6d1546d043b452bb171c221fc191ccef7245ad674ec0b99232cb39065f42c089

Analysis

max time kernel
68s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1537447e567c183219d9778317d2231_JaffaCakes118.exe
Size

88KB
MD5

c1537447e567c183219d9778317d2231
SHA1

dde3b56d1e15d1885e19d74ca93bef2f3496e6a0
SHA256

6d1546d043b452bb171c221fc191ccef7245ad674ec0b99232cb39065f42c089
SHA512

21273482cb3209a5206c80c3bb83e61fc8ef53e8bbfe9274510eb33d6b25c0c7f0965cf7c9e10e0c2360fd843f258ef1c52f3b41323b46781b302cc5427a0251
SSDEEP

1536:vYjIyeC1eUfKjkhBYJ7mTCbqODiC1ZsyHZK0FjlqsS5eHyG9LU3YG8nh:wdEUfKj8BYbDiC1ZTK7sxtLUIGK

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2152	Sysqemgpbku.exe
2756	Sysqemduxct.exe
2740	Sysqemsjika.exe
2104	Sysqemfepkf.exe
1344	Sysqemmmlkz.exe
2836	Sysqemzosfw.exe
1592	Sysqemeqyni.exe
2036	Sysqemqoqay.exe
448	Sysqemancyj.exe
1920	Sysqemhycqr.exe
1588	Sysqemuwfta.exe
3060	Sysqemjicyd.exe
2556	Sysqemrqqqy.exe
2144	Sysqemqmkwu.exe
2428	Sysqemdoqdg.exe
2780	Sysqemcgrwa.exe
1148	Sysqemslzre.exe
1280	Sysqemrploj.exe
2560	Sysqemhxxwi.exe
1916	Sysqemlrfwg.exe
2544	Sysqembgqen.exe
2748	Sysqemywxeo.exe
832	Sysqemidjbz.exe
844	Sysqemkuprw.exe
2340	Sysqemdbaeb.exe
1748	Sysqemzckjx.exe
2968	Sysqempsvre.exe
2564	Sysqemplejy.exe
2768	Sysqembfkrj.exe
2908	Sysqemyrgrq.exe
900	Sysqemlephw.exe
1588	Sysqemlxyzq.exe
3036	Sysqemvwcxa.exe
1052	Sysqemnzyhc.exe
2784	Sysqemwnrxa.exe
2140	Sysqemjtkfa.exe
1984	Sysqemtswck.exe
332	Sysqemckyns.exe
2972	Sysqemsphiw.exe
552	Sysqemptcad.exe
3008	Sysqemzpdsk.exe
316	Sysqemuvtnn.exe
888	Sysqemmjksq.exe
1320	Sysqemgepaq.exe
1704	Sysqemvminf.exe
2284	Sysqemxwakx.exe
2172	Sysqemqhndf.exe
448	Sysqempdzac.exe
340	Sysqemhonaj.exe
1444	Sysqemeiina.exe
1956	Sysqemwwhtk.exe
2988	Sysqemdahqb.exe
1572	Sysqemvhjvy.exe
1740	Sysqemsmmvf.exe
2084	Sysqemktobc.exe
2444	Sysqemkmpte.exe
2372	Sysqemzfmgg.exe
2128	Sysqemjxzws.exe
1940	Sysqemlscyn.exe
2492	Sysqemblzlx.exe
2908	Sysqemahlrt.exe
1304	Sysqemqpwqa.exe
2276	Sysqemnndzt.exe
540	Sysqemxmhwm.exe

Loads dropped DLL 64 IoCs

pid	Process
2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe
2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe
2152	Sysqemgpbku.exe
2152	Sysqemgpbku.exe
2756	Sysqemduxct.exe
2756	Sysqemduxct.exe
2740	Sysqemsjika.exe
2740	Sysqemsjika.exe
2104	Sysqemfepkf.exe
2104	Sysqemfepkf.exe
1344	Sysqemmmlkz.exe
1344	Sysqemmmlkz.exe
2836	Sysqemzosfw.exe
2836	Sysqemzosfw.exe
1592	Sysqemeqyni.exe
1592	Sysqemeqyni.exe
2036	Sysqemqoqay.exe
2036	Sysqemqoqay.exe
448	Sysqemancyj.exe
448	Sysqemancyj.exe
1920	Sysqemhycqr.exe
1920	Sysqemhycqr.exe
1588	Sysqemuwfta.exe
1588	Sysqemuwfta.exe
3060	Sysqemjicyd.exe
3060	Sysqemjicyd.exe
2556	Sysqemrqqqy.exe
2556	Sysqemrqqqy.exe
2144	Sysqemqmkwu.exe
2144	Sysqemqmkwu.exe
2428	Sysqemdoqdg.exe
2428	Sysqemdoqdg.exe
2780	Sysqemcgrwa.exe
2780	Sysqemcgrwa.exe
1148	Sysqemslzre.exe
1148	Sysqemslzre.exe
1280	Sysqemrploj.exe
1280	Sysqemrploj.exe
2560	Sysqemhxxwi.exe
2560	Sysqemhxxwi.exe
1916	Sysqemlrfwg.exe
1916	Sysqemlrfwg.exe
2544	Sysqembgqen.exe
2544	Sysqembgqen.exe
2748	Sysqemywxeo.exe
2748	Sysqemywxeo.exe
832	Sysqemidjbz.exe
832	Sysqemidjbz.exe
844	Sysqemkuprw.exe
844	Sysqemkuprw.exe
2340	Sysqemdbaeb.exe
2340	Sysqemdbaeb.exe
1748	Sysqemzckjx.exe
1748	Sysqemzckjx.exe
2968	Sysqempsvre.exe
2968	Sysqempsvre.exe
2564	Sysqemplejy.exe
2564	Sysqemplejy.exe
2768	Sysqembfkrj.exe
2768	Sysqembfkrj.exe
2908	Sysqemyrgrq.exe
2908	Sysqemyrgrq.exe
900	Sysqemlephw.exe
900	Sysqemlephw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2712-0-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0008000000018f58-6.dat	upx
behavioral1/files/0x0008000000018c22-20.dat	upx
behavioral1/files/0x00070000000190d2-22.dat	upx
behavioral1/memory/2756-29-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x00070000000190e5-36.dat	upx
behavioral1/memory/2740-48-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x000c00000001866c-52.dat	upx
behavioral1/memory/2104-60-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2152-59-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2712-57-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x00060000000191da-67.dat	upx
behavioral1/memory/1344-74-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0008000000019207-81.dat	upx
behavioral1/memory/2756-87-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0007000000019230-98.dat	upx
behavioral1/files/0x0005000000019448-122.dat	upx
behavioral1/memory/2104-119-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0005000000019453-131.dat	upx
behavioral1/memory/1344-137-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x000500000001945e-155.dat	upx
behavioral1/memory/2836-153-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x0005000000019462-164.dat	upx
behavioral1/memory/2036-172-0x0000000003460000-0x00000000034F1000-memory.dmp	upx
behavioral1/memory/1592-170-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/files/0x000500000001946f-182.dat	upx
behavioral1/memory/2036-186-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2556-202-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/448-201-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1920-208-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1588-221-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2428-225-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/3060-232-0x0000000003450000-0x00000000034E1000-memory.dmp	upx
behavioral1/memory/3060-231-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2556-239-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2780-240-0x0000000003540000-0x00000000035D1000-memory.dmp	upx
behavioral1/memory/2144-253-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2428-265-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2560-266-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2780-275-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1148-286-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2544-291-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1280-297-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2560-308-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/832-309-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1916-318-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2544-329-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2748-336-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/832-350-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/844-361-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2340-374-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2768-375-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1748-386-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2908-388-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2968-399-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2564-410-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2768-424-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1052-438-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2908-436-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/900-450-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/1588-463-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/3036-476-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2140-474-0x00000000035D0000-0x0000000003661000-memory.dmp	upx
behavioral1/memory/2784-495-0x0000000000400000-0x0000000000491000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemrqqqy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemniduj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemhkmuq.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjeiso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemptcad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemgdoun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtrtpt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjvoqf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemyytpk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemgpbku.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzosfw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemligmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemqoapm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemlwgcb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemyrgrq.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemujqku.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemdfwgk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemeqyni.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemywxeo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzpdsk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemscqdb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqembiatt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemhjfqt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemqhndf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemdahqb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtygqt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemadsct.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemjmiqo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzbnwj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemltaxq.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemmsgcc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemyvwyl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemoloqw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemifmvd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemzxxxk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemuwfta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemxwakx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemcylew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemmjwzw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemaklyo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemoeszt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemnzdoj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemerisr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemhatyy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemvdklu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqempdnfl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemwusry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemfepkf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemmmlkz.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemuywkv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqembycsu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsghmv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqembfkrj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemiftrf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemeshco.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsjbhb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemebipr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemplejy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsfzkp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemawkkb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemrcfyy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemsjika.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemtjzrr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sysqemvhjvy.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2152	2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe	31
PID 2712 wrote to memory of 2152	2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe	31
PID 2712 wrote to memory of 2152	2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe	31
PID 2712 wrote to memory of 2152	2712	c1537447e567c183219d9778317d2231_JaffaCakes118.exe	31
PID 2152 wrote to memory of 2756	2152	Sysqemgpbku.exe	32
PID 2152 wrote to memory of 2756	2152	Sysqemgpbku.exe	32
PID 2152 wrote to memory of 2756	2152	Sysqemgpbku.exe	32
PID 2152 wrote to memory of 2756	2152	Sysqemgpbku.exe	32
PID 2756 wrote to memory of 2740	2756	Sysqemduxct.exe	33
PID 2756 wrote to memory of 2740	2756	Sysqemduxct.exe	33
PID 2756 wrote to memory of 2740	2756	Sysqemduxct.exe	33
PID 2756 wrote to memory of 2740	2756	Sysqemduxct.exe	33
PID 2740 wrote to memory of 2104	2740	Sysqemsjika.exe	34
PID 2740 wrote to memory of 2104	2740	Sysqemsjika.exe	34
PID 2740 wrote to memory of 2104	2740	Sysqemsjika.exe	34
PID 2740 wrote to memory of 2104	2740	Sysqemsjika.exe	34
PID 2104 wrote to memory of 1344	2104	Sysqemfepkf.exe	35
PID 2104 wrote to memory of 1344	2104	Sysqemfepkf.exe	35
PID 2104 wrote to memory of 1344	2104	Sysqemfepkf.exe	35
PID 2104 wrote to memory of 1344	2104	Sysqemfepkf.exe	35
PID 1344 wrote to memory of 2836	1344	Sysqemmmlkz.exe	36
PID 1344 wrote to memory of 2836	1344	Sysqemmmlkz.exe	36
PID 1344 wrote to memory of 2836	1344	Sysqemmmlkz.exe	36
PID 1344 wrote to memory of 2836	1344	Sysqemmmlkz.exe	36
PID 2836 wrote to memory of 1592	2836	Sysqemzosfw.exe	37
PID 2836 wrote to memory of 1592	2836	Sysqemzosfw.exe	37
PID 2836 wrote to memory of 1592	2836	Sysqemzosfw.exe	37
PID 2836 wrote to memory of 1592	2836	Sysqemzosfw.exe	37
PID 1592 wrote to memory of 2036	1592	Sysqemeqyni.exe	38
PID 1592 wrote to memory of 2036	1592	Sysqemeqyni.exe	38
PID 1592 wrote to memory of 2036	1592	Sysqemeqyni.exe	38
PID 1592 wrote to memory of 2036	1592	Sysqemeqyni.exe	38
PID 2036 wrote to memory of 448	2036	Sysqemqoqay.exe	39
PID 2036 wrote to memory of 448	2036	Sysqemqoqay.exe	39
PID 2036 wrote to memory of 448	2036	Sysqemqoqay.exe	39
PID 2036 wrote to memory of 448	2036	Sysqemqoqay.exe	39
PID 448 wrote to memory of 1920	448	Sysqemancyj.exe	40
PID 448 wrote to memory of 1920	448	Sysqemancyj.exe	40
PID 448 wrote to memory of 1920	448	Sysqemancyj.exe	40
PID 448 wrote to memory of 1920	448	Sysqemancyj.exe	40
PID 1920 wrote to memory of 1588	1920	Sysqemhycqr.exe	41
PID 1920 wrote to memory of 1588	1920	Sysqemhycqr.exe	41
PID 1920 wrote to memory of 1588	1920	Sysqemhycqr.exe	41
PID 1920 wrote to memory of 1588	1920	Sysqemhycqr.exe	41
PID 1588 wrote to memory of 3060	1588	Sysqemuwfta.exe	42
PID 1588 wrote to memory of 3060	1588	Sysqemuwfta.exe	42
PID 1588 wrote to memory of 3060	1588	Sysqemuwfta.exe	42
PID 1588 wrote to memory of 3060	1588	Sysqemuwfta.exe	42
PID 3060 wrote to memory of 2556	3060	Sysqemjicyd.exe	43
PID 3060 wrote to memory of 2556	3060	Sysqemjicyd.exe	43
PID 3060 wrote to memory of 2556	3060	Sysqemjicyd.exe	43
PID 3060 wrote to memory of 2556	3060	Sysqemjicyd.exe	43
PID 2556 wrote to memory of 2144	2556	Sysqemrqqqy.exe	44
PID 2556 wrote to memory of 2144	2556	Sysqemrqqqy.exe	44
PID 2556 wrote to memory of 2144	2556	Sysqemrqqqy.exe	44
PID 2556 wrote to memory of 2144	2556	Sysqemrqqqy.exe	44
PID 2144 wrote to memory of 2428	2144	Sysqemqmkwu.exe	45
PID 2144 wrote to memory of 2428	2144	Sysqemqmkwu.exe	45
PID 2144 wrote to memory of 2428	2144	Sysqemqmkwu.exe	45
PID 2144 wrote to memory of 2428	2144	Sysqemqmkwu.exe	45
PID 2428 wrote to memory of 2780	2428	Sysqemdoqdg.exe	46
PID 2428 wrote to memory of 2780	2428	Sysqemdoqdg.exe	46
PID 2428 wrote to memory of 2780	2428	Sysqemdoqdg.exe	46
PID 2428 wrote to memory of 2780	2428	Sysqemdoqdg.exe	46

C:\Users\Admin\AppData\Local\Temp\c1537447e567c183219d9778317d2231_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c1537447e567c183219d9778317d2231_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\Sysqemgpbku.exe
  "C:\Users\Admin\AppData\Local\Temp\Sysqemgpbku.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Sysqemduxct.exe
    "C:\Users\Admin\AppData\Local\Temp\Sysqemduxct.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Sysqemsjika.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysqemsjika.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Sysqemfepkf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfepkf.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Sysqemmmlkz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmmlkz.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzosfw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzosfw.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeqyni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeqyni.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqoqay.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqoqay.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemancyj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemancyj.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhycqr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhycqr.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuwfta.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuwfta.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjicyd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjicyd.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrqqqy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrqqqy.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqmkwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqmkwu.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdoqdg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdoqdg.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcgrwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcgrwa.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemslzre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemslzre.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrploj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrploj.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhxxwi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhxxwi.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlrfwg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlrfwg.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembgqen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembgqen.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywxeo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywxeo.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemidjbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemidjbz.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkuprw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkuprw.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdbaeb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdbaeb.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzckjx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzckjx.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempsvre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempsvre.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemplejy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemplejy.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembfkrj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembfkrj.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyrgrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyrgrq.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlephw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlephw.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlxyzq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlxyzq.exe"
        33⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvwcxa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvwcxa.exe"
        34⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnzyhc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnzyhc.exe"
        35⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwnrxa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwnrxa.exe"
        36⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjtkfa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjtkfa.exe"
        37⤵
        Executes dropped EXE
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtswck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtswck.exe"
        38⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemckyns.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemckyns.exe"
        39⤵
        Executes dropped EXE
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsphiw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsphiw.exe"
        40⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemptcad.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemptcad.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzpdsk.exe"
        42⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuvtnn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuvtnn.exe"
        43⤵
        Executes dropped EXE
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmjksq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmjksq.exe"
        44⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgepaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgepaq.exe"
        45⤵
        Executes dropped EXE
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvminf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvminf.exe"
        46⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxwakx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxwakx.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqhndf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqhndf.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdzac.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdzac.exe"
        49⤵
        Executes dropped EXE
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhonaj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhonaj.exe"
        50⤵
        Executes dropped EXE
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeiina.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeiina.exe"
        51⤵
        Executes dropped EXE
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwwhtk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwwhtk.exe"
        52⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdahqb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdahqb.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvhjvy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvhjvy.exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsmmvf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsmmvf.exe"
        55⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemktobc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemktobc.exe"
        56⤵
        Executes dropped EXE
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkmpte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkmpte.exe"
        57⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzfmgg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzfmgg.exe"
        58⤵
        Executes dropped EXE
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrpxin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrpxin.exe"
        59⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjxzws.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjxzws.exe"
        60⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlscyn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlscyn.exe"
        61⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemblzlx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemblzlx.exe"
        62⤵
        Executes dropped EXE
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemahlrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemahlrt.exe"
        63⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqpwqa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqpwqa.exe"
        64⤵
        Executes dropped EXE
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnndzt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnndzt.exe"
        65⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxmhwm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxmhwm.exe"
        66⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoeszt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoeszt.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemejatx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemejatx.exe"
        68⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtgatk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtgatk.exe"
        69⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemicito.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemicito.exe"
        70⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembnwuw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembnwuw.exe"
        71⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtvyzb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtvyzb.exe"
        72⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjovmk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjovmk.exe"
        73⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxogza.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxogza.exe"
        74⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemniduj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemniduj.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemigwee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemigwee.exe"
        76⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiorwr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiorwr.exe"
        77⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuqxmk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuqxmk.exe"
        78⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcylew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcylew.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemujyee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemujyee.exe"
        80⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembqtwq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembqtwq.exe"
        81⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuywkv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuywkv.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtuihs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtuihs.exe"
        83⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemligmd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemligmd.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqvsuw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqvsuw.exe"
        85⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdijkc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdijkc.exe"
        86⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfhyza.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfhyza.exe"
        87⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxrlsh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxrlsh.exe"
        88⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrmqhz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrmqhz.exe"
        89⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeshco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeshco.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmsgcc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmsgcc.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembedpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembedpm.exe"
        92⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyqypk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyqypk.exe"
        93⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnykxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnykxr.exe"
        94⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqibnj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqibnj.exe"
        95⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemffjnw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemffjnw.exe"
        96⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemksdvp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemksdvp.exe"
        97⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcguaa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcguaa.exe"
        98⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembycsu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembycsu.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemujqku.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemujqku.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtygqt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtygqt.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjvoqf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjvoqf.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgtuqy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgtuqy.exe"
        103⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvmrdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvmrdi.exe"
        104⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemscqdb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemscqdb.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhkjqq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhkjqq.exe"
        106⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembiatt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembiatt.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrcwgd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrcwgd.exe"
        108⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjczdc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjczdc.exe"
        109⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvwyl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvwyl.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdaqgw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdaqgw.exe"
        111⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsfygj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsfygj.exe"
        112⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxggbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxggbz.exe"
        113⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnzdoj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnzdoj.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfdryl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfdryl.exe"
        115⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmzzyx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmzzyx.exe"
        116⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlsarr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlsarr.exe"
        117⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemapird.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemapird.exe"
        118⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdzzgw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdzzgw.exe"
        119⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvkngd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvkngd.exe"
        120⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsejtu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsejtu.exe"
        121⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemibrtg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemibrtg.exe"
        122⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwqzmn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwqzmn.exe"
        123⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmjwzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmjwzw.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgimbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgimbz.exe"
        125⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemypphw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemypphw.exe"
        126⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemljvhj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemljvhj.exe"
        127⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemadsct.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemadsct.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsghmv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsghmv.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkufrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkufrx.exe"
        130⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvpfb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvpfb.exe"
        131⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzkoce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzkoce.exe"
        132⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwwkxc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwwkxc.exe"
        133⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgdoun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgdoun.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqrxi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqrxi.exe"
        135⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxnzxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxnzxu.exe"
        136⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxgapo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxgapo.exe"
        137⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempqnhw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempqnhw.exe"
        138⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempjwaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempjwaq.exe"
        139⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemectnz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemectnz.exe"
        140⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemerisr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemerisr.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqxann.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqxann.exe"
        142⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvfds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvfds.exe"
        143⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlrfdf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlrfdf.exe"
        144⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempijxb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempijxb.exe"
        145⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemitxqj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemitxqj.exe"
        146⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempxhvs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempxhvs.exe"
        147⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfqeqc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfqeqc.exe"
        148⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemejfiw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemejfiw.exe"
        149⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrdlqh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrdlqh.exe"
        150⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemysyqb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemysyqb.exe"
        151⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgevdl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgevdl.exe"
        152⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiwusd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiwusd.exe"
        153⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaklyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaklyo.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemidkyu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemidkyu.exe"
        155⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxwhte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxwhte.exe"
        156⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxzgi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxzgi.exe"
        157⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjuzgm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjuzgm.exe"
        158⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjmiqo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjmiqo.exe"
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxvqo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxvqo.exe"
        160⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvuqp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvuqp.exe"
        161⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoloqw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoloqw.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdxlwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdxlwa.exe"
        163⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsiirj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsiirj.exe"
        164⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzbhwy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzbhwy.exe"
        165⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsmuog.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsmuog.exe"
        166⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuzxrb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuzxrb.exe"
        167⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjtuml.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjtuml.exe"
        168⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlgxog.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlgxog.exe"
        169⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeoztl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeoztl.exe"
        170⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemblgue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemblgue.exe"
        171⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqfcon.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqfcon.exe"
        172⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemssfri.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemssfri.exe"
        173⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfulhu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfulhu.exe"
        174⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeqxer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeqxer.exe"
        175⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxxajw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxxajw.exe"
        176⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwozt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwozt.exe"
        177⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempaoux.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempaoux.exe"
        178⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtrtpt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtrtpt.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlcght.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlcght.exe"
        180⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqoapm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqoapm.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemflipz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemflipz.exe"
        182⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcbgps.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcbgps.exe"
        183⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdnfl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdnfl.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsjbhb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsjbhb.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhkmuq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhkmuq.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlwgcb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlwgcb.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhvyve.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhvyve.exe"
        188⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgohfy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgohfy.exe"
        189⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemttrin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemttrin.exe"
        190⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifmvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifmvd.exe"
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxogis.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxogis.exe"
        192⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzxxxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzxxxk.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsfzkp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsfzkp.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlsmxy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlsmxy.exe"
        195⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhjfqt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhjfqt.exe"
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjeiso.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjeiso.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemawkkb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemawkkb.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgchsp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgchsp.exe"
        199⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvndfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvndfz.exe"
        200⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqtuit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqtuit.exe"
        201⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemczldi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemczldi.exe"
        202⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhatyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhatyy.exe"
        203⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwxbyk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwxbyk.exe"
        204⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgefdv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgefdv.exe"
        205⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwpcqe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwpcqe.exe"
        206⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemotqbg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemotqbg.exe"
        207⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgeeto.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgeeto.exe"
        208⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdfwgk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdfwgk.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsbwgw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsbwgw.exe"
        210⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrcfyy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrcfyy.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmejww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmejww.exe"
        212⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjftbs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjftbs.exe"
        213⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembusgd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembusgd.exe"
        214⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxegr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxegr.exe"
        215⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemodobf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemodobf.exe"
        216⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiftrf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiftrf.exe"
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvdklu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvdklu.exe"
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcdjmi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcdjmi.exe"
        219⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempfpbu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempfpbu.exe"
        220⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjefww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjefww.exe"
        221⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzbnwj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzbnwj.exe"
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhthy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhthy.exe"
        223⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqebhd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqebhd.exe"
        224⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvnkct.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvnkct.exe"
        225⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlksbg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlksbg.exe"
        226⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhlcpj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhlcpj.exe"
        227⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemawphj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemawphj.exe"
        228⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmugkm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmugkm.exe"
        229⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemebipr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemebipr.exe"
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemexumo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemexumo.exe"
        231⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwusry.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwusry.exe"
        232⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqememrsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqememrsf.exe"
        233⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtjzrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtjzrr.exe"
        234⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnpquu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnpquu.exe"
        235⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfavnu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfavnu.exe"
        236⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhoypp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhoypp.exe"
        237⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzcxua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzcxua.exe"
        238⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzcxnu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzcxnu.exe"
        239⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemokrnb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemokrnb.exe"
        240⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwsenv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwsenv.exe"
        241⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemllbae.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemllbae.exe"
        242⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyytpk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyytpk.exe"
        243⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemovtpx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemovtpx.exe"
        244⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemltaxq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemltaxq.exe"
        245⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdenqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdenqx.exe"
        246⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaffdt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaffdt.exe"
        247⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempycqd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempycqd.exe"
        248⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxuedu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxuedu.exe"
        249⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjawyi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjawyi.exe"
        250⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrbuyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrbuyp.exe"
        251⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjptda.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjptda.exe"
        252⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdznlf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdznlf.exe"
        253⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvnlqi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvnlqi.exe"
        254⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvyyie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvyyie.exe"
        255⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfmygu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfmygu.exe"
        256⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxebdt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxebdt.exe"
        257⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmyyqd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmyyqd.exe"
        258⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlukwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlukwa.exe"
        259⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembjewh.exe"
        260⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfsjjx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfsjjx.exe"
        261⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcqijq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcqijq.exe"
        262⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwskrv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwskrv.exe"
        263⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempzmwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempzmwa.exe"
        264⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwovoh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwovoh.exe"
        265⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlisbq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlisbq.exe"
        266⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtiqbx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtiqbx.exe"
        267⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgcxri.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgcxri.exe"
        268⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxvhuq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxvhuq.exe"
        269⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmoeoz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmoeoz.exe"
        270⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemclnux.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemclnux.exe"
        271⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoqxwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoqxwu.exe"
        272⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwvhcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwvhcd.exe"
        273⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofucl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofucl.exe"
        274⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqtxeg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqtxeg.exe"
        275⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgjien.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgjien.exe"
        276⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcnmel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcnmel.exe"
        277⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsdxms.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsdxms.exe"
        278⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrzkkp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrzkkp.exe"
        279⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkkxcx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkkxcx.exe"
        280⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeuqkc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeuqkc.exe"
        281⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtcksb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtcksb.exe"
        282⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwtcht.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwtcht.exe"
        283⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoisne.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoisne.exe"
        284⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnabfy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnabfy.exe"
        285⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxzfcr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxzfcr.exe"
        286⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuxmck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuxmck.exe"
        287⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkuucw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkuucw.exe"
        288⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjmvvq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjmvvq.exe"
        289⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxiny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxiny.exe"
        290⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjbtap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjbtap.exe"
        291⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyvpnr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyvpnr.exe"
        292⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqbplv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqbplv.exe"
        293⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqgqg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqgqg.exe"
        294⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemndzyz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemndzyz.exe"
        295⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemifdvx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemifdvx.exe"
        296⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcoxdd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcoxdd.exe"
        297⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuzkvl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuzkvl.exe"
        298⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtvwti.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtvwti.exe"
        299⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlqao.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlqao.exe"
        300⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjpsoy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjpsoy.exe"
        301⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemybpbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemybpbh.exe"
        302⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfiktc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfiktc.exe"
        303⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvnsbo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvnsbo.exe"
        304⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemienvx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemienvx.exe"
        305⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemapaww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemapaww.exe"
        306⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzhbgy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzhbgy.exe"
        307⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrspgy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrspgy.exe"
        308⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwzlq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwzlq.exe"
        309⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmqfbb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmqfbb.exe"
        310⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtgstv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtgstv.exe"
        311⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemidati.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemidati.exe"
        312⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnejwq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnejwq.exe"
        313⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdbrwd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdbrwd.exe"
        314⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemikzrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemikzrt.exe"
        315⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxskza.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxskza.exe"
        316⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcipmw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcipmw.exe"
        317⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempkvbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempkvbh.exe"
        318⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrrjex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrrjex.exe"
        319⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgrvrm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgrvrm.exe"
        320⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgdhra.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgdhra.exe"
        321⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyujbo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyujbo.exe"
        322⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaejzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaejzg.exe"
        323⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqyxmp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqyxmp.exe"
        324⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkeohk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkeohk.exe"
        325⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxyuww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxyuww.exe"
        326⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmgopx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmgopx.exe"
        327⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemymfrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemymfrt.exe"
        328⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemojoxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemojoxr.exe"
        329⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdrakg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdrakg.exe"
        330⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemadvfw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemadvfw.exe"
        331⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempadfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempadfj.exe"
        332⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkvinj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkvinj.exe"
        333⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrhsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrhsl.exe"
        334⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdxlni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdxlni.exe"
        335⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwensf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwensf.exe"
        336⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywais.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywais.exe"
        337⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemivefc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemivefc.exe"
        338⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemciral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemciral.exe"
        339⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuptnq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuptnq.exe"
        340⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwozdn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwozdn.exe"
        341⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmthqj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmthqj.exe"
        342⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdxaf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdxaf.exe"
        343⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlxtvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlxtvo.exe"
        344⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemiqmik.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemiqmik.exe"
        345⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxjavu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxjavu.exe"
        346⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaqpgj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaqpgj.exe"
        347⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsmnlu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsmnlu.exe"
        348⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempfxyq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempfxyq.exe"
        349⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkpcow.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkpcow.exe"
        350⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempuvvh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempuvvh.exe"
        351⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembwbla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembwbla.exe"
        352⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemegtbs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemegtbs.exe"
        353⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvurgv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvurgv.exe"
        354⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgbwln.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgbwln.exe"
        355⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvyels.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvyels.exe"
        356⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvntrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvntrr.exe"
        357⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkkbrd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkkbrd.exe"
        358⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhwxeu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhwxeu.exe"
        359⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzhkwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzhkwb.exe"
        360⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemroktg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemroktg.exe"
        361⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemghhgq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemghhgq.exe"
        362⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemicjjl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemicjjl.exe"
        363⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywgem.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywgem.exe"
        364⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfsqre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfsqre.exe"
        365⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvpqrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvpqrq.exe"
        366⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsnxrj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsnxrj.exe"
        367⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhjfrw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhjfrw.exe"
        368⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembqwmy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembqwmy.exe"
        369⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemupyzd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemupyzd.exe"
        370⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemttkwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemttkwa.exe"
        371⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjbveh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjbveh.exe"
        372⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlwyhc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlwyhc.exe"
        373⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdhmzc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdhmzc.exe"
        374⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhxquy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhxquy.exe"
        375⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmolxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmolxh.exe"
        376⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempydmz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempydmz.exe"
        377⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgxnfm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgxnfm.exe"
        378⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemevmff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemevmff.exe"
        379⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvjkkq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvjkkq.exe"
        380⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwnxce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwnxce.exe"
        381⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfxmnz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfxmnz.exe"
        382⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemnfzfm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemnfzfm.exe"
        383⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfqnxt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfqnxt.exe"
        384⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcouxm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcouxm.exe"
        385⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmqjii.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmqjii.exe"
        386⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzwcqh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzwcqh.exe"
        387⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemoevdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemoevdx.exe"
        388⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsjokq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsjokq.exe"
        389⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlqqqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlqqqn.exe"
        390⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemljrip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemljrip.exe"
        391⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdtfap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdtfap.exe"
        392⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhnnio.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhnnio.exe"
        393⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaupnt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaupnt.exe"
        394⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwzsnr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwzsnr.exe"
        395⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemokygz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemokygz.exe"
        396⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtxrns.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtxrns.exe"
        397⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmeutp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmeutp.exe"
        398⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlwclr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlwclr.exe"
        399⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Sysqematkle.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqematkle.exe"
        400⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemchnoz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemchnoz.exe"
        401⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuvetb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuvetb.exe"
        402⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemspaga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemspaga.exe"
        403⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhiwbj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhiwbj.exe"
        404⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembkyjh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembkyjh.exe"
        405⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrevwq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrevwq.exe"
        406⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtkbgg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtkbgg.exe"
        407⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemihjgs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemihjgs.exe"
        408⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemizkzm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemizkzm.exe"
        409⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxesyz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxesyz.exe"
        410⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzojor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzojor.exe"
        411⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsnlbw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsnlbw.exe"
        412⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrvjmv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrvjmv.exe"
        413⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembgwed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembgwed.exe"
        414⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyssrt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyssrt.exe"
        415⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqorwe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqorwe.exe"
        416⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemneqwx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemneqwx.exe"
        417⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcmjjm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcmjjm.exe"
        418⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempdemv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempdemv.exe"
        419⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemikgza.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemikgza.exe"
        420⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkjupy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkjupy.exe"
        421⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwdawj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwdawj.exe"
        422⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembqtec.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembqtec.exe"
        423⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrjqzm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrjqzm.exe"
        424⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemynaed.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemynaed.exe"
        425⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrmdsa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrmdsa.exe"
        426⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvglrz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvglrz.exe"
        427⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkahmj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkahmj.exe"
        428⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqxmuw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqxmuw.exe"
        429⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfcmuj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfcmuj.exe"
        430⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkhgcu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkhgcu.exe"
        431⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzbdxe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzbdxe.exe"
        432⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhfncv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhfncv.exe"
        433⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtkefj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtkefj.exe"
        434⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjlqxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjlqxk.exe"
        435⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemilzie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemilzie.exe"
        436⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkrddb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkrddb.exe"
        437⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzkaxd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzkaxd.exe"
        438⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzsynw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzsynw.exe"
        439⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrdmfe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrdmfe.exe"
        440⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemygtdn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemygtdn.exe"
        441⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqovis.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqovis.exe"
        442⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvesdo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvesdo.exe"
        443⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkbada.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkbada.exe"
        444⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzjvdb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzjvdb.exe"
        445⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrylim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrylim.exe"
        446⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjxwgd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjxwgd.exe"
        447⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemorcow.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemorcow.exe"
        448⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxrpdb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxrpdb.exe"
        449⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkwzyp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkwzyp.exe"
        450⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuomob.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuomob.exe"
        451⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjsujf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjsujf.exe"
        452⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembhtgk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembhtgk.exe"
        453⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtvkmn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtvkmn.exe"
        454⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkckbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkckbr.exe"
        455⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrigc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrigc.exe"
        456⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemuuxre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemuuxre.exe"
        457⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmqvwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmqvwo.exe"
        458⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmuipd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmuipd.exe"
        459⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzzrrr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzzrrr.exe"
        460⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwxyrk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwxyrk.exe"
        461⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrzcpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrzcpq.exe"
        462⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemfolzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemfolzw.exe"
        463⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemywnmt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemywnmt.exe"
        464⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsjshc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsjshc.exe"
        465⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhcpul.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhcpul.exe"
        466⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemjmoke.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemjmoke.exe"
        467⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemctqxj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemctqxj.exe"
        468⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembmrhd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembmrhd.exe"
        469⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtaqmn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtaqmn.exe"
        470⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemldexp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemldexp.exe"
        471⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemaepke.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemaepke.exe"
        472⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqematnpw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqematnpw.exe"
        473⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempqvpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempqvpi.exe"
        474⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmkrky.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmkrky.exe"
        475⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeyhqj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeyhqj.exe"
        476⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemglkse.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemglkse.exe"
        477⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyijxg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyijxg.exe"
        478⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemyxzvg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemyxzvg.exe"
        479⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofsdm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofsdm.exe"
        480⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcylic.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcylic.exe"
        481⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemujrak.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemujrak.exe"
        482⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcuxfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcuxfh.exe"
        483⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemurolk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemurolk.exe"
        484⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemghrns.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemghrns.exe"
        485⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwanac.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwanac.exe"
        486⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemctldk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemctldk.exe"
        487⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemveyvs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemveyvs.exe"
        488⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemewlle.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemewlle.exe"
        489⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemupayg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemupayg.exe"
        490⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqitee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqitee.exe"
        491⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdhwgm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdhwgm.exe"
        492⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlavgb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlavgb.exe"
        493⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdolee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdolee.exe"
        494⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemxucgh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemxucgh.exe"
        495⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempiamr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempiamr.exe"
        496⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhmpwt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhmpwt.exe"
        497⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwfljd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwfljd.exe"
        498⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlrjog.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlrjog.exe"
        499⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemecwhg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemecwhg.exe"
        500⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdufzi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdufzi.exe"
        501⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsvqmx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsvqmx.exe"
        502⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemazbrh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemazbrh.exe"
        503⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsnrwr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsnrwr.exe"
        504⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwalel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwalel.exe"
        505⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkncuq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkncuq.exe"
        506⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembfney.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembfney.exe"
        507⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemqzcrh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemqzcrh.exe"
        508⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemtjcpa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemtjcpa.exe"
        509⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemgwlff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemgwlff.exe"
        510⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemajyzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemajyzg.exe"
        511⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemsqafl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemsqafl.exe"
        512⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemeaunq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemeaunq.exe"
        513⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemwosst.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemwosst.exe"
        514⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembpanj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembpanj.exe"
        515⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrjxit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrjxit.exe"
        516⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvzcup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvzcup.exe"
        517⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemlszpz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemlszpz.exe"
        518⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembxzkd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembxzkd.exe"
        519⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemquhkh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemquhkh.exe"
        520⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdscny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdscny.exe"
        521⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvdpfy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvdpfy.exe"
        522⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Sysqempfrnd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqempfrnd.exe"
        523⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemhpwfl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemhpwfl.exe"
        524⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemzewdq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemzewdq.exe"
        525⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrtuis.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrtuis.exe"
        526⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemofqvq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemofqvq.exe"
        527⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdcyvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdcyvd.exe"
        528⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvfmgx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvfmgx.exe"
        529⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkkugj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkkugj.exe"
        530⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemmxxie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemmxxie.exe"
        531⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemcrudo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemcrudo.exe"
        532⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Sysqembgkin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqembgkin.exe"
        533⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemrnvim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemrnvim.exe"
        534⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemdlvvc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemdlvvc.exe"
        535⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvwbwc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvwbwc.exe"
        536⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemvlytb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemvlytb.exe"
        537⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemkigbn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemkigbn.exe"
        538⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Sysqemesajl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Sysqemesajl.exe"
        539⤵
        
        PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

Filesize
88KB

MD5
2a163bb2d21911232c852ff3de9a7a7c

SHA1
09f9a5c07fb2d530e887745ab87deb3233045674

SHA256
5c84cf5853cc2c7da9596422eb71039b72bdc6ac3ce4003eb5457a698a664e9f

SHA512
bdd0223ab53149b7777512d42de545568635add83eaf2108a1e104cbd18f13aab754d80b656b7cdda669ad164034265811b4d09924818c959cc2ad47c7077bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqemgpbku.exe

Filesize
88KB

MD5
bb0eec802e30eb9ffe4f72330996ad5f

SHA1
877a9e72bdb6ed8fde890d7a1b55ea0748c0d61e

SHA256
92b69cf52c710f2a5ab5dd8e364dbad7af1a1764a609b9e2a7bd1f9144f9dde5

SHA512
ceb1eae2f9ddc51940b659776eeb00c1fdda7afc613c5c135f465015da274b5dbf668dcac044f5df962a9aa53ecf1fcf951e9433c71cc7b845cc3f5ed48473e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqemhycqr.exe

Filesize
88KB

MD5
6874ece00d6dcafdb86216aff8df6aa9

SHA1
dac6c6a005c28516d864d0539c5dbff3eb3d70a8

SHA256
80dcaf38849b05f76fbeb992ef555d7f3cbc8212c589a4fbf9f81f2355fdce96

SHA512
3836edd7079f3c578c43de8527dd29c96513a8dc374d22cd88f626bd252c9b37119328bd97dc5256d80cb05bfc98749d238023980d7b636c9d5268f0c920a1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sysqemqoqay.exe

Filesize
88KB

MD5
aa199d338d727085df96a288c281a288

SHA1
8a3d6ab4d0dba9a37f514018cd3d6de3878ca738

SHA256
9474156bb6f8f634f9682c4b420f185b6f9168a162a4b0d728d83d0805688ca1

SHA512
596eb1ed36888eb94ee31c1641588034efd0aa9d6daf504b4e48da885c5aa27c25ecda4fad8a946e3a059df9f058103a4baa660467984d1ffeb223e8ceafc5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
f5aba2ae756d970bfdf482931e5af2b9

SHA1
bb523f45c7437036d74adbb4bee403d14f781783

SHA256
5441345f3640afe5af6db6ecb7f4a6dcecf589b8a7bdab6f32aa16d32b1bdbb5

SHA512
04f4d16c29b52ec944956dddfaa30a79017be9b38c7f28c7b4a43fe39b8fdfdf9cf7f8167d1fd07032c554584a39910cdb15f5de93b81429063f9c0af1c4098a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
8ac53295c4f424a25aa7f759ee408337

SHA1
38bee09ee97b663a68d8a8308b9d0d9bd9b55b21

SHA256
601b7ceb25511e8386ce58a28a78b55f5bf152dee59747bd36bef3adb2da0b7d

SHA512
937c19e49114aee634a7ccb8288815138b65f74a8b4523064dc178563d1fd19f24a8b28c8d3e77f9ecb134715d1a5cdd341d6fb0ae5c92c2122412bf41162e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
1568df337681053968381a585b4825d3

SHA1
eaf4d02da2809d44582938da90bd97dc110b3c61

SHA256
a51d4b1b3bf7e2ee10f5065a9f4aedf6785c160993c0046b795b04fd9929ba85

SHA512
55a78c6a5a30434a89553bf7dae179c30bd78c0e0420152e71f1193dc319a1407898fdd806d072d79513af6556bf9fc0fc0997f4dd957c4d660bc35fe7da9d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
0c437ce1a774ede9ea3d2409aec4375d

SHA1
85cf0b80452226407dcb76a8775ee89bb32d34c8

SHA256
7eb6ce976500be5a610b7251e788cb61e03b6ffd012cfb9001e827786dfd2a6e

SHA512
cc03ea53e2e2d355b86b28eb864be7c6aed8ff1c1059fcffb836899dbc47d7b10437240e4f3e2ac1dae14e4650248de221ab3d9baa450832cd4cc2d58cc9a17e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
78bf7b59c6afc425527fc28e4757ca0a

SHA1
8505244b140ebe4c6d6abadcab644cf089a4c7d7

SHA256
dc7310987bd82862c626668b43f8fc5df98388766bf7c5d9e774dc03854edbc8

SHA512
f8625c1410c98a962682274568c7b1efedb624037caf336c72d2c008885c27f310245e64a9921370b06b8ec3cf07447e07d019e85e63077c999fc0e82c1f269f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
5d98a02daf9d68d68960bc6c596a4ccc

SHA1
18f92615d5263379672efd9369b9e8619b56cf38

SHA256
747da63335a4fc3683259771ab2c867e73a0d59f804442e3e5a5e1345d6e67d3

SHA512
e856f23d4d56e358cbb3393d1dfbd8556a7ca08bc52e077a212b1f289f2e8fa08ae2d2cb09d04b4e5cceedc47dd363c0f28b4c28077678fff614e42ce5bd60fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
01b0bb445f5de349887ff251592506cc

SHA1
dc1e91ea652aef76a561608d495ba04fd2c01b44

SHA256
cd60980c178fb5a3e29c2df360c71d0671b96354c5751515dc5413d4bf7ed337

SHA512
b846d7986b6ba8bed75f250b03e514cae26f232eeb81f45179e5790717945fafb09f71ffc624a1f592ac3ba97c96311f4e8a89818b856c5a43dc83d77ccd7dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
0f3f77893ad4a487d2e34b5d1c138da9

SHA1
09962892a5f21bf1bfee2e5f07279c12aeb2d900

SHA256
08d6e8af23087cbd2592200ca04d4f21a017ad9a378d4eb1f9b17157bf759dd9

SHA512
42553e7eb5342fe6821cccaa8a4fd91da901a98f81342252f974b4832c3de378f9398a943f1d44a8b609726c3f271dbc371374b065b7f58125ea8eda813516dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
99944e5187ee47d28c98933904bb6bb8

SHA1
5b38d222ad3af18fc84f0af5d88fd34dc39e7eca

SHA256
9338b42d3870d24a07e37a97d9752045cfb53543e4d97e060029774abc13cc1e

SHA512
d9a5c43ddb0c8296ce586951cc9247e85ca7a2f5eb19ddbce83630e568973ea78fd58646b010b793c104494bd249d93e1ca30ad4814d7dcb0241ad570558cebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
edfca574c13f6bd8629fe99ab2a14574

SHA1
d5f0f2d8d1fe33b935783cf424d6157ac59b973b

SHA256
d8abb899b852f681c00a232a2dd8392e8fef47c18108599f4f4759033226e0cf

SHA512
25b8111eef2b32bc275a4b7c358063ae5c322705d193e617f3b99e84b880203beb69dbdf2db9c06ddd8f053bcfbcbec6e66b71bbccbaf161f941e205be62a8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
321a54b7ad3ef1df75c3477e42691bfd

SHA1
8454dd0420150e419d0aba755bd80b20cd66b12e

SHA256
f8de65da7ab6b6dcee68607053cbf69fbd06c06d0e1c6480025812c87cb1cff2

SHA512
128fe27352195e72223630a7ca8faa2bed1bd0422addcc6809990ee0f148bc273797bd65f99d04294a4016304b1f0edd2e60d9b23d82cf57d2d014d6e6347c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qpath.ini

Filesize
49B

MD5
ac3c5322322957023ad5182ff6554026

SHA1
0897e978852bb5863b6e1f1853d1e931e2182a30

SHA256
139e6fd9164c36cac4bea3fce2abbfbb68beddf7c0bbd96d09fc0f887b6e65e4

SHA512
77561fe8463e97a10274db90e93af92d9929e0f41cb72011554cc88b1dfbf3666bf50ae7f7bbd7f0a8708c8ec5a1cac4a4f9378c81ed55b24244c28db20137d2

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemancyj.exe

Filesize
88KB

MD5
97bc7446731b8da0b36f3c17526c300e

SHA1
ac87e5677b9f1d225494192c99859d5db03e1c88

SHA256
ff170b487985d953779f88522e787c5da2ff2224c3330f5dfdf47c6847b1884c

SHA512
b78059539a7771dc426c05ac2872137da3aabf675f6985e4ff026a1b38a519170615cc802ccfc22b78b3ea83753b50ad90761d50511c2835d106a660defbaa2b

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemduxct.exe

Filesize
88KB

MD5
bbffbf715328c4848e240f0699fd3af1

SHA1
c6df36d1498238761748f314760e6712c461da1a

SHA256
2479f8b1bfd4d3faa5d32dd1f8cc7af9a25b8f37240fdef1fdd5654e0df4a0f3

SHA512
67e3b0dff5e461a90d04c7eed6cd8d53df25345e93e887041a4055e4e2c44799187c86e7ce014ac5f62a4f01387ec508fd5d464c694953bbb1f19ec87a29e348

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemeqyni.exe

Filesize
88KB

MD5
4403284292ce661f5b06f59e65d409fb

SHA1
b3b8c5e1937774cf90395ecce5d42f13abbe0eee

SHA256
0adb49e9be1e1cc4f45233c84fa9e10a998519b9498c769b1932dbfe7c0f9e0e

SHA512
f4b457678bea163c767d884a33f9d106bd5a6d29679a02cd16ed390d2915858ab526843540c382c7fce97c5d47dee98be474b024c1fbc6f8c3dd566b9b3685ae

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemfepkf.exe

Filesize
88KB

MD5
dda1dc8f0eec31edf1bc1eab0f3d1efb

SHA1
555360e15bfffb0071e9a1f8d09dedf1e1ac602d

SHA256
2d874a7778eecc88b3b0ed685cc15da21d89d3926950749190234b6bd634131b

SHA512
f0b4d27fcca9fa9c45a0c902e201a57993466067c6088133d5315e0ecb4709ec9e74ade9e68fc70f4ff93d5780f298234b3bdb28fc63dcd3ad46cc702cd9ebf2

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemjicyd.exe

Filesize
88KB

MD5
78de0e76491f1689f19336cd16bf0da4

SHA1
2ca6d2a4a381e0483fce823ac36cccaca7b160e8

SHA256
1d26f075a0668aaa606f26f1cdfbad6f4735e1dfffad34dfe5d73f2eef8a47ec

SHA512
4617f2e843afaaea7727cd3ebd6d38e6f0eddefa40c70b6b010081e63591d8c43a830ff8803d4cc246b6f8ec579cbe8d140ac9a5a5fc6062479483e84269e085

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemmmlkz.exe

Filesize
88KB

MD5
6e8518e30af5c865f40456d7b8eebf34

SHA1
f3611892fc00dafb2eae86fca51af408f8ed02bb

SHA256
820da7594c76c47bf94dde9aa43f4cf31a25256f453822a45a28e5b7382905a8

SHA512
072421b629f29a19bdf2d1d8499057a206e08a2b051e734e691e269b0d01f309528214b936f1a12beff1c68c9061fe88ab611c89a2b5380cd260fe170df94519

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemsjika.exe

Filesize
88KB

MD5
3a731f170ca256ee2e42bd972049ffec

SHA1
80719b4a95e4e2f363f6e75b864d4ef59f5a02cd

SHA256
bf5da2b8adfef7508d08f1e30e986ec008bc421800c7e7b03b9e2feb37700dfb

SHA512
1eb45f515e78d9abf497f70a7055e080c75f33fb5f3cc4dda760a19abc2c4a036435809c3be664d9b95a3c8a9fbd15f321c31c0e07e9283514e316500cba9c41

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemuwfta.exe

Filesize
88KB

MD5
0feb3905788495ad89005afcc61199a2

SHA1
b982890569388582f667b6d25b38cc0debd70d36

SHA256
1050800ab1f1ac855641cf3feaa78c7c103ad71ec5e90462d050fbb42f078c82

SHA512
e22446b68c01af84562ce01a32d5d1cf4a8434b6093b891fdfaa7c9be985c0ffeb3cfd21cf26162bbbf77f1fe5171c97e857c2d4731c3897b7199ba11b35298a

Download Submit
\Users\Admin\AppData\Local\Temp\Sysqemzosfw.exe

Filesize
88KB

MD5
65ae7c9596c121effc48421e65c93d86

SHA1
2d10c2a15f3a48cd2c516851c5f6f2f0614af7cd

SHA256
89f2af5aa45886ccaa774df3c5b48fe337a56bee906f13c9f92dfaddbac101d1

SHA512
217b008635fabbd35b54b2ac65b556d98a0d309ba9ec421f502fd46f2a34a97fe1f0b5dcbd07293daf756bf8c8f3d175bb766e853f70bd8a8721d1c048769134

Download Submit
memory/332-503-0x0000000003470000-0x0000000003501000-memory.dmp

Filesize
580KB

Download
memory/332-492-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/448-201-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/832-354-0x00000000035A0000-0x0000000003631000-memory.dmp

Filesize
580KB

Download
memory/832-350-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/832-309-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/844-362-0x00000000034C0000-0x0000000003551000-memory.dmp

Filesize
580KB

Download
memory/844-361-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/844-330-0x00000000034C0000-0x0000000003551000-memory.dmp

Filesize
580KB

Download
memory/900-412-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/900-411-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/900-450-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/900-451-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/1052-489-0x0000000003500000-0x0000000003591000-memory.dmp

Filesize
580KB

Download
memory/1052-491-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1052-438-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1148-286-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1148-287-0x00000000048A0000-0x0000000004931000-memory.dmp

Filesize
580KB

Download
memory/1148-254-0x00000000048A0000-0x0000000004931000-memory.dmp

Filesize
580KB

Download
memory/1280-297-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1344-74-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1344-88-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/1344-137-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1344-138-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/1588-462-0x0000000003470000-0x0000000003501000-memory.dmp

Filesize
580KB

Download
memory/1588-187-0x00000000049D0000-0x0000000004A61000-memory.dmp

Filesize
580KB

Download
memory/1588-221-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1588-463-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1592-120-0x0000000003660000-0x00000000036F1000-memory.dmp

Filesize
580KB

Download
memory/1592-170-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1748-387-0x0000000003600000-0x0000000003691000-memory.dmp

Filesize
580KB

Download
memory/1748-386-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1916-318-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1920-208-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1940-855-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/1984-487-0x00000000035C0000-0x0000000003651000-memory.dmp

Filesize
580KB

Download
memory/1984-488-0x00000000035C0000-0x0000000003651000-memory.dmp

Filesize
580KB

Download
memory/2036-172-0x0000000003460000-0x00000000034F1000-memory.dmp

Filesize
580KB

Download
memory/2036-186-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2104-121-0x00000000034F0000-0x0000000003581000-memory.dmp

Filesize
580KB

Download
memory/2104-60-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2104-119-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2140-475-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/2140-474-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/2140-514-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2144-253-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2152-59-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2340-374-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2340-384-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/2372-808-0x00000000029F0000-0x000000000363A000-memory.dmp

Filesize
12.3MB

Download
memory/2372-809-0x0000000003530000-0x000000000417A000-memory.dmp

Filesize
12.3MB

Download
memory/2428-265-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2428-225-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2492-864-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2544-329-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2544-291-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2556-244-0x00000000035F0000-0x0000000003681000-memory.dmp

Filesize
580KB

Download
memory/2556-239-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2556-202-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2560-266-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2560-308-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2564-409-0x0000000003440000-0x00000000034D1000-memory.dmp

Filesize
580KB

Download
memory/2564-413-0x0000000003440000-0x00000000034D1000-memory.dmp

Filesize
580KB

Download
memory/2564-373-0x0000000003440000-0x00000000034D1000-memory.dmp

Filesize
580KB

Download
memory/2564-410-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2712-57-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2712-14-0x0000000003490000-0x0000000003521000-memory.dmp

Filesize
580KB

Download
memory/2712-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2740-56-0x0000000003670000-0x0000000003701000-memory.dmp

Filesize
580KB

Download
memory/2740-48-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2748-336-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2756-87-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2756-29-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2768-385-0x00000000035A0000-0x0000000003631000-memory.dmp

Filesize
580KB

Download
memory/2768-424-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2768-375-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2780-275-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2780-240-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/2784-507-0x00000000035E0000-0x0000000003671000-memory.dmp

Filesize
580KB

Download
memory/2784-461-0x00000000035E0000-0x0000000003671000-memory.dmp

Filesize
580KB

Download
memory/2784-460-0x00000000035E0000-0x0000000003671000-memory.dmp

Filesize
580KB

Download
memory/2784-495-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2836-104-0x0000000003460000-0x00000000034F1000-memory.dmp

Filesize
580KB

Download
memory/2836-154-0x0000000003460000-0x00000000034F1000-memory.dmp

Filesize
580KB

Download
memory/2836-153-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2908-437-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/2908-435-0x0000000003540000-0x00000000035D1000-memory.dmp

Filesize
580KB

Download
memory/2908-388-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2908-436-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2968-400-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/2968-399-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2968-357-0x0000000003590000-0x0000000003621000-memory.dmp

Filesize
580KB

Download
memory/2972-508-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2972-515-0x00000000035D0000-0x0000000003661000-memory.dmp

Filesize
580KB

Download
memory/3036-434-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/3036-478-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/3036-477-0x0000000003580000-0x0000000003611000-memory.dmp

Filesize
580KB

Download
memory/3036-476-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/3060-231-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/3060-232-0x0000000003450000-0x00000000034E1000-memory.dmp

Filesize
580KB

Download