8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Size

2.8MB
MD5

e92c46778bcb48e4c47565e6facd47bc
SHA1

9cfdc241ce4874cab69e97a9e2bc99a7a5c81dfe
SHA256

8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c
SHA512

7510c329a839af68ed21508076364bf0041c53a7da67ede00f562623cc70b9fa9eae1d2f93e5e2c57eb4930509a695ef03b2305c9730f1a4e1658c28deece75c
SSDEEP

49152:k2l7verQ4IAuyAhpSs+86eDFC06FyxKk/LOcYjgr:xKlIZz+FeDwBFysk/6cYjG

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
8128	6196	WerFault.exe	255
8532	6196	WerFault.exe	255
10024	1152	WerFault.exe	142
9928	2036	WerFault.exe	143
9192	4044	WerFault.exe	145
9476	3536	WerFault.exe	146
11176	8020	WerFault.exe	368
11044	752	WerFault.exe	179
11012	4148	WerFault.exe	172
9644	8320	WerFault.exe	385
9088	8184	WerFault.exe	376
9452	7604	WerFault.exe	342
10064	5708	WerFault.exe	225
7916	5952	WerFault.exe	240
10416	6004	WerFault.exe	243
9460	6100	WerFault.exe	249
10124	6052	WerFault.exe	246
7732	8048	WerFault.exe	369
9564	6212	WerFault.exe	256
10232	8048	WerFault.exe	369
8360	6212	WerFault.exe	256
1940	2740	WerFault.exe	83
1448	976	WerFault.exe	84
10760	4968	WerFault.exe	86
10668	5004	WerFault.exe	87
4820	10172	WerFault.exe	586
4728	10604	WerFault.exe	590
10128	3212	WerFault.exe	105
8872	5004	WerFault.exe	87
11232	9212	WerFault.exe	666
7336	9368	WerFault.exe	676
7572	9604	WerFault.exe	670
7592	2988	WerFault.exe	686
8024	860	WerFault.exe	697
9264	4768	WerFault.exe	719
10256	11056	WerFault.exe	734
6828	7260	Process not Found	321
6068	3736	Process not Found	147
6876	10024	Process not Found	990
7012	10372	Process not Found	988
7212	4916	Process not Found	1013
7180	10024	Process not Found	990
7120	10372	Process not Found	988
6628	3700	Process not Found	108
6996	3700	Process not Found	108
6088	1144	Process not Found	1243
4860	6844	Process not Found	1244
6996	964	Process not Found	1245
5528	3840	Process not Found	1247
4640	11236	Process not Found	1268
7188	4832	Process not Found	1261
9604	6932	Process not Found	1267
6824	6844	Process not Found	1244
8076	11236	Process not Found	1268
7288	9416	Process not Found	505
5648	9416	Process not Found	505
8920	3588	Process not Found	160
3204	3588	Process not Found	160
6448	8148	Process not Found	1040
4080	4572	Process not Found	1044
8728	10484	Process not Found	1049
6552	9524	Process not Found	1055
9048	8148	Process not Found	1040
11740	1560	Process not Found	1066

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2740	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2740	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
976	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
976	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2960	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2960	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4968	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4968	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
5004	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
5004	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4988	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4988	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
5012	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
5012	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4992	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4992	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2896	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2896	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4452	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4452	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2196	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2196	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
744	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
744	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3864	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3864	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1688	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1688	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1556	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1556	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4912	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4912	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2868	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2868	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1560	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1560	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4568	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4568	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2720	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2720	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2088	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2088	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
704	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
704	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3212	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3212	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2248	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2248	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3700	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3700	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3612	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3612	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2028	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
2028	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4292	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
4292	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1804	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1804	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
384	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
384	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3952	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
3952	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1692	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
1692	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 976	2740	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	84
PID 2740 wrote to memory of 976	2740	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	84
PID 2740 wrote to memory of 976	2740	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	84
PID 976 wrote to memory of 2960	976	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	85
PID 976 wrote to memory of 2960	976	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	85
PID 976 wrote to memory of 2960	976	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	85
PID 2960 wrote to memory of 4968	2960	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	86
PID 2960 wrote to memory of 4968	2960	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	86
PID 2960 wrote to memory of 4968	2960	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	86
PID 4968 wrote to memory of 5004	4968	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	87
PID 4968 wrote to memory of 5004	4968	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	87
PID 4968 wrote to memory of 5004	4968	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	87
PID 5004 wrote to memory of 4988	5004	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	88
PID 5004 wrote to memory of 4988	5004	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	88
PID 5004 wrote to memory of 4988	5004	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	88
PID 4988 wrote to memory of 5012	4988	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	89
PID 4988 wrote to memory of 5012	4988	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	89
PID 4988 wrote to memory of 5012	4988	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	89
PID 5012 wrote to memory of 4992	5012	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	90
PID 5012 wrote to memory of 4992	5012	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	90
PID 5012 wrote to memory of 4992	5012	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	90
PID 4992 wrote to memory of 2896	4992	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	91
PID 4992 wrote to memory of 2896	4992	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	91
PID 4992 wrote to memory of 2896	4992	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	91
PID 2896 wrote to memory of 4452	2896	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	92
PID 2896 wrote to memory of 4452	2896	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	92
PID 2896 wrote to memory of 4452	2896	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	92
PID 4452 wrote to memory of 2196	4452	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	93
PID 4452 wrote to memory of 2196	4452	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	93
PID 4452 wrote to memory of 2196	4452	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	93
PID 2196 wrote to memory of 744	2196	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	94
PID 2196 wrote to memory of 744	2196	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	94
PID 2196 wrote to memory of 744	2196	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	94
PID 744 wrote to memory of 3864	744	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	95
PID 744 wrote to memory of 3864	744	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	95
PID 744 wrote to memory of 3864	744	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	95
PID 3864 wrote to memory of 1688	3864	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	96
PID 3864 wrote to memory of 1688	3864	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	96
PID 3864 wrote to memory of 1688	3864	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	96
PID 1688 wrote to memory of 1556	1688	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	97
PID 1688 wrote to memory of 1556	1688	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	97
PID 1688 wrote to memory of 1556	1688	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	97
PID 1556 wrote to memory of 4912	1556	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	98
PID 1556 wrote to memory of 4912	1556	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	98
PID 1556 wrote to memory of 4912	1556	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	98
PID 4912 wrote to memory of 2868	4912	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	99
PID 4912 wrote to memory of 2868	4912	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	99
PID 4912 wrote to memory of 2868	4912	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	99
PID 2868 wrote to memory of 1560	2868	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	100
PID 2868 wrote to memory of 1560	2868	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	100
PID 2868 wrote to memory of 1560	2868	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	100
PID 1560 wrote to memory of 4568	1560	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	101
PID 1560 wrote to memory of 4568	1560	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	101
PID 1560 wrote to memory of 4568	1560	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	101
PID 4568 wrote to memory of 2720	4568	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	102
PID 4568 wrote to memory of 2720	4568	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	102
PID 4568 wrote to memory of 2720	4568	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	102
PID 2720 wrote to memory of 2088	2720	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	103
PID 2720 wrote to memory of 2088	2720	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	103
PID 2720 wrote to memory of 2088	2720	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	103
PID 2088 wrote to memory of 704	2088	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	104
PID 2088 wrote to memory of 704	2088	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	104
PID 2088 wrote to memory of 704	2088	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	104
PID 704 wrote to memory of 3212	704	8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe	105

C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
"C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
  "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:976
- - C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
    "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
      "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        7⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        10⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        12⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        13⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        16⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        20⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        21⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        23⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        24⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        26⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        33⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        34⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        35⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        36⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        37⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        38⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        39⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        40⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        41⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        42⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        43⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        45⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        46⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        47⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        48⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        49⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        50⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        51⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        52⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        53⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        54⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        55⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        56⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        57⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        58⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        59⤵
        Drops file in Program Files directory
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        60⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        61⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        62⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        64⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        65⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        66⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        67⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        68⤵
        Drops file in Program Files directory
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        69⤵
        Drops file in Program Files directory
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        70⤵
        Drops file in Program Files directory
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        71⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        72⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        73⤵
        Drops file in Program Files directory
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        74⤵
        Drops file in Program Files directory
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        75⤵
        Drops file in Program Files directory
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        76⤵
        Drops file in Program Files directory
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        77⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        78⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        79⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        80⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        81⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        82⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        83⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        84⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        85⤵
        Drops file in Program Files directory
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        86⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        87⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        88⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        89⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        90⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        91⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        92⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        93⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        94⤵
        Drops file in Program Files directory
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        95⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        96⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        97⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        98⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        99⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        100⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        101⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        102⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        103⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        104⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        105⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        106⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        108⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        109⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        110⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        111⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        112⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        113⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        114⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        115⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        116⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        117⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        118⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        119⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        120⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        121⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        122⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        123⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        124⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        125⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        126⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        127⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        128⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        129⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        130⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        131⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        132⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        133⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        134⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        135⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        136⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        137⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        138⤵
        Drops file in Program Files directory
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        139⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        140⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        141⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        142⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        143⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        144⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        146⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        147⤵
        Drops file in Program Files directory
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        148⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        149⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        150⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        151⤵
        Drops file in Program Files directory
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        152⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        153⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        154⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        155⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        157⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        158⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        159⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        160⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        161⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        162⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        163⤵
        Drops file in Program Files directory
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        164⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        165⤵
        Drops file in Program Files directory
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        166⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        167⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        168⤵
        Drops file in Program Files directory
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        169⤵
        Drops file in Program Files directory
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        171⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        172⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        173⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        174⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        175⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        176⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        177⤵
        System Location Discovery: System Language Discovery
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        179⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        180⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        181⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        183⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        184⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        185⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        186⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        187⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        188⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        189⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        191⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        192⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        193⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        194⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        195⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        196⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        197⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        198⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        199⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        200⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        201⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        202⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        203⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        204⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        205⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        206⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        207⤵
        Drops file in Program Files directory
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        208⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        210⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        211⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        212⤵
        Drops file in Program Files directory
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        213⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        214⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        215⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        216⤵
        Drops file in Program Files directory
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        217⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        218⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        219⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        220⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        221⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        225⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        226⤵
        Drops file in Program Files directory
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        227⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        228⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        229⤵
        Drops file in Program Files directory
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        230⤵
        Drops file in Program Files directory
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        231⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        232⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        233⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        234⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        235⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        236⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        237⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        238⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        239⤵
        Drops file in Program Files directory
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        240⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        241⤵
        Drops file in Program Files directory
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        242⤵
        Drops file in Program Files directory
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        243⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        244⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        245⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        246⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        247⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        248⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        249⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        250⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        252⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        253⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        254⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        255⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        256⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        257⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        258⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        259⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        260⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        261⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        262⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        263⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        264⤵
        Drops file in Program Files directory
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        265⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        266⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        267⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        268⤵
        Drops file in Program Files directory
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        269⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        270⤵
        Drops file in Program Files directory
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        271⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        272⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        273⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        274⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        275⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        276⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        277⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        278⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        279⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        280⤵
        Drops file in Program Files directory
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        281⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        282⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        283⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        284⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        285⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        286⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        287⤵
        System Location Discovery: System Language Discovery
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        288⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        289⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        290⤵
        Drops file in Program Files directory
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        291⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        292⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        293⤵
        Drops file in Program Files directory
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        294⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        295⤵
        System Location Discovery: System Language Discovery
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        296⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        297⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        298⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        299⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        300⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        301⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        302⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        303⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        304⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        305⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        306⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        307⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        308⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        309⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        310⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        311⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        312⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        313⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        314⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        315⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        316⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        317⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        318⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        319⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        320⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        321⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        322⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        323⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        324⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        325⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        326⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        327⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        328⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        329⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        330⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        331⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        332⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        333⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        334⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        335⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        336⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        337⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        338⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        339⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        340⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        341⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        342⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        343⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        344⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        345⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        346⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        347⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        348⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        349⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        350⤵
        System Location Discovery: System Language Discovery
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        351⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        352⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        353⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        354⤵
        Drops file in Program Files directory
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        355⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        356⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        357⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        358⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        359⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        360⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        361⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        362⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        363⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        364⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        365⤵
        System Location Discovery: System Language Discovery
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        366⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        367⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        368⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        369⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        370⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        371⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        372⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        373⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        374⤵
        System Location Discovery: System Language Discovery
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        375⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        376⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        377⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        378⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        379⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        380⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        381⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        382⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        383⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        384⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        385⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        386⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        387⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        388⤵
        Drops file in Program Files directory
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        389⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        390⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        391⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        392⤵
        Drops file in Program Files directory
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        393⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        394⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        395⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        396⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        397⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        398⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        399⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        400⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        401⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        402⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        403⤵
        Drops file in Program Files directory
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        404⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        405⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        406⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        407⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        408⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        409⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        410⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        411⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        412⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        413⤵
        System Location Discovery: System Language Discovery
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        414⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        415⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        416⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        417⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        418⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        419⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        420⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        421⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        422⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        423⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        424⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        425⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        426⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        427⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        428⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        429⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        430⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        431⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        432⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        433⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        434⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        435⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        436⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        437⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        438⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        439⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        440⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        441⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        442⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        443⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        444⤵
        System Location Discovery: System Language Discovery
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        445⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        446⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        447⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        448⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        449⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        450⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        451⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        452⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        453⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        454⤵
        System Location Discovery: System Language Discovery
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        455⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        456⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        457⤵
        System Location Discovery: System Language Discovery
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        458⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        459⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        460⤵
        System Location Discovery: System Language Discovery
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        461⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        462⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        463⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        464⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        465⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        466⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        467⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        468⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        469⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        470⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        471⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        472⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        473⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        474⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        475⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        476⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        477⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        478⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        479⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        480⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        481⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        482⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        483⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        484⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        485⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        486⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        487⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        488⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        489⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        490⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        491⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        492⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        493⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        494⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        495⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        496⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        497⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        498⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        499⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        500⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        501⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        502⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        503⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        504⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        505⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        506⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        507⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        508⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        509⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        510⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        511⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        512⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        513⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        514⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        515⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        516⤵
        System Location Discovery: System Language Discovery
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        517⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        518⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        519⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        520⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        521⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        522⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        523⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        524⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        525⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        526⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        527⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        528⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        529⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        530⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        531⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        532⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        533⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        534⤵
        Drops file in Program Files directory
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        535⤵
        Drops file in Program Files directory
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        536⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        537⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        538⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        539⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        540⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        541⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        542⤵
        Drops file in Program Files directory
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        543⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        544⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        545⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        546⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        547⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        548⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        549⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        550⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        551⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        552⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        553⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        554⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        555⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        556⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        557⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        558⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        559⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        560⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        561⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        562⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        563⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        564⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        565⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        566⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        567⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        568⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        569⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        570⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c.exe"
        571⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 388
        407⤵
        Program crash
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 448
        403⤵
        Program crash
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 468
        398⤵
        Program crash
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 428
        393⤵
        Program crash
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 388
        391⤵
        Program crash
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 432
        390⤵
        Program crash
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 396
        389⤵
        Program crash
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 476
        371⤵
        Program crash
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 428
        370⤵
        Program crash
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 452
        298⤵
        Program crash
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 428
        290⤵
        Program crash
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 436
        285⤵
        Program crash
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 456
        285⤵
        Program crash
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 436
        284⤵
        Program crash
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 428
        258⤵
        Program crash
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 444
        172⤵
        Program crash
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 464
        172⤵
        Program crash
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 440
        171⤵
        Program crash
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 484
        171⤵
        Program crash
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 480
        165⤵
        Program crash
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 428
        162⤵
        Program crash
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 428
        159⤵
        Program crash
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 428
        156⤵
        Program crash
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 448
        141⤵
        Program crash
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 432
        95⤵
        Program crash
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 460
        88⤵
        Program crash
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 392
        62⤵
        Program crash
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 440
        61⤵
        Program crash
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 436
        59⤵
        Program crash
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 176
        58⤵
        Program crash
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 428
        24⤵
        Program crash
        
        PID:10128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 432
        6⤵
        Program crash
        
        PID:10668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 432
        6⤵
        Program crash
        
        PID:8872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 444
        5⤵
        Program crash
        
        PID:10760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 436
    3⤵
    - Program crash
    PID:1448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 416
  2⤵
  - Program crash
  PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6196 -ip 6196
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6196 -ip 6196
1⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1152 -ip 1152
1⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2036 -ip 2036
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3536 -ip 3536
1⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4044 -ip 4044
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4624 -ip 4624
1⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3084 -ip 3084
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3204 -ip 3204
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5104 -ip 5104
1⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4516 -ip 4516
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1992 -ip 1992
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 516 -ip 516
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2372 -ip 2372
1⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2080 -ip 2080
1⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3236 -ip 3236
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1492 -ip 1492
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2688 -ip 2688
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4768 -ip 4768
1⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2532 -ip 2532
1⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3096 -ip 3096
1⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4556 -ip 4556
1⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3532 -ip 3532
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4612 -ip 4612
1⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2396 -ip 2396
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4148 -ip 4148
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1424 -ip 1424
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4072 -ip 4072
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4256 -ip 4256
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3956 -ip 3956
1⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 752 -ip 752
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2536 -ip 2536
1⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4436 -ip 4436
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4944 -ip 4944
1⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4624 -ip 4624
1⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3460 -ip 3460
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4964 -ip 4964
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3904 -ip 3904
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4372 -ip 4372
1⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2840 -ip 2840
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3084 -ip 3084
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3204 -ip 3204
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5104 -ip 5104
1⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1992 -ip 1992
1⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3236 -ip 3236
1⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4516 -ip 4516
1⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2532 -ip 2532
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2080 -ip 2080
1⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 516 -ip 516
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1492 -ip 1492
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2372 -ip 2372
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2688 -ip 2688
1⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3096 -ip 3096
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4768 -ip 4768
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3532 -ip 3532
1⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4556 -ip 4556
1⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4612 -ip 4612
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2396 -ip 2396
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1424 -ip 1424
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4148 -ip 4148
1⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3956 -ip 3956
1⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4256 -ip 4256
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4072 -ip 4072
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2536 -ip 2536
1⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4436 -ip 4436
1⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4944 -ip 4944
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 752 -ip 752
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4964 -ip 4964
1⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 3460 -ip 3460
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 2844 -ip 2844
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 4372 -ip 4372
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 3904 -ip 3904
1⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 2840 -ip 2840
1⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8020 -ip 8020
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7940 -ip 7940
1⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7988 -ip 7988
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8004 -ip 8004
1⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7972 -ip 7972
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8336 -ip 8336
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8320 -ip 8320
1⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 8232 -ip 8232
1⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 8248 -ip 8248
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 8264 -ip 8264
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 8108 -ip 8108
1⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 8352 -ip 8352
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 8304 -ip 8304
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 8280 -ip 8280
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8368 -ip 8368
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 8184 -ip 8184
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 8152 -ip 8152
1⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8156 -ip 8156
1⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8216 -ip 8216
1⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2036 -ip 2036
1⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4044 -ip 4044
1⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2844 -ip 2844
1⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1152 -ip 1152
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7988 -ip 7988
1⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7940 -ip 7940
1⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7972 -ip 7972
1⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 8004 -ip 8004
1⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8336 -ip 8336
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7308 -ip 7308
1⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 8108 -ip 8108
1⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7292 -ip 7292
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7324 -ip 7324
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7340 -ip 7340
1⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7376 -ip 7376
1⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 7360 -ip 7360
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7408 -ip 7408
1⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7392 -ip 7392
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7440 -ip 7440
1⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 3536 -ip 3536
1⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8368 -ip 8368
1⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 7424 -ip 7424
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7908 -ip 7908
1⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7924 -ip 7924
1⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7488 -ip 7488
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 7504 -ip 7504
1⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 8152 -ip 8152
1⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8248 -ip 8248
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8304 -ip 8304
1⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 8216 -ip 8216
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 8184 -ip 8184
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 8232 -ip 8232
1⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 8264 -ip 8264
1⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7604 -ip 7604
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7748 -ip 7748
1⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7732 -ip 7732
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7700 -ip 7700
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7716 -ip 7716
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7636 -ip 7636
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7684 -ip 7684
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7652 -ip 7652
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 7668 -ip 7668
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7620 -ip 7620
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7456 -ip 7456
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 7472 -ip 7472
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7556 -ip 7556
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7588 -ip 7588
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7844 -ip 7844
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 8280 -ip 8280
1⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 8156 -ip 8156
1⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 7796 -ip 7796
1⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7572 -ip 7572
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 7860 -ip 7860
1⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7828 -ip 7828
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7764 -ip 7764
1⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7780 -ip 7780
1⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7812 -ip 7812
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7540 -ip 7540
1⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 7876 -ip 7876
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7292 -ip 7292
1⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 8352 -ip 8352
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7360 -ip 7360
1⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7524 -ip 7524
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7308 -ip 7308
1⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7892 -ip 7892
1⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7340 -ip 7340
1⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5692 -ip 5692
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5676 -ip 5676
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5644 -ip 5644
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5660 -ip 5660
1⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5628 -ip 5628
1⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5708 -ip 5708
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5724 -ip 5724
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7440 -ip 7440
1⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 5756 -ip 5756
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5772 -ip 5772
1⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5808 -ip 5808
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7424 -ip 7424
1⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5788 -ip 5788
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5740 -ip 5740
1⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7376 -ip 7376
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7408 -ip 7408
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5872 -ip 5872
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 7324 -ip 7324
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7488 -ip 7488
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7908 -ip 7908
1⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5824 -ip 5824
1⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7392 -ip 7392
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7504 -ip 7504
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5856 -ip 5856
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5952 -ip 5952
1⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5920 -ip 5920
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 5904 -ip 5904
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5968 -ip 5968
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5888 -ip 5888
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7924 -ip 7924
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5840 -ip 5840
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5984 -ip 5984
1⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6068 -ip 6068
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6020 -ip 6020
1⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5936 -ip 5936
1⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6052 -ip 6052
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6036 -ip 6036
1⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6116 -ip 6116
1⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6148 -ip 6148
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6084 -ip 6084
1⤵
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6180 -ip 6180
1⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6004 -ip 6004
1⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6132 -ip 6132
1⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6164 -ip 6164
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6100 -ip 6100
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7748 -ip 7748
1⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 7700 -ip 7700
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7684 -ip 7684
1⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 7652 -ip 7652
1⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7636 -ip 7636
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 7732 -ip 7732
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7716 -ip 7716
1⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7668 -ip 7668
1⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7472 -ip 7472
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7456 -ip 7456
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7620 -ip 7620
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7844 -ip 7844
1⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7588 -ip 7588
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7796 -ip 7796
1⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 7556 -ip 7556
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 7780 -ip 7780
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 7572 -ip 7572
1⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7812 -ip 7812
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7860 -ip 7860
1⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7828 -ip 7828
1⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7540 -ip 7540
1⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7524 -ip 7524
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 7764 -ip 7764
1⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7876 -ip 7876
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7892 -ip 7892
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5628 -ip 5628
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5660 -ip 5660
1⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5676 -ip 5676
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5692 -ip 5692
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 8020 -ip 8020
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5724 -ip 5724
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5644 -ip 5644
1⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5788 -ip 5788
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5772 -ip 5772
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5808 -ip 5808
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 10120 -ip 10120
1⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 5740 -ip 5740
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5756 -ip 5756
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5872 -ip 5872
1⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 5824 -ip 5824
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5952 -ip 5952
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5920 -ip 5920
1⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5904 -ip 5904
1⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5856 -ip 5856
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 5840 -ip 5840
1⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 5984 -ip 5984
1⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 5936 -ip 5936
1⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6068 -ip 6068
1⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 9060 -ip 9060
1⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5888 -ip 5888
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5968 -ip 5968
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6020 -ip 6020
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6036 -ip 6036
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 8556 -ip 8556
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6116 -ip 6116
1⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6052 -ip 6052
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6148 -ip 6148
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6084 -ip 6084
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6004 -ip 6004
1⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6180 -ip 6180
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6164 -ip 6164
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6132 -ip 6132
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6100 -ip 6100
1⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 10120 -ip 10120
1⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 8320 -ip 8320
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 9060 -ip 9060
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 8556 -ip 8556
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 7604 -ip 7604
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5708 -ip 5708
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 8048 -ip 8048
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6212 -ip 6212
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 8048 -ip 8048
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6212 -ip 6212
1⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2740 -ip 2740
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 976 -ip 976
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 2960 -ip 2960
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4968 -ip 4968
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5004 -ip 5004
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4988 -ip 4988
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4992 -ip 4992
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5012 -ip 5012
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2896 -ip 2896
1⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 4452 -ip 4452
1⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2196 -ip 2196
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4492 -ip 4492
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 744 -ip 744
1⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 3864 -ip 3864
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 10796 -ip 10796
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1556 -ip 1556
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4912 -ip 4912
1⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1560 -ip 1560
1⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4568 -ip 4568
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1688 -ip 1688
1⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 704 -ip 704
1⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2868 -ip 2868
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 9916 -ip 9916
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2720 -ip 2720
1⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 2248 -ip 2248
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2088 -ip 2088
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2960 -ip 2960
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2896 -ip 2896
1⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5012 -ip 5012
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4988 -ip 4988
1⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3212 -ip 3212
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2196 -ip 2196
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4452 -ip 4452
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4992 -ip 4992
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4492 -ip 4492
1⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 10172 -ip 10172
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1556 -ip 1556
1⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 10604 -ip 10604
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1560 -ip 1560
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 10796 -ip 10796
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4568 -ip 4568
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 744 -ip 744
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 1688 -ip 1688
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4912 -ip 4912
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3864 -ip 3864
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 2720 -ip 2720
1⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2088 -ip 2088
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 2248 -ip 2248
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2868 -ip 2868
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 9916 -ip 9916
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 704 -ip 704
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3212 -ip 3212
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10604 -ip 10604
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 10172 -ip 10172
1⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 976 -ip 976
1⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5004 -ip 5004
1⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2740 -ip 2740
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 4968 -ip 4968
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 9212 -ip 9212
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 9604 -ip 9604
1⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 9368 -ip 9368
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2988 -ip 2988
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4248 -ip 4248
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7956 -ip 7956
1⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 9168 -ip 9168
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1460 -ip 1460
1⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 9408 -ip 9408
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 10440 -ip 10440
1⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 10180 -ip 10180
1⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 860 -ip 860
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 8892 -ip 8892
1⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 10276 -ip 10276
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 7956 -ip 7956
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1988 -ip 1988
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4248 -ip 4248
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 9408 -ip 9408
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 9168 -ip 9168
1⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4768 -ip 4768
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 860 -ip 860
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 10180 -ip 10180
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9492 -ip 9492
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10440 -ip 10440
1⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7988 -ip 7988
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6756 -ip 6756
1⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 8892 -ip 8892
1⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 11056 -ip 11056
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6804 -ip 6804
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 9000 -ip 9000
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10276 -ip 10276
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1460 -ip 1460
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6840 -ip 6840
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 6788 -ip 6788
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6772 -ip 6772
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 8284 -ip 8284
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6820 -ip 6820
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10308 -ip 10308
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 9276 -ip 9276
1⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6856 -ip 6856
1⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6872 -ip 6872
1⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6904 -ip 6904
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6920 -ip 6920
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 1988 -ip 1988
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6968 -ip 6968
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7000 -ip 7000
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 7016 -ip 7016
1⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8064 -ip 8064
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6936 -ip 6936
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 8116 -ip 8116
1⤵
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 6984 -ip 6984
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7032 -ip 7032
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7064 -ip 7064
1⤵
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7080 -ip 7080
1⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7096 -ip 7096
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7116 -ip 7116
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6888 -ip 6888
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7048 -ip 7048
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6952 -ip 6952
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5992 -ip 5992
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 9368 -ip 9368
1⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 9604 -ip 9604
1⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7148 -ip 7148
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 7132 -ip 7132
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 7180 -ip 7180
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7196 -ip 7196
1⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7212 -ip 7212
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7260 -ip 7260
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 9492 -ip 9492
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7228 -ip 7228
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7244 -ip 7244
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7276 -ip 7276
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7988 -ip 7988
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6756 -ip 6756
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 9212 -ip 9212
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6788 -ip 6788
1⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3736 -ip 3736
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 6804 -ip 6804
1⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 9000 -ip 9000
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 6772 -ip 6772
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6872 -ip 6872
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 10308 -ip 10308
1⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 9276 -ip 9276
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zG.exe

Filesize
1004KB

MD5
73af86a4e7bcd9c0db6e6ffb33994534

SHA1
682e6f4a586c9e1283530a2fa2f20aeaaef6c179

SHA256
87242949d169ded9115cfe4bd492b850709264b8fe2dfd7f59db7f51d4e7b1f1

SHA512
3aef4152f84b2bdd1bd5261c2a362cb6ec4aa0ddaf5a2deb88f8ec0b803ae737d6cd5127bb24cdc1c2ed0dc57c1746bcc0d5f67140ca3a508b49000cbca850f8

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
335KB

MD5
7f06f4b9e7aea781b51393a4d3a1116c

SHA1
b6eb45c81fde5a5e2bd785dd2c72477474a2e781

SHA256
14a99d43ce3e992b9795c24d068ba1651cc58efced1e879473a2a2a917b45141

SHA512
4b793f4fe19bf8cef25b16a5a0dc42b5d028355917f7369eedcdd76913f81bc08ecd1549912fbfcd8da42b25ca6ed25febdfb059fd65d1d3c8fb648c5a31b49c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.5MB

MD5
272d051afaffdf0226c18b19af4bf2c6

SHA1
60498ed8a481325786da05dcf59c59f61d8d4e71

SHA256
c8fc80f02be0337fdc8b502ff8f10b0d8a1ec2737cec25ff4debb446bc0c6b3f

SHA512
417dc5b01d9ed2f0c2d7e9d1166350e6c341f8362ad746d376fd8f199a332f2144e4f788335645d8ceeb5181653c9e25c243af3bcbb75675385689d504cd0164

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXC1BC.tmp

Filesize
2.8MB

MD5
99e0c67aab3b24d58eadabb999bd4f62

SHA1
a0cc51bf620d820550104e580ea5804a8d1f8c56

SHA256
ea379126a5c036765ca0137ddaf4dc0f6c814750d0eac48deaaa6a6e84f85d8c

SHA512
f3bf13b0db47e95fc6128bdd30e4a86a59690836b53075a9dfecf837a20cc3fd457d3a42e249ae820c1a9359669153fe7e44d046fa0ffadc10dac9600bbd3b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXE040.tmp

Filesize
2.7MB

MD5
12e9c1d88ae1823099f469b5f525577c

SHA1
5774d4bff88596ed90f0a56856808e659125fa75

SHA256
bfd9a0fac6e8102c1fb818ff8baa803c98ce8c35d312284456399ba50c13f381

SHA512
870acb3d35504b10e849e1856fc5bb181dadd3197d939118484748f9c74bfb56ff5d736977c0987846f6fc7cbc60743bfcbd08f9b987bd075a1ff3f70eeb4571

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcBC6B.tmp

Filesize
2.8MB

MD5
e92c46778bcb48e4c47565e6facd47bc

SHA1
9cfdc241ce4874cab69e97a9e2bc99a7a5c81dfe

SHA256
8ca2dbd43afc18b1f5132e77c2ccb087dc37b8687074b58477127142ef7fde6c

SHA512
7510c329a839af68ed21508076364bf0041c53a7da67ede00f562623cc70b9fa9eae1d2f93e5e2c57eb4930509a695ef03b2305c9730f1a4e1658c28deece75c

Download Submit
memory/384-1203-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/516-1214-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/704-1195-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/744-1185-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/976-1175-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1424-1643-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1492-1426-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1556-1188-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1560-1191-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1688-1187-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1692-1205-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1804-1202-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/1992-1213-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2028-1200-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2080-1220-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2088-1194-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2196-1184-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2248-1197-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2372-1219-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2396-1645-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2532-1216-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2536-1642-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2688-1221-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2720-1193-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2740-1174-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2840-1653-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2868-1190-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2896-1182-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/2960-1176-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3084-1211-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3096-1493-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3204-1212-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3212-1196-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3236-1217-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3460-1650-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3532-1511-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3612-1199-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3700-1198-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3864-1186-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3904-1655-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3952-1204-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/3956-1654-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4072-1647-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4256-1652-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4292-1201-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4372-1656-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4436-1648-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4452-1183-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4516-1218-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4556-1651-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4568-1192-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4612-1644-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4624-1206-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4768-1427-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4912-1189-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4944-1649-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4964-1646-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4968-1177-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4988-1179-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/4992-1181-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/5004-1178-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/5012-1180-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/5104-1215-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download
memory/6196-94-0x0000000000400000-0x00000000006E0000-memory.dmp

Filesize
2.9MB

Download