512
3706462dadac74c9e5c2194186bd5c1fa76b189df35be949b17b383165ee8c691f1f5676e8c809093f0eda9a2d7f751f515e22f85c16491107dc40dec42b6f30

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqembtdwt.exe

Filesize
115KB

MD5
74152062fd0449a72da3ec401b174256

SHA1
c6417da66a9aa25bd8c92bd065b3fa93b516bef3

SHA256
db04d540e1b1722ab437bbca7633b4566686220f01d6c802fc732ee49a7fe54b

SHA512
502992104d16af69306af793fc2f24d1c5f9b31dc89ce9761740a99787bc701d59a9ba42529276388c87f085c67dc6b6d1d0e8f729e89c5216495dd7d44906b1

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemdcpac.exe

Filesize
115KB

MD5
f238c7fd5d2b297733dba9fe0d101899

SHA1
ca2eaefdaf577fea6131f0ebcd8149af857a5445

SHA256
b1e5e374f07f9764670ff1680367b3446eb6b51704bfcaa775dbf666e99d05ff

SHA512
b7c3d32f5b8a8c49a72a222d6e8e2e831af21f814d8af6ed2dd68558efb4c8912d9a97e9c1c1ef1cbfc2ed035739f01b3fcab679d978ed759319311184aaf9e2

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemhtgpm.exe

Filesize
115KB

MD5
20f56a55239b1018d91418cb770b6164

SHA1
7629ec5b02119470686ba2766e473d0b6ee24c52

SHA256
697a92439ff0470b3c51bd1e9d15c2683b19fba4cae5f3ad0c9cac4a1f069a6d

SHA512
e0240cf9b36414207c154c637209e26ecd9a3311e9faeec2f0ed156aa3282b614993034b700552deb769569bd8e47cab173ba87a77315f7c8845fd8da01b5706

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemjhkkk.exe

Filesize
115KB

MD5
b881eb4003f5b1dc99214ca956931a81

SHA1
7190fc967836a2921ffa20a044ef639963bfe59c

SHA256
6d9da4899b754a5785525de487422d25d3f80faec6a999628c3024d859d738b5

SHA512
b6893abe7a8acc8abd06306385fae761c31d7baebdf2c592126a18ee6b161e2e9641e701874f400ab76c8737464ffe854924ed896b0e9f09b52ba03194b47a89

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemjxnjk.exe

Filesize
115KB

MD5
487d7485c342fa5210fdca4380acfe4b

SHA1
0ed159035ff733c7dcada927ca32ea4d2df73c07

SHA256
07a015fa7389e7503ad02f3dd97aaa55a9eed0fe6e310e674bba9f4a78812888

SHA512
301fe31de88c303c90a5e49e4c113dbb0a984cfb72f31971d581f451d0e5e37ace035ee77b690b2065f6b1e8fa464f09ee43d387c624fdaf0da351547a3ead12

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemksocr.exe

Filesize
115KB

MD5
b7bb121094c3882cc4e3c01a3532def5

SHA1
d43280208eb76ce22e076cd36af8b4eb38783637

SHA256
43e92a791c125ab0552b25f2842e3da0589af38e9ca7cf516153d25894e804bf

SHA512
1560cd88c85690cfa7b84f9123d9167964d363b5946a6e85bd78a32a8d41c091018b0a3e65267b07ff696dba0ecef85296c6226bc0a6fdd268bf0d8640127dec

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemoisfa.exe

Filesize
115KB

MD5
21186241ed4a71feb56cec6baca99fb0

SHA1
2307818287ee098fd79856f25681cc981ce00a84

SHA256
5ff8bee3310e9fd1ccd948cdd9b7b44562fa8bf2746f8c74dc70cf4c7e466107

SHA512
1c14da7622318928cff9be6f1aecf012688f550f6273e6fd784ee68a29153d10b2094443970f43585817659c24a1e95eade8abd96ec13cbe195d6c87dd20a462

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemrpzhc.exe

Filesize
115KB

MD5
319427301cfd11f328bea40e44939af2

SHA1
bfdbaf1b059cbf96f1bfb3f8e4e49a4d5f523248

SHA256
9ed245bd67bbc9ede1cf6a6d7c050c62999e8eabf88b2e7cba5a217444dd6ef3

SHA512
d27fea521c873145f814d065a0f114a6ef83a81602fe5d885f7e11905844c84914bbb61bc8c40932024472fabc8104bc1cd77b8e74ecb97c13bfc6e65abbf306

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemspazp.exe

Filesize
115KB

MD5
08d7854e284dc659e11ee6ef2899b3a2

SHA1
1d5b1c735ac84bc4a097f3a98b334ce960aa7827

SHA256
47755e84a33a06bd986bd04a8096e061d19fd1b31a490a95d517eebc6fd986e6

SHA512
181fa7079839c0ec931c40e7db825caa47658e09f14392247228d06adbbc70ec458aa8a8ac733adc77e3766ee79e38b18a551e13f77dd552495213365d513d84

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemxqiuf.exe

Filesize
115KB

MD5
8b80eca50b81c31f6fb4184ce8e2c3b8

SHA1
7f44f3716789b62b645a7e9b75015c6dad8c197c

SHA256
1b7f74808768d412e8cb4e49431846372f70babf1edca62284d86e17f06bb7fc

SHA512
5ac588e6efabc3955097aecbef060ec0bb913f268428a392203e4fbf00fa0c5371715f73e5d4c09e361bffb7b305867805f9c12fc3e76346bde30f45a7ba465e

Download Submit
memory/108-193-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/108-261-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/336-411-0x0000000004AC0000-0x0000000004B51000-memory.dmp

Filesize
580KB

Download
memory/336-410-0x0000000004AC0000-0x0000000004B51000-memory.dmp

Filesize
580KB

Download
memory/336-408-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/336-309-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/336-324-0x0000000004AC0000-0x0000000004B51000-memory.dmp

Filesize
580KB

Download
memory/1216-430-0x0000000004960000-0x00000000049F1000-memory.dmp

Filesize
580KB

Download
memory/1216-431-0x0000000004960000-0x00000000049F1000-memory.dmp

Filesize
580KB

Download
memory/1216-345-0x0000000004960000-0x00000000049F1000-memory.dmp

Filesize
580KB

Download
memory/1216-338-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1496-156-0x0000000003430000-0x00000000034C1000-memory.dmp

Filesize
580KB

Download
memory/1496-142-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1496-218-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1624-239-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1624-179-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1656-110-0x0000000003610000-0x00000000036A1000-memory.dmp

Filesize
580KB

Download
memory/1656-189-0x0000000003610000-0x00000000036A1000-memory.dmp

Filesize
580KB

Download
memory/1656-99-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1684-358-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/1684-274-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/1684-361-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1728-275-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1728-283-0x00000000034A0000-0x0000000003531000-memory.dmp

Filesize
580KB

Download
memory/1728-284-0x00000000034A0000-0x0000000003531000-memory.dmp

Filesize
580KB

Download
memory/1728-371-0x00000000034A0000-0x0000000003531000-memory.dmp

Filesize
580KB

Download
memory/1752-129-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/1752-125-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/1752-192-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1752-191-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/1752-215-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/1768-362-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1768-370-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/1768-369-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/1788-375-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1788-378-0x0000000003610000-0x00000000036A1000-memory.dmp

Filesize
580KB

Download
memory/1788-288-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1820-945-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1908-425-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/1908-207-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1908-416-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1908-428-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/1936-157-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1936-90-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/1936-77-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1936-173-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/1984-398-0x0000000003630000-0x00000000036C1000-memory.dmp

Filesize
580KB

Download
memory/2052-74-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2052-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2052-13-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/2052-14-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/2060-285-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2060-219-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2144-228-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2144-294-0x0000000003440000-0x00000000034D1000-memory.dmp

Filesize
580KB

Download
memory/2144-295-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2152-216-0x0000000003490000-0x0000000003521000-memory.dmp

Filesize
580KB

Download
memory/2152-208-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2164-927-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2236-98-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2236-31-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2236-45-0x0000000004940000-0x00000000049D1000-memory.dmp

Filesize
580KB

Download
memory/2252-442-0x0000000004860000-0x00000000048F1000-memory.dmp

Filesize
580KB

Download
memory/2252-429-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2252-441-0x0000000004860000-0x00000000048F1000-memory.dmp

Filesize
580KB

Download
memory/2292-238-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2468-73-0x0000000004980000-0x0000000004A11000-memory.dmp

Filesize
580KB

Download
memory/2468-132-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2468-76-0x0000000004980000-0x0000000004A11000-memory.dmp

Filesize
580KB

Download
memory/2468-65-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2472-348-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2472-423-0x0000000004880000-0x0000000004911000-memory.dmp

Filesize
580KB

Download
memory/2472-356-0x0000000004880000-0x0000000004911000-memory.dmp

Filesize
580KB

Download
memory/2568-409-0x0000000003480000-0x0000000003511000-memory.dmp

Filesize
580KB

Download
memory/2568-401-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2604-325-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2604-415-0x00000000036F0000-0x0000000003781000-memory.dmp

Filesize
580KB

Download
memory/2604-336-0x00000000036F0000-0x0000000003781000-memory.dmp

Filesize
580KB

Download
memory/2608-321-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2608-337-0x00000000048D0000-0x0000000004961000-memory.dmp

Filesize
580KB

Download
memory/2608-254-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2688-108-0x0000000003440000-0x00000000034D1000-memory.dmp

Filesize
580KB

Download
memory/2688-107-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2688-51-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2808-243-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2808-250-0x0000000003600000-0x0000000003691000-memory.dmp

Filesize
580KB

Download
memory/2808-308-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2808-318-0x0000000003600000-0x0000000003691000-memory.dmp

Filesize
580KB

Download
memory/2808-319-0x0000000003600000-0x0000000003691000-memory.dmp

Filesize
580KB

Download
memory/2808-249-0x0000000003600000-0x0000000003691000-memory.dmp

Filesize
580KB

Download
memory/2864-91-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2864-16-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2900-962-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2908-379-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2908-377-0x0000000003450000-0x00000000034E1000-memory.dmp

Filesize
580KB

Download
memory/2908-296-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2908-307-0x0000000003450000-0x00000000034E1000-memory.dmp

Filesize
580KB

Download
memory/2912-944-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/3056-376-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/3056-388-0x0000000003490000-0x0000000003521000-memory.dmp

Filesize
580KB

Download