fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba

Analysis

max time kernel
31s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 05:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Size

664KB
MD5

cc9bd8c10d2f310c137196aea9d36429
SHA1

39504268fd555302faeb9ee40403af9f118e68e1
SHA256

fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba
SHA512

8193b48b70bb4e81dd6b5bd8e6c10235f09aa9c2abd09ef7cfd5de74a39d97f6ee96e8711ba9a71cae181aed6ce518996926ebbe7c9f5c244fa9f6f314e7c5d6
SSDEEP

12288:93ULO2IiSNAA+GAFKGrZhzoR1hOJkmgIlIig2Hl4:1sO2mNt+GQlhwiXF

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
5400	2808	WerFault.exe	171
6744	2808	WerFault.exe	171
7088	1776	WerFault.exe	172
6480	1776	WerFault.exe	172
6552	4392	WerFault.exe	173
7304	4392	WerFault.exe	173
7692	2336	WerFault.exe	174
7916	2336	WerFault.exe	174
7560	3624	WerFault.exe	176
7260	3624	WerFault.exe	176
8516	5204	WerFault.exe	180
8788	5204	WerFault.exe	180
10608	6408	WerFault.exe	245
10428	6408	WerFault.exe	245
11072	6444	WerFault.exe	246
11552	4380	WerFault.exe	115
13300	1152	WerFault.exe	119
11440	4780	WerFault.exe	120
11428	4004	WerFault.exe	116
10608	10576	WerFault.exe	623
15288	8732	WerFault.exe	410
1144	10412	WerFault.exe	612
13880	8808	WerFault.exe	413
11416	5244	WerFault.exe	452
908	8808	WerFault.exe	413
3376	8732	WerFault.exe	410
11360	6444	WerFault.exe	246
1568	9336	WerFault.exe	557
10752	9336	WerFault.exe	557
10588	4420	WerFault.exe	558
11332	4420	WerFault.exe	558
12124	2588	WerFault.exe	559
9012	2588	Process not Found	559
13976	1092	Process not Found	560
10268	5652	Process not Found	206
1312	5636	Process not Found	205
15268	5668	Process not Found	207
216	6232	Process not Found	239
7024	5980	Process not Found	235
14144	12992	Process not Found	692
11344	12416	Process not Found	664
15352	1092	Process not Found	560
6336	3328	Process not Found	485
6344	4604	Process not Found	484
12276	2272	Process not Found	486
5956	3968	Process not Found	487
6240	9272	Process not Found	494
11688	9224	Process not Found	491
6344	13748	Process not Found	1075
13636	13124	Process not Found	1072
2092	9984	Process not Found	533
10816	3968	Process not Found	487
15232	9272	Process not Found	494
11684	13748	Process not Found	1075
7132	7000	Process not Found	298
13076	3596	Process not Found	306
3404	6856	Process not Found	295
13832	7672	Process not Found	335
10164	7992	Process not Found	353
5664	11556	Process not Found	1310
3968	14972	Process not Found	1307
896	1360	Process not Found	1343
1100	14108	Process not Found	1337
11296	11556	Process not Found	1310

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2488	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2488	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2020	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2020	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
932	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
932	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4688	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4688	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2496	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2496	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4000	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4000	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2612	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2612	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1852	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1852	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
3172	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
3172	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2088	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2088	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2300	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2300	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4820	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4820	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2428	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
2428	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4276	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4276	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1844	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1844	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4372	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4372	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4332	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4332	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1840	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1840	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4396	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4396	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1348	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
1348	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4832	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4832	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
3568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
3568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4872	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4872	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4972	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4972	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4620	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4620	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4380	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4380	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4004	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
4004	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2020	2488	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	85
PID 2488 wrote to memory of 2020	2488	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	85
PID 2488 wrote to memory of 2020	2488	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	85
PID 2020 wrote to memory of 4376	2020	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	86
PID 2020 wrote to memory of 4376	2020	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	86
PID 2020 wrote to memory of 4376	2020	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	86
PID 4376 wrote to memory of 2684	4376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	87
PID 4376 wrote to memory of 2684	4376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	87
PID 4376 wrote to memory of 2684	4376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	87
PID 2684 wrote to memory of 376	2684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	88
PID 2684 wrote to memory of 376	2684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	88
PID 2684 wrote to memory of 376	2684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	88
PID 376 wrote to memory of 932	376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	89
PID 376 wrote to memory of 932	376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	89
PID 376 wrote to memory of 932	376	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	89
PID 932 wrote to memory of 4688	932	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	90
PID 932 wrote to memory of 4688	932	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	90
PID 932 wrote to memory of 4688	932	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	90
PID 4688 wrote to memory of 2496	4688	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	91
PID 4688 wrote to memory of 2496	4688	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	91
PID 4688 wrote to memory of 2496	4688	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	91
PID 2496 wrote to memory of 4000	2496	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	92
PID 2496 wrote to memory of 4000	2496	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	92
PID 2496 wrote to memory of 4000	2496	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	92
PID 4000 wrote to memory of 4568	4000	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	93
PID 4000 wrote to memory of 4568	4000	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	93
PID 4000 wrote to memory of 4568	4000	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	93
PID 4568 wrote to memory of 2612	4568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	94
PID 4568 wrote to memory of 2612	4568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	94
PID 4568 wrote to memory of 2612	4568	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	94
PID 2612 wrote to memory of 1852	2612	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	95
PID 2612 wrote to memory of 1852	2612	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	95
PID 2612 wrote to memory of 1852	2612	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	95
PID 1852 wrote to memory of 3172	1852	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	96
PID 1852 wrote to memory of 3172	1852	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	96
PID 1852 wrote to memory of 3172	1852	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	96
PID 3172 wrote to memory of 2088	3172	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	97
PID 3172 wrote to memory of 2088	3172	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	97
PID 3172 wrote to memory of 2088	3172	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	97
PID 2088 wrote to memory of 2300	2088	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	98
PID 2088 wrote to memory of 2300	2088	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	98
PID 2088 wrote to memory of 2300	2088	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	98
PID 2300 wrote to memory of 4820	2300	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	99
PID 2300 wrote to memory of 4820	2300	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	99
PID 2300 wrote to memory of 4820	2300	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	99
PID 4820 wrote to memory of 2428	4820	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	100
PID 4820 wrote to memory of 2428	4820	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	100
PID 4820 wrote to memory of 2428	4820	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	100
PID 2428 wrote to memory of 4276	2428	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	101
PID 2428 wrote to memory of 4276	2428	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	101
PID 2428 wrote to memory of 4276	2428	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	101
PID 4276 wrote to memory of 684	4276	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	102
PID 4276 wrote to memory of 684	4276	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	102
PID 4276 wrote to memory of 684	4276	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	102
PID 684 wrote to memory of 1844	684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	103
PID 684 wrote to memory of 1844	684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	103
PID 684 wrote to memory of 1844	684	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	103
PID 1844 wrote to memory of 4372	1844	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	104
PID 1844 wrote to memory of 4372	1844	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	104
PID 1844 wrote to memory of 4372	1844	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	104
PID 4372 wrote to memory of 4332	4372	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	106
PID 4372 wrote to memory of 4332	4372	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	106
PID 4372 wrote to memory of 4332	4372	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	106
PID 4332 wrote to memory of 1840	4332	fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe	107

C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
"C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
  "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
    "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
      "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        19⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        26⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        32⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        33⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        34⤵
        Drops file in Program Files directory
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        35⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        37⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        38⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        39⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        40⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        41⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        42⤵
        Drops file in Program Files directory
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        43⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        44⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        45⤵
        Drops file in Program Files directory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        46⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        47⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        49⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        50⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        51⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        52⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        53⤵
        Drops file in Program Files directory
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        54⤵
        Drops file in Program Files directory
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        55⤵
        Drops file in Program Files directory
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        56⤵
        Drops file in Program Files directory
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        57⤵
        Drops file in Program Files directory
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        58⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        59⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        60⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        61⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        62⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        63⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        64⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        65⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        66⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        67⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        68⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        69⤵
        Drops file in Program Files directory
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        70⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        71⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        72⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        73⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        74⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        75⤵
        Drops file in Program Files directory
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        76⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        77⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        78⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        79⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        80⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        81⤵
        Drops file in Program Files directory
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        82⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        83⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        84⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        85⤵
        Drops file in Program Files directory
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        86⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        87⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        88⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        89⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        90⤵
        Drops file in Program Files directory
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        91⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        92⤵
        Drops file in Program Files directory
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        93⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        94⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        95⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        96⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        97⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        98⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        99⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        100⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        101⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        102⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        103⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        104⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        105⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        106⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        107⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        109⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        110⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        111⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        112⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        113⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        114⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        115⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        116⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        117⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        118⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        119⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        120⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        121⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        122⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        123⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        124⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        125⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        126⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        127⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        128⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        129⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        130⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        131⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        132⤵
        Drops file in Program Files directory
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        133⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        134⤵
        Drops file in Program Files directory
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        135⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        136⤵
        Drops file in Program Files directory
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        137⤵
        Drops file in Program Files directory
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        138⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        139⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        140⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        141⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        142⤵
        Drops file in Program Files directory
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        143⤵
        Drops file in Program Files directory
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        144⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        145⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        146⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        147⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        148⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        149⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        150⤵
        Drops file in Program Files directory
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        151⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        152⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        153⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        155⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        156⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        157⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        158⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        159⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        160⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        161⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        162⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        163⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        164⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        165⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        166⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        167⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        169⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        170⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        171⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        172⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        173⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        174⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        175⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        176⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        177⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        178⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        179⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        180⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        181⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        182⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        183⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        184⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        185⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        186⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        187⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        189⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        190⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        191⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        192⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        193⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        194⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        195⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        196⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        197⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        198⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        199⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        200⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        201⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        202⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        203⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        205⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        206⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        207⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        208⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        209⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        210⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        211⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        212⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        213⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        216⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        217⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        219⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        220⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        221⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        222⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        223⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        224⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        225⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        226⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        227⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        228⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        229⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        230⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        231⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        232⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        233⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        234⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        235⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        236⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        237⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        238⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        239⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        240⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        241⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        242⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        243⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        244⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        245⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        246⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        247⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        248⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        249⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        250⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        251⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        252⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        253⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        254⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        255⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        256⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        257⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        258⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        259⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        260⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        261⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        262⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        263⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        264⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        265⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        266⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        267⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        268⤵
        System Location Discovery: System Language Discovery
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        269⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        270⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        271⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        272⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        273⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        274⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        275⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        276⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        277⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        278⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        279⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        280⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        281⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        282⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        283⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        284⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        285⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        286⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        287⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        288⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        289⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        290⤵
        System Location Discovery: System Language Discovery
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        291⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        292⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        293⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        294⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        295⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        296⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        297⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        298⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        299⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        300⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        301⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        302⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        303⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        304⤵
        Drops file in Program Files directory
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        305⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        306⤵
        Drops file in Program Files directory
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        307⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        308⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        309⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        310⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        311⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        312⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        313⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        314⤵
        Drops file in Program Files directory
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        315⤵
        System Location Discovery: System Language Discovery
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        316⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        317⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        318⤵
        Drops file in Program Files directory
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        319⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        320⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        321⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        322⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        323⤵
        Drops file in Program Files directory
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        324⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        325⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        326⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        327⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        328⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        329⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        330⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        331⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        332⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        333⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        334⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        335⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        336⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        337⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        338⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        339⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        340⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        341⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        342⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        343⤵
        Drops file in Program Files directory
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        344⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        345⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        346⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        347⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        348⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        349⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        350⤵
        System Location Discovery: System Language Discovery
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        351⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        352⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        353⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        354⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        355⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        356⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        357⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        358⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        359⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        360⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        361⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        362⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        363⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        364⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        365⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        366⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        367⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        368⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        369⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        370⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        371⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        372⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        373⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        374⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        375⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        376⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        377⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        378⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        379⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        380⤵
        Drops file in Program Files directory
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        381⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        382⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        383⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        384⤵
        Drops file in Program Files directory
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        385⤵
        Drops file in Program Files directory
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        386⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        387⤵
        System Location Discovery: System Language Discovery
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        388⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        389⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        390⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        391⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        392⤵
        System Location Discovery: System Language Discovery
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        393⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        394⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        395⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        396⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        397⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        398⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        399⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        400⤵
        System Location Discovery: System Language Discovery
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        401⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        402⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        403⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        404⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        405⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        406⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        407⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        408⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        409⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        410⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        411⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        412⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        413⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        414⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        415⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        416⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        417⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        418⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        419⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        420⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        421⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        422⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        423⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        424⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        425⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        426⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        427⤵
        Drops file in Program Files directory
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        428⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        429⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        430⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        431⤵
        Drops file in Program Files directory
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        432⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        433⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        434⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        435⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        436⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        437⤵
        Drops file in Program Files directory
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        438⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        439⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        440⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        441⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        442⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        443⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        444⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        445⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        446⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        447⤵
        Drops file in Program Files directory
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        448⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        449⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        450⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        451⤵
        Drops file in Program Files directory
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        452⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        453⤵
        System Location Discovery: System Language Discovery
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        454⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        455⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        456⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        457⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        458⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        459⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        460⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        461⤵
        System Location Discovery: System Language Discovery
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        462⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        463⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        464⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        465⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        466⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        467⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        468⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        469⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        470⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        471⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        472⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        473⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        475⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        476⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        477⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        478⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        479⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        480⤵
        System Location Discovery: System Language Discovery
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        481⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        482⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        483⤵
        Drops file in Program Files directory
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        484⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        485⤵
        Drops file in Program Files directory
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        486⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        487⤵
        System Location Discovery: System Language Discovery
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        488⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        489⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        490⤵
        System Location Discovery: System Language Discovery
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        491⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        492⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        493⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        494⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        495⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        496⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        497⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        498⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        499⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        500⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        501⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        502⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        503⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        504⤵
        Drops file in Program Files directory
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        505⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        506⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        507⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        508⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        509⤵
        Drops file in Program Files directory
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        510⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        511⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        512⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        513⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        514⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        515⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        516⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        517⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        518⤵
        Drops file in Program Files directory
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        519⤵
        System Location Discovery: System Language Discovery
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        520⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        521⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        522⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        523⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        524⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        525⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        526⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        527⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        528⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        529⤵
        System Location Discovery: System Language Discovery
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        530⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        531⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        532⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        533⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        534⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        535⤵
        System Location Discovery: System Language Discovery
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        536⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        537⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        538⤵
        System Location Discovery: System Language Discovery
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        539⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        540⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        541⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        542⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        543⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        544⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        545⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        546⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        547⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        548⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        549⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        550⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        551⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        552⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        553⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        554⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        555⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        556⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        557⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        558⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        559⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        560⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        561⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        562⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        563⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        564⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        565⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        566⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        567⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        568⤵
        System Location Discovery: System Language Discovery
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        569⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        570⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        571⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        572⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        573⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        574⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        575⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        576⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        577⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        578⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        579⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        580⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        581⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        582⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        583⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        584⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        585⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        586⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        587⤵
        System Location Discovery: System Language Discovery
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        588⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        589⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        590⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        591⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        592⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        593⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        594⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        595⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        596⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        597⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        598⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        599⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        600⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        601⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        602⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        603⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        604⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        605⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        606⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        607⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        608⤵
        System Location Discovery: System Language Discovery
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        609⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        610⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        611⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        612⤵
        System Location Discovery: System Language Discovery
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        613⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        614⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        615⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        616⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        617⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        618⤵
        System Location Discovery: System Language Discovery
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        619⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        620⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        621⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        622⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        623⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        624⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        625⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        626⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        627⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        628⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        629⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        630⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        631⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        632⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        633⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        634⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        635⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        636⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        637⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        638⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        639⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        640⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        641⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        642⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        643⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        644⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        645⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        646⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        647⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        648⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        650⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        651⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        652⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        653⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        654⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        655⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        656⤵
        System Location Discovery: System Language Discovery
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        657⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        658⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        659⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        660⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        661⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        662⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        663⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        664⤵
        System Location Discovery: System Language Discovery
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        665⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        666⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        667⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        668⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        669⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        670⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        671⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        672⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        673⤵
        Drops file in Program Files directory
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        674⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        675⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        676⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        677⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        678⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        679⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        680⤵
        Drops file in Program Files directory
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        681⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        682⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        683⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        684⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        685⤵
        Drops file in Program Files directory
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        686⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        687⤵
        Drops file in Program Files directory
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        688⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        689⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        690⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        691⤵
        Drops file in Program Files directory
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        692⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        693⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        694⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        695⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        696⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        697⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        698⤵
        Drops file in Program Files directory
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        699⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        700⤵
        Drops file in Program Files directory
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        701⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        702⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        703⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        704⤵
        Drops file in Program Files directory
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        705⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        706⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        707⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        708⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        709⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        710⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        711⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        712⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        713⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        714⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        715⤵
        Drops file in Program Files directory
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        716⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        717⤵
        Drops file in Program Files directory
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        718⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        719⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        720⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        721⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        722⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        723⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        724⤵
        System Location Discovery: System Language Discovery
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        725⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        726⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        727⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        728⤵
        System Location Discovery: System Language Discovery
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        729⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba.exe"
        730⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 440
        509⤵
        Program crash
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 444
        500⤵
        Program crash
        
        PID:1144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 432
        451⤵
        Program crash
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 400
        450⤵
        Program crash
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 400
        450⤵
        Program crash
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 440
        449⤵
        Program crash
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 440
        449⤵
        Program crash
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 384
        344⤵
        Program crash
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 432
        305⤵
        Program crash
        
        PID:13880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 456
        305⤵
        Program crash
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 432
        304⤵
        Program crash
        
        PID:15288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 432
        304⤵
        Program crash
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 440
        160⤵
        Program crash
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 460
        160⤵
        Program crash
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 440
        159⤵
        Program crash
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 440
        159⤵
        Program crash
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 440
        97⤵
        Program crash
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 440
        97⤵
        Program crash
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 440
        93⤵
        Program crash
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 440
        93⤵
        Program crash
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 432
        91⤵
        Program crash
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 456
        91⤵
        Program crash
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 440
        90⤵
        Program crash
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 440
        90⤵
        Program crash
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 440
        89⤵
        Program crash
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 440
        89⤵
        Program crash
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 396
        88⤵
        Program crash
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 396
        88⤵
        Program crash
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 452
        37⤵
        Program crash
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 448
        36⤵
        Program crash
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 436
        33⤵
        Program crash
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 436
        32⤵
        Program crash
        
        PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2808 -ip 2808
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2808 -ip 2808
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1776 -ip 1776
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1776 -ip 1776
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4392 -ip 4392
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4392 -ip 4392
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2336 -ip 2336
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2336 -ip 2336
1⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3624 -ip 3624
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3624 -ip 3624
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5204 -ip 5204
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5204 -ip 5204
1⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6408 -ip 6408
1⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6408 -ip 6408
1⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6444 -ip 6444
1⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4380 -ip 4380
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4004 -ip 4004
1⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4780 -ip 4780
1⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 336 -ip 336
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4012 -ip 4012
1⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1152 -ip 1152
1⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1708 -ip 1708
1⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1136 -ip 1136
1⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1360 -ip 1360
1⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1560 -ip 1560
1⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3684 -ip 3684
1⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1516 -ip 1516
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2996 -ip 2996
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2008 -ip 2008
1⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1200 -ip 1200
1⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1588 -ip 1588
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3508 -ip 3508
1⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 216 -ip 216
1⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1368 -ip 1368
1⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2592 -ip 2592
1⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 324 -ip 324
1⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4444 -ip 4444
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2732 -ip 2732
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3500 -ip 3500
1⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3768 -ip 3768
1⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 10392 -ip 10392
1⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3760 -ip 3760
1⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 816 -ip 816
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 10320 -ip 10320
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4340 -ip 4340
1⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3092 -ip 3092
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4992 -ip 4992
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 10420 -ip 10420
1⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4200 -ip 4200
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3420 -ip 3420
1⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4680 -ip 4680
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 336 -ip 336
1⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 10528 -ip 10528
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 864 -ip 864
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 10564 -ip 10564
1⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3488 -ip 3488
1⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3952 -ip 3952
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2892 -ip 2892
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10692 -ip 10692
1⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10764 -ip 10764
1⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1964 -ip 1964
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2584 -ip 2584
1⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 10816 -ip 10816
1⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 1452 -ip 1452
1⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 10860 -ip 10860
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4564 -ip 4564
1⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 10928 -ip 10928
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2084 -ip 2084
1⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3564 -ip 3564
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 11056 -ip 11056
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3176 -ip 3176
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3660 -ip 3660
1⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 1336 -ip 1336
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10632 -ip 10632
1⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 11192 -ip 11192
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2288 -ip 2288
1⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 3020 -ip 3020
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10572 -ip 10572
1⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 4544 -ip 4544
1⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3416 -ip 3416
1⤵
PID:13372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 1512 -ip 1512
1⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 10260 -ip 10260
1⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 4352 -ip 4352
1⤵
PID:14228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 1708 -ip 1708
1⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4012 -ip 4012
1⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3684 -ip 3684
1⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 11216 -ip 11216
1⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4324 -ip 4324
1⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 10460 -ip 10460
1⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1136 -ip 1136
1⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 10828 -ip 10828
1⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 1516 -ip 1516
1⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 1360 -ip 1360
1⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 4912 -ip 4912
1⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 11064 -ip 11064
1⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1200 -ip 1200
1⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10976 -ip 10976
1⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1560 -ip 1560
1⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2008 -ip 2008
1⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 11152 -ip 11152
1⤵
PID:14472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 3508 -ip 3508
1⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 1368 -ip 1368
1⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 216 -ip 216
1⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 11956 -ip 11956
1⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 2996 -ip 2996
1⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1588 -ip 1588
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 11188 -ip 11188
1⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2592 -ip 2592
1⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 10428 -ip 10428
1⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4444 -ip 4444
1⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 2732 -ip 2732
1⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 1816 -ip 1816
1⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 324 -ip 324
1⤵
PID:14372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3760 -ip 3760
1⤵
PID:14404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 10796 -ip 10796
1⤵
PID:14424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 4340 -ip 4340
1⤵
PID:14432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 816 -ip 816
1⤵
PID:14520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3768 -ip 3768
1⤵
PID:14536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3500 -ip 3500
1⤵
PID:14576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 2504 -ip 2504
1⤵
PID:14596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 11228 -ip 11228
1⤵
PID:14608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 10392 -ip 10392
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 10608 -ip 10608
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 10920 -ip 10920
1⤵
PID:14732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 10420 -ip 10420
1⤵
PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 10368 -ip 10368
1⤵
PID:14776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 3092 -ip 3092
1⤵
PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 11380 -ip 11380
1⤵
PID:14828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 11576 -ip 11576
1⤵
PID:14892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 10412 -ip 10412
1⤵
PID:14908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 11324 -ip 11324
1⤵
PID:14920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 10576 -ip 10576
1⤵
PID:14968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 10320 -ip 10320
1⤵
PID:15012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 4200 -ip 4200
1⤵
PID:15068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 4992 -ip 4992
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 3420 -ip 3420
1⤵
PID:15096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 10564 -ip 10564
1⤵
PID:15128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 4680 -ip 4680
1⤵
PID:15140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 10692 -ip 10692
1⤵
PID:15172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1964 -ip 1964
1⤵
PID:15208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 10528 -ip 10528
1⤵
PID:15228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2584 -ip 2584
1⤵
PID:15244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 864 -ip 864
1⤵
PID:15236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3952 -ip 3952
1⤵
PID:15268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 3488 -ip 3488
1⤵
PID:15280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 2892 -ip 2892
1⤵
PID:15332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 10764 -ip 10764
1⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 10816 -ip 10816
1⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1452 -ip 1452
1⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 10860 -ip 10860
1⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 4564 -ip 4564
1⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 10928 -ip 10928
1⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2084 -ip 2084
1⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 3564 -ip 3564
1⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3660 -ip 3660
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 11056 -ip 11056
1⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 3176 -ip 3176
1⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 11192 -ip 11192
1⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 1336 -ip 1336
1⤵
PID:14692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 10632 -ip 10632
1⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 10572 -ip 10572
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 2288 -ip 2288
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10260 -ip 10260
1⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 3416 -ip 3416
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4544 -ip 4544
1⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 1512 -ip 1512
1⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 3020 -ip 3020
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 10412 -ip 10412
1⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10576 -ip 10576
1⤵
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 11324 -ip 11324
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 8732 -ip 8732
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 8860 -ip 8860
1⤵
PID:14740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 8808 -ip 8808
1⤵
PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 8876 -ip 8876
1⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 8892 -ip 8892
1⤵
PID:14916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8924 -ip 8924
1⤵
PID:14964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 8972 -ip 8972
1⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 8956 -ip 8956
1⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8940 -ip 8940
1⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 8908 -ip 8908
1⤵
PID:15216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 8988 -ip 8988
1⤵
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 9068 -ip 9068
1⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 9052 -ip 9052
1⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 9116 -ip 9116
1⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 9132 -ip 9132
1⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 9100 -ip 9100
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 9020 -ip 9020
1⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 9036 -ip 9036
1⤵
PID:14680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 9004 -ip 9004
1⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9212 -ip 9212
1⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 9084 -ip 9084
1⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 9148 -ip 9148
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 9184 -ip 9184
1⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 9168 -ip 9168
1⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 3580 -ip 3580
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5160 -ip 5160
1⤵
PID:14436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 8252 -ip 8252
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 8344 -ip 8344
1⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 8404 -ip 8404
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 4780 -ip 4780
1⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 8384 -ip 8384
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 4380 -ip 4380
1⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 4004 -ip 4004
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8420 -ip 8420
1⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5196 -ip 5196
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1152 -ip 1152
1⤵
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 8440 -ip 8440
1⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 8484 -ip 8484
1⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 5132 -ip 5132
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8660 -ip 8660
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 8972 -ip 8972
1⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 8560 -ip 8560
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8524 -ip 8524
1⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 8724 -ip 8724
1⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8860 -ip 8860
1⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 8892 -ip 8892
1⤵
PID:14844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 8924 -ip 8924
1⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8956 -ip 8956
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 8764 -ip 8764
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 8876 -ip 8876
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 5244 -ip 5244
1⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 8988 -ip 8988
1⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 8940 -ip 8940
1⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 9068 -ip 9068
1⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 8908 -ip 8908
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 9052 -ip 9052
1⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 9132 -ip 9132
1⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1504 -p 9100 -ip 9100
1⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 9116 -ip 9116
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 9036 -ip 9036
1⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 9020 -ip 9020
1⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9004 -ip 9004
1⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 9212 -ip 9212
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 9084 -ip 9084
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 9148 -ip 9148
1⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 3580 -ip 3580
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 9184 -ip 9184
1⤵
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1516 -p 8252 -ip 8252
1⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 5160 -ip 5160
1⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 9168 -ip 9168
1⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 8384 -ip 8384
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 8344 -ip 8344
1⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 8404 -ip 8404
1⤵
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1532 -p 8420 -ip 8420
1⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5196 -ip 5196
1⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 8440 -ip 8440
1⤵
PID:984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 8484 -ip 8484
1⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5132 -ip 5132
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 8660 -ip 8660
1⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1568 -p 8724 -ip 8724
1⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 8524 -ip 8524
1⤵
PID:14480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 8560 -ip 8560
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 8764 -ip 8764
1⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 5244 -ip 5244
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8808 -ip 8808
1⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 8732 -ip 8732
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6444 -ip 6444
1⤵
PID:14344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 9336 -ip 9336
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 9336 -ip 9336
1⤵
PID:15008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4420 -ip 4420
1⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 4420 -ip 4420
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 2588 -ip 2588
1⤵
PID:11276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe

Filesize
1.2MB

MD5
0601b06d640234839645aa06840888a0

SHA1
6ade886e815474b7b0862d383a4a77c28c93f369

SHA256
841000eed82478d0c84648b2e002a96f8f149967ac4982018c30382f243c55c1

SHA512
a14ad89df9f79ee8c131241a1bb7399b2339aef50d9f6954c3149f37faa06770ab07c207048eed44743ef5ae22927b0188c6d729c20803643ab089029b60daf7

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
956KB

MD5
13047a79f30200779368a7ee6b9d6938

SHA1
d0ffa060fe061d459d04667e885acdf0250bee11

SHA256
7678d03a94d9cd00982294f9507867c3212e4774cd8917e087d0a6b845eb8c8e

SHA512
8989702e1a3528e1072812a7f95ff1e459acbd1003de343197ea5fdf49bfcc2ebb6dd1378a032e74890ea0116c27a3a633323f9859e53909a3f388fe70160d5e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
285KB

MD5
faa3b4ec5ce294b22c32d44a42a419c7

SHA1
6ab807057b16f23b4da2ae57aad0feb78be95da1

SHA256
61ac79d7d68751eedef9860654fd4ea96e6dc4246b203a62b282c50809c9d74f

SHA512
e0a85932e0718a5d47360d9c5262beac83806627d1186def3fbb00267a405873aad60131b9af95c4ca3ad7f6ecb7cde39c8f620b5244861b5976ea4d6ce8839f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.4MB

MD5
51f18148051be83c0fa29f4755d0d384

SHA1
289d4262193ade993216bb7464ae47b44a7e290e

SHA256
b680b8eaabc209c680706d66dc0a6bb0e2cb83bec028afe9806c48ed856fb546

SHA512
024178ac6806f299486b0a9daa7c9615a60bcfbc215dc31eaed5d2abcb537bcdb249911dea58ec1c4636eb09fefa3f0c40fa4c9c91a4b964d3b668e9bdd8a56e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXE3F9.tmp

Filesize
664KB

MD5
b0873f1fb3baceab18ef9de2a2855af0

SHA1
b68cca04bc3cf6d6929a811cc1de183e1344b156

SHA256
388d8c9546b06e98818ced07f75642e6c02208489b2d1bdf77d52a2d0d12e6a8

SHA512
3b40379964c327a210243b5422964c7ebe7ea7e23c52443ccef3282ce6e264ab6cf20546c0185d0bb69c6f2f3ec18388a52f3cf8ffb47757e7a115f32b910a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc68FB.tmp

Filesize
664KB

MD5
cc9bd8c10d2f310c137196aea9d36429

SHA1
39504268fd555302faeb9ee40403af9f118e68e1

SHA256
fccdf97a5120be890e3830de98b98e29771d266902ca83e1532fb3df57896bba

SHA512
8193b48b70bb4e81dd6b5bd8e6c10235f09aa9c2abd09ef7cfd5de74a39d97f6ee96e8711ba9a71cae181aed6ce518996926ebbe7c9f5c244fa9f6f314e7c5d6

Download Submit
memory/376-386-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/684-400-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/932-387-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1348-967-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1776-269-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1840-961-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1844-401-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1852-393-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2020-383-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2088-395-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2300-396-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2336-311-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2428-398-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2488-382-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2496-389-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2612-392-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2684-385-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2808-244-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3172-394-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3184-332-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3568-969-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3624-336-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4000-390-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4276-399-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4332-403-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4372-402-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4376-384-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4392-290-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4396-965-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4568-391-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4688-388-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4820-397-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4832-968-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4872-970-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4972-971-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5136-333-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5160-334-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5184-335-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5204-381-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5220-357-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5236-358-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5252-359-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5268-360-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5284-361-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5300-362-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5316-363-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5332-364-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5348-373-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5368-372-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5384-371-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5404-370-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5428-369-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5444-368-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5464-367-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5480-366-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5500-365-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5516-374-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5532-380-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5552-375-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5568-376-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5584-377-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5600-378-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5612-379-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/6408-600-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download