ab8e6d3f8b80ec5370aac106d92edc0721c3796d8f0d3a165bdbf214603535ec

Analysis

max time kernel
26s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 14:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97e4a4608603f4820a7febbcadd46800N.exe
Size

534KB
MD5

97e4a4608603f4820a7febbcadd46800
SHA1

7b7a660383ecd78d95641e6d5d296afb7a2b3371
SHA256

ab8e6d3f8b80ec5370aac106d92edc0721c3796d8f0d3a165bdbf214603535ec
SHA512

b59b747d9d92ced6bc15d89e0057cf37a44e132f572969144f78585c892c9157e18a545b1ccfcc96150ae2b6beaff333340d70cdfe65ea6521021f59144d21d1
SSDEEP

6144:Q+r3ULOJQSfbzTRk5DJqj2uUZARL1MkK+u/HFPbCsAl:3r3ULO2IiS37YcsAl

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	Process not Found
File opened for modification	C:\Program Files\7-Zip\7z.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	97e4a4608603f4820a7febbcadd46800N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	97e4a4608603f4820a7febbcadd46800N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
8196	7508	WerFault.exe	317
9304	7492	WerFault.exe	316
9500	7544	WerFault.exe	319
10128	7528	WerFault.exe	318
7580	7928	WerFault.exe	342
7576	8040	WerFault.exe	349
7668	7544	WerFault.exe	319
9308	7492	WerFault.exe	316
9704	5252	WerFault.exe	181
8772	5252	WerFault.exe	181
7808	5272	WerFault.exe	182
8364	5272	WerFault.exe	182
8516	5288	WerFault.exe	183
7552	5288	WerFault.exe	183
5496	1508	WerFault.exe	133
5412	1508	WerFault.exe	133
10724	1616	WerFault.exe	134
10984	1616	WerFault.exe	134
5808	1928	WerFault.exe	125
5616	1928	WerFault.exe	125
11288	4428	WerFault.exe	126
11600	4428	WerFault.exe	126
11992	1532	WerFault.exe	129
12168	9488	WerFault.exe	391
5952	10168	WerFault.exe	393
11936	9000	WerFault.exe	396
12080	10044	WerFault.exe	413
12488	4984	WerFault.exe	421
12632	8624	WerFault.exe	438
12756	10044	WerFault.exe	413
9420	6704	WerFault.exe	274
13132	6928	WerFault.exe	284
12252	7192	WerFault.exe	298
13208	6964	WerFault.exe	286
7024	7444	WerFault.exe	313
7244	6704	WerFault.exe	274
13148	7192	WerFault.exe	298
7392	6928	WerFault.exe	284
9420	10688	WerFault.exe	681
14232	10848	WerFault.exe	651
13248	5396	WerFault.exe	674
13752	10528	WerFault.exe	679
13816	10688	WerFault.exe	681
7212	1532	Process not Found	129
11152	8312	Process not Found	541
4752	2056	Process not Found	83
10904	5032	Process not Found	84
14164	2344	Process not Found	85
10476	3848	Process not Found	86
12504	13604	Process not Found	987
12756	3848	Process not Found	86
12376	7348	Process not Found	992
6756	2056	Process not Found	83
1940	8312	Process not Found	541
14132	8088	Process not Found	352
4072	8104	Process not Found	353
2044	8120	Process not Found	354
3840	8136	Process not Found	355
13720	1968	Process not Found	1321
2392	2656	Process not Found	371
14308	624	Process not Found	1343
4988	3668	Process not Found	1331
8916	11736	Process not Found	750
3136	11860	Process not Found	756

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97e4a4608603f4820a7febbcadd46800N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2056	97e4a4608603f4820a7febbcadd46800N.exe
2056	97e4a4608603f4820a7febbcadd46800N.exe
5032	97e4a4608603f4820a7febbcadd46800N.exe
5032	97e4a4608603f4820a7febbcadd46800N.exe
2344	97e4a4608603f4820a7febbcadd46800N.exe
2344	97e4a4608603f4820a7febbcadd46800N.exe
3848	97e4a4608603f4820a7febbcadd46800N.exe
3848	97e4a4608603f4820a7febbcadd46800N.exe
3672	97e4a4608603f4820a7febbcadd46800N.exe
3672	97e4a4608603f4820a7febbcadd46800N.exe
1400	97e4a4608603f4820a7febbcadd46800N.exe
1400	97e4a4608603f4820a7febbcadd46800N.exe
3800	97e4a4608603f4820a7febbcadd46800N.exe
3800	97e4a4608603f4820a7febbcadd46800N.exe
4852	97e4a4608603f4820a7febbcadd46800N.exe
4852	97e4a4608603f4820a7febbcadd46800N.exe
1660	97e4a4608603f4820a7febbcadd46800N.exe
1660	97e4a4608603f4820a7febbcadd46800N.exe
2616	97e4a4608603f4820a7febbcadd46800N.exe
2616	97e4a4608603f4820a7febbcadd46800N.exe
3016	97e4a4608603f4820a7febbcadd46800N.exe
3016	97e4a4608603f4820a7febbcadd46800N.exe
2604	97e4a4608603f4820a7febbcadd46800N.exe
2604	97e4a4608603f4820a7febbcadd46800N.exe
4076	97e4a4608603f4820a7febbcadd46800N.exe
4076	97e4a4608603f4820a7febbcadd46800N.exe
4316	97e4a4608603f4820a7febbcadd46800N.exe
4316	97e4a4608603f4820a7febbcadd46800N.exe
640	97e4a4608603f4820a7febbcadd46800N.exe
640	97e4a4608603f4820a7febbcadd46800N.exe
3972	97e4a4608603f4820a7febbcadd46800N.exe
3972	97e4a4608603f4820a7febbcadd46800N.exe
2484	97e4a4608603f4820a7febbcadd46800N.exe
2484	97e4a4608603f4820a7febbcadd46800N.exe
3480	97e4a4608603f4820a7febbcadd46800N.exe
3480	97e4a4608603f4820a7febbcadd46800N.exe
2648	97e4a4608603f4820a7febbcadd46800N.exe
2648	97e4a4608603f4820a7febbcadd46800N.exe
1936	97e4a4608603f4820a7febbcadd46800N.exe
1936	97e4a4608603f4820a7febbcadd46800N.exe
3576	97e4a4608603f4820a7febbcadd46800N.exe
3576	97e4a4608603f4820a7febbcadd46800N.exe
3340	97e4a4608603f4820a7febbcadd46800N.exe
3340	97e4a4608603f4820a7febbcadd46800N.exe
3132	97e4a4608603f4820a7febbcadd46800N.exe
3132	97e4a4608603f4820a7febbcadd46800N.exe
1940	97e4a4608603f4820a7febbcadd46800N.exe
1940	97e4a4608603f4820a7febbcadd46800N.exe
2636	97e4a4608603f4820a7febbcadd46800N.exe
2636	97e4a4608603f4820a7febbcadd46800N.exe
224	97e4a4608603f4820a7febbcadd46800N.exe
224	97e4a4608603f4820a7febbcadd46800N.exe
4220	97e4a4608603f4820a7febbcadd46800N.exe
4220	97e4a4608603f4820a7febbcadd46800N.exe
3256	97e4a4608603f4820a7febbcadd46800N.exe
3256	97e4a4608603f4820a7febbcadd46800N.exe
4888	97e4a4608603f4820a7febbcadd46800N.exe
4888	97e4a4608603f4820a7febbcadd46800N.exe
2016	97e4a4608603f4820a7febbcadd46800N.exe
2016	97e4a4608603f4820a7febbcadd46800N.exe
3720	97e4a4608603f4820a7febbcadd46800N.exe
3720	97e4a4608603f4820a7febbcadd46800N.exe
1656	97e4a4608603f4820a7febbcadd46800N.exe
1656	97e4a4608603f4820a7febbcadd46800N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 5032	2056	97e4a4608603f4820a7febbcadd46800N.exe	84
PID 2056 wrote to memory of 5032	2056	97e4a4608603f4820a7febbcadd46800N.exe	84
PID 2056 wrote to memory of 5032	2056	97e4a4608603f4820a7febbcadd46800N.exe	84
PID 5032 wrote to memory of 2344	5032	97e4a4608603f4820a7febbcadd46800N.exe	85
PID 5032 wrote to memory of 2344	5032	97e4a4608603f4820a7febbcadd46800N.exe	85
PID 5032 wrote to memory of 2344	5032	97e4a4608603f4820a7febbcadd46800N.exe	85
PID 2344 wrote to memory of 3848	2344	97e4a4608603f4820a7febbcadd46800N.exe	86
PID 2344 wrote to memory of 3848	2344	97e4a4608603f4820a7febbcadd46800N.exe	86
PID 2344 wrote to memory of 3848	2344	97e4a4608603f4820a7febbcadd46800N.exe	86
PID 3848 wrote to memory of 3672	3848	97e4a4608603f4820a7febbcadd46800N.exe	87
PID 3848 wrote to memory of 3672	3848	97e4a4608603f4820a7febbcadd46800N.exe	87
PID 3848 wrote to memory of 3672	3848	97e4a4608603f4820a7febbcadd46800N.exe	87
PID 3672 wrote to memory of 1400	3672	97e4a4608603f4820a7febbcadd46800N.exe	88
PID 3672 wrote to memory of 1400	3672	97e4a4608603f4820a7febbcadd46800N.exe	88
PID 3672 wrote to memory of 1400	3672	97e4a4608603f4820a7febbcadd46800N.exe	88
PID 1400 wrote to memory of 3800	1400	97e4a4608603f4820a7febbcadd46800N.exe	89
PID 1400 wrote to memory of 3800	1400	97e4a4608603f4820a7febbcadd46800N.exe	89
PID 1400 wrote to memory of 3800	1400	97e4a4608603f4820a7febbcadd46800N.exe	89
PID 3800 wrote to memory of 4852	3800	97e4a4608603f4820a7febbcadd46800N.exe	90
PID 3800 wrote to memory of 4852	3800	97e4a4608603f4820a7febbcadd46800N.exe	90
PID 3800 wrote to memory of 4852	3800	97e4a4608603f4820a7febbcadd46800N.exe	90
PID 4852 wrote to memory of 1660	4852	97e4a4608603f4820a7febbcadd46800N.exe	91
PID 4852 wrote to memory of 1660	4852	97e4a4608603f4820a7febbcadd46800N.exe	91
PID 4852 wrote to memory of 1660	4852	97e4a4608603f4820a7febbcadd46800N.exe	91
PID 1660 wrote to memory of 2616	1660	97e4a4608603f4820a7febbcadd46800N.exe	92
PID 1660 wrote to memory of 2616	1660	97e4a4608603f4820a7febbcadd46800N.exe	92
PID 1660 wrote to memory of 2616	1660	97e4a4608603f4820a7febbcadd46800N.exe	92
PID 2616 wrote to memory of 3016	2616	97e4a4608603f4820a7febbcadd46800N.exe	93
PID 2616 wrote to memory of 3016	2616	97e4a4608603f4820a7febbcadd46800N.exe	93
PID 2616 wrote to memory of 3016	2616	97e4a4608603f4820a7febbcadd46800N.exe	93
PID 3016 wrote to memory of 2604	3016	97e4a4608603f4820a7febbcadd46800N.exe	94
PID 3016 wrote to memory of 2604	3016	97e4a4608603f4820a7febbcadd46800N.exe	94
PID 3016 wrote to memory of 2604	3016	97e4a4608603f4820a7febbcadd46800N.exe	94
PID 2604 wrote to memory of 4076	2604	97e4a4608603f4820a7febbcadd46800N.exe	95
PID 2604 wrote to memory of 4076	2604	97e4a4608603f4820a7febbcadd46800N.exe	95
PID 2604 wrote to memory of 4076	2604	97e4a4608603f4820a7febbcadd46800N.exe	95
PID 4076 wrote to memory of 4316	4076	97e4a4608603f4820a7febbcadd46800N.exe	96
PID 4076 wrote to memory of 4316	4076	97e4a4608603f4820a7febbcadd46800N.exe	96
PID 4076 wrote to memory of 4316	4076	97e4a4608603f4820a7febbcadd46800N.exe	96
PID 4316 wrote to memory of 640	4316	97e4a4608603f4820a7febbcadd46800N.exe	97
PID 4316 wrote to memory of 640	4316	97e4a4608603f4820a7febbcadd46800N.exe	97
PID 4316 wrote to memory of 640	4316	97e4a4608603f4820a7febbcadd46800N.exe	97
PID 640 wrote to memory of 3972	640	97e4a4608603f4820a7febbcadd46800N.exe	98
PID 640 wrote to memory of 3972	640	97e4a4608603f4820a7febbcadd46800N.exe	98
PID 640 wrote to memory of 3972	640	97e4a4608603f4820a7febbcadd46800N.exe	98
PID 3972 wrote to memory of 2484	3972	97e4a4608603f4820a7febbcadd46800N.exe	99
PID 3972 wrote to memory of 2484	3972	97e4a4608603f4820a7febbcadd46800N.exe	99
PID 3972 wrote to memory of 2484	3972	97e4a4608603f4820a7febbcadd46800N.exe	99
PID 2484 wrote to memory of 3480	2484	97e4a4608603f4820a7febbcadd46800N.exe	100
PID 2484 wrote to memory of 3480	2484	97e4a4608603f4820a7febbcadd46800N.exe	100
PID 2484 wrote to memory of 3480	2484	97e4a4608603f4820a7febbcadd46800N.exe	100
PID 3480 wrote to memory of 2648	3480	97e4a4608603f4820a7febbcadd46800N.exe	101
PID 3480 wrote to memory of 2648	3480	97e4a4608603f4820a7febbcadd46800N.exe	101
PID 3480 wrote to memory of 2648	3480	97e4a4608603f4820a7febbcadd46800N.exe	101
PID 2648 wrote to memory of 1936	2648	97e4a4608603f4820a7febbcadd46800N.exe	102
PID 2648 wrote to memory of 1936	2648	97e4a4608603f4820a7febbcadd46800N.exe	102
PID 2648 wrote to memory of 1936	2648	97e4a4608603f4820a7febbcadd46800N.exe	102
PID 1936 wrote to memory of 3576	1936	97e4a4608603f4820a7febbcadd46800N.exe	103
PID 1936 wrote to memory of 3576	1936	97e4a4608603f4820a7febbcadd46800N.exe	103
PID 1936 wrote to memory of 3576	1936	97e4a4608603f4820a7febbcadd46800N.exe	103
PID 3576 wrote to memory of 3340	3576	97e4a4608603f4820a7febbcadd46800N.exe	104
PID 3576 wrote to memory of 3340	3576	97e4a4608603f4820a7febbcadd46800N.exe	104
PID 3576 wrote to memory of 3340	3576	97e4a4608603f4820a7febbcadd46800N.exe	104
PID 3340 wrote to memory of 3132	3340	97e4a4608603f4820a7febbcadd46800N.exe	105

C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
"C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
  "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
    "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
      "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        9⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        12⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        15⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        21⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        24⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        26⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        27⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        29⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        30⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        33⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        34⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        35⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        36⤵
        Drops file in Program Files directory
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        38⤵
        Drops file in Program Files directory
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        39⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        40⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        41⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        42⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        43⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        44⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        45⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        46⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        48⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        49⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        50⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        51⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        52⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        53⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        54⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        55⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        56⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        57⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        58⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        60⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        61⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        62⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        63⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        64⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        65⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        66⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        67⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        68⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        69⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        70⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        71⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        72⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        73⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        74⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        76⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        77⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        78⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        79⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        80⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        81⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        82⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        83⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        84⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        85⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        86⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        87⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        88⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        90⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        91⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        92⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        93⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        94⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        95⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        96⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        97⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        98⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        99⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        100⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        101⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        102⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        103⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        104⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        105⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        106⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        107⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        108⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        109⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        110⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        111⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        112⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        113⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        114⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        115⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        116⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        117⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        118⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        119⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        120⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        121⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        122⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        123⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        124⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        125⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        126⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        127⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        128⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        129⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        130⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        131⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        132⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        133⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        134⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        135⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        136⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        137⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        138⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        139⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        140⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        141⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        142⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        143⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        144⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        146⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        147⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        149⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        150⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        151⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        154⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        155⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        156⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        157⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        158⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        159⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        160⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        161⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        162⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        163⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        164⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        165⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        166⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        167⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        168⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        169⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        170⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        171⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        172⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        174⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        175⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        176⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        177⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        178⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        179⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        180⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        181⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        182⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        183⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        184⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        185⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        186⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        187⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        188⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        189⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        190⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        191⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        192⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        193⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        194⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        195⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        196⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        197⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        198⤵
        Drops file in Program Files directory
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        199⤵
        Drops file in Program Files directory
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        200⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        201⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        202⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        203⤵
        Drops file in Program Files directory
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        204⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        205⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        206⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        207⤵
        Drops file in Program Files directory
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        208⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        209⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        210⤵
        Drops file in Program Files directory
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        211⤵
        Drops file in Program Files directory
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        212⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        213⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        214⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        215⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        216⤵
        Drops file in Program Files directory
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        217⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        218⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        220⤵
        System Location Discovery: System Language Discovery
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        221⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        222⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        223⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        224⤵
        Drops file in Program Files directory
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        225⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        226⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        227⤵
        Drops file in Program Files directory
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        228⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        229⤵
        Drops file in Program Files directory
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        230⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        231⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        232⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        233⤵
        Drops file in Program Files directory
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        234⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        235⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        236⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        237⤵
        Drops file in Program Files directory
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        238⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        239⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        241⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        242⤵
        Drops file in Program Files directory
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        243⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        244⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        245⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        246⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        247⤵
        Drops file in Program Files directory
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        248⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        249⤵
        Drops file in Program Files directory
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        250⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        251⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        252⤵
        Drops file in Program Files directory
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        253⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        254⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        255⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        256⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        257⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        258⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        259⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        260⤵
        Drops file in Program Files directory
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        261⤵
        Drops file in Program Files directory
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        262⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        263⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        264⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        265⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        266⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        267⤵
        Drops file in Program Files directory
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        268⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        269⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        270⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        271⤵
        Drops file in Program Files directory
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        272⤵
        Drops file in Program Files directory
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        273⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        274⤵
        System Location Discovery: System Language Discovery
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        275⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        276⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        277⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        278⤵
        Drops file in Program Files directory
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        279⤵
        Drops file in Program Files directory
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        280⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        281⤵
        Drops file in Program Files directory
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        282⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        283⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        284⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        285⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        286⤵
        Drops file in Program Files directory
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        287⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        288⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        289⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        290⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        291⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        292⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        293⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        294⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        295⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        296⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        297⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        298⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        299⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        300⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        301⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        302⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        303⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        304⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        305⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        306⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        307⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        308⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        309⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        310⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        311⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        312⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        313⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        314⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        315⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        316⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        317⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        318⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        319⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        320⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        321⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        322⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        323⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        324⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        325⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        326⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        327⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        328⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        329⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        330⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        331⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        332⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        333⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        334⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        335⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        336⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        337⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        338⤵
        System Location Discovery: System Language Discovery
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        339⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        340⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        341⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        342⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        343⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        344⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        345⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        346⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        347⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        348⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        349⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        350⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        351⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        352⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        353⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        354⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        355⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        356⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        357⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        358⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        359⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        360⤵
        Drops file in Program Files directory
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        361⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        362⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        363⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        364⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        365⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        366⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        367⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        368⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        369⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        370⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        371⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        372⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        373⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        374⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        375⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        376⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        377⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        378⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        379⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        380⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        381⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        382⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        383⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        384⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        385⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        386⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        387⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        388⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        389⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        390⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        391⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        392⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        393⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        394⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        395⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        396⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        397⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        398⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        399⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        400⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        401⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        402⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        403⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        404⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        405⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        406⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        407⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        408⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        409⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        410⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        411⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        412⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        413⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        414⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        415⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        416⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        417⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        418⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        419⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        420⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        421⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        422⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        423⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        424⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        425⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        426⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        427⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        428⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        429⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        430⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        431⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        432⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        433⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        434⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        435⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        436⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        437⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        438⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        439⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        440⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        441⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        442⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        443⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        444⤵
        System Location Discovery: System Language Discovery
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        445⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        446⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        447⤵
        Drops file in Program Files directory
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        448⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        449⤵
        Drops file in Program Files directory
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        450⤵
        Drops file in Program Files directory
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        451⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        452⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        453⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        454⤵
        Drops file in Program Files directory
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        455⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        456⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        457⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        458⤵
        Drops file in Program Files directory
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        459⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        460⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        461⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        462⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        463⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        464⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        465⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        466⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        467⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        468⤵
        Drops file in Program Files directory
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        469⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        470⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        471⤵
        System Location Discovery: System Language Discovery
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        472⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        473⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        474⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        475⤵
        System Location Discovery: System Language Discovery
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        476⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        477⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        478⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        479⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        480⤵
        Drops file in Program Files directory
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        481⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        482⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        483⤵
        Drops file in Program Files directory
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        484⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        485⤵
        Drops file in Program Files directory
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        486⤵
        Drops file in Program Files directory
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        487⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        488⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        489⤵
        System Location Discovery: System Language Discovery
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        490⤵
        Drops file in Program Files directory
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        491⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        492⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        493⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        494⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        495⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        496⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        497⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        498⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        499⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        500⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        501⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        502⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        503⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        504⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        505⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        506⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        507⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        508⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        509⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        510⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        511⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        512⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        513⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        514⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        515⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        516⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        517⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        518⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        519⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        520⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        521⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        522⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        523⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        524⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        525⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        526⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        527⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        528⤵
        System Location Discovery: System Language Discovery
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        529⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        530⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        531⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        532⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        533⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        534⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        535⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        536⤵
        System Location Discovery: System Language Discovery
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        537⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        538⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        539⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        540⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        541⤵
        System Location Discovery: System Language Discovery
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        542⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        543⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        544⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        545⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        546⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        547⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        548⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        549⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        550⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        551⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        552⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        553⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        554⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        555⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        556⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        557⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        558⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        559⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        560⤵
        System Location Discovery: System Language Discovery
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        561⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        562⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        563⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        564⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        565⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        566⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        567⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        568⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        569⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        570⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        571⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        572⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        573⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        574⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        575⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        576⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        577⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        578⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        579⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        580⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        581⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        582⤵
        System Location Discovery: System Language Discovery
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        583⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        584⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        585⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        586⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        587⤵
        System Location Discovery: System Language Discovery
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        588⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        589⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        590⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        591⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        592⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        593⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        594⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        595⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        596⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        597⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        598⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        599⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        600⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        601⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        602⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        603⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        604⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        605⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        606⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        607⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        608⤵
        System Location Discovery: System Language Discovery
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        609⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        610⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        611⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        612⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        613⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        614⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        615⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        616⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        617⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        618⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        619⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        620⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        621⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        622⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        623⤵
        System Location Discovery: System Language Discovery
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        624⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        625⤵
        System Location Discovery: System Language Discovery
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        626⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        627⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        628⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        629⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        630⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        631⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        632⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        633⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        634⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        635⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        636⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        637⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        638⤵
        System Location Discovery: System Language Discovery
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        639⤵
        Drops file in Program Files directory
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        640⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        641⤵
        System Location Discovery: System Language Discovery
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        642⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        643⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        644⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        645⤵
        Drops file in Program Files directory
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        646⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        647⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        648⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        649⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        650⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        651⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        652⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        653⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        654⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        655⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        656⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        657⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        658⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        659⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        660⤵
        System Location Discovery: System Language Discovery
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        661⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        662⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        663⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        664⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        665⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        666⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        667⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        668⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        669⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        670⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        671⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        672⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        673⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        674⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        675⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        676⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        677⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        678⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        679⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        680⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        681⤵
        System Location Discovery: System Language Discovery
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        682⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        683⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        684⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        685⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        686⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        687⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        688⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        689⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        690⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        691⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        692⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        693⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97e4a4608603f4820a7febbcadd46800N.exe"
        694⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 460
        487⤵
        Program crash
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 460
        487⤵
        Program crash
        
        PID:13816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 372
        485⤵
        Program crash
        
        PID:13752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 400
        480⤵
        Program crash
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 476
        460⤵
        Program crash
        
        PID:14232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 428
        294⤵
        Program crash
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 384
        291⤵
        Program crash
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 388
        288⤵
        Program crash
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 464
        288⤵
        Program crash
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 440
        284⤵
        Program crash
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 392
        283⤵
        Program crash
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 428
        282⤵
        Program crash
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 436
        261⤵
        Program crash
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 436
        254⤵
        Program crash
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 452
        231⤵
        Program crash
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 452
        231⤵
        Program crash
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 436
        230⤵
        Program crash
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 428
        229⤵
        Program crash
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 396
        228⤵
        Program crash
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 396
        228⤵
        Program crash
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 392
        225⤵
        Program crash
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 436
        210⤵
        Program crash
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 436
        210⤵
        Program crash
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 428
        199⤵
        Program crash
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 436
        197⤵
        Program crash
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 472
        197⤵
        Program crash
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 388
        188⤵
        Program crash
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 388
        188⤵
        Program crash
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 436
        99⤵
        Program crash
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 436
        99⤵
        Program crash
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 440
        98⤵
        Program crash
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 484
        98⤵
        Program crash
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 440
        97⤵
        Program crash
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 440
        97⤵
        Program crash
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 436
        50⤵
        Program crash
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 436
        50⤵
        Program crash
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 440
        49⤵
        Program crash
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 440
        49⤵
        Program crash
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 440
        45⤵
        Program crash
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 392
        43⤵
        Program crash
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 460
        43⤵
        Program crash
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 432
        42⤵
        Program crash
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 432
        42⤵
        Program crash
        
        PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7508 -ip 7508
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7492 -ip 7492
1⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7476 -ip 7476
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7528 -ip 7528
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7544 -ip 7544
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7560 -ip 7560
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7576 -ip 7576
1⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7616 -ip 7616
1⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7592 -ip 7592
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7648 -ip 7648
1⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 7632 -ip 7632
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7664 -ip 7664
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7680 -ip 7680
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7696 -ip 7696
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7716 -ip 7716
1⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7752 -ip 7752
1⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7768 -ip 7768
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7476 -ip 7476
1⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7816 -ip 7816
1⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7832 -ip 7832
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7732 -ip 7732
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7784 -ip 7784
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7560 -ip 7560
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7848 -ip 7848
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7912 -ip 7912
1⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 7880 -ip 7880
1⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7576 -ip 7576
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7616 -ip 7616
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7944 -ip 7944
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 7960 -ip 7960
1⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7800 -ip 7800
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7896 -ip 7896
1⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7976 -ip 7976
1⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7864 -ip 7864
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8008 -ip 8008
1⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 8024 -ip 8024
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7928 -ip 7928
1⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8040 -ip 8040
1⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7680 -ip 7680
1⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7664 -ip 7664
1⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7648 -ip 7648
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 8056 -ip 8056
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7592 -ip 7592
1⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7752 -ip 7752
1⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7632 -ip 7632
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 8072 -ip 8072
1⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7992 -ip 7992
1⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7768 -ip 7768
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7716 -ip 7716
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7816 -ip 7816
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7832 -ip 7832
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7784 -ip 7784
1⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7696 -ip 7696
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7912 -ip 7912
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7800 -ip 7800
1⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 7944 -ip 7944
1⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7848 -ip 7848
1⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 7732 -ip 7732
1⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7960 -ip 7960
1⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7896 -ip 7896
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7880 -ip 7880
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 7864 -ip 7864
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7976 -ip 7976
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8008 -ip 8008
1⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8024 -ip 8024
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 8040 -ip 8040
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7928 -ip 7928
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8056 -ip 8056
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 8072 -ip 8072
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5252 -ip 5252
1⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7992 -ip 7992
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7528 -ip 7528
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7492 -ip 7492
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7508 -ip 7508
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7544 -ip 7544
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5252 -ip 5252
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5272 -ip 5272
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5272 -ip 5272
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5288 -ip 5288
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5288 -ip 5288
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1508 -ip 1508
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1508 -ip 1508
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1616 -ip 1616
1⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1616 -ip 1616
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1928 -ip 1928
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1928 -ip 1928
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4428 -ip 4428
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4428 -ip 4428
1⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1532 -ip 1532
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 9488 -ip 9488
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 10168 -ip 10168
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 9000 -ip 9000
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 9420 -ip 9420
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 8556 -ip 8556
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 9420 -ip 9420
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 9912 -ip 9912
1⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8556 -ip 8556
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10044 -ip 10044
1⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 10216 -ip 10216
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9656 -ip 9656
1⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 9912 -ip 9912
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 9488 -ip 9488
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 10216 -ip 10216
1⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 9656 -ip 9656
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4984 -ip 4984
1⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 8904 -ip 8904
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 9456 -ip 9456
1⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 8624 -ip 8624
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10168 -ip 10168
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 9456 -ip 9456
1⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8904 -ip 8904
1⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 9000 -ip 9000
1⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10044 -ip 10044
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6688 -ip 6688
1⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6704 -ip 6704
1⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6720 -ip 6720
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6736 -ip 6736
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6768 -ip 6768
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6800 -ip 6800
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6752 -ip 6752
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6816 -ip 6816
1⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6856 -ip 6856
1⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6884 -ip 6884
1⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6928 -ip 6928
1⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6944 -ip 6944
1⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6964 -ip 6964
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6980 -ip 6980
1⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4984 -ip 4984
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7068 -ip 7068
1⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7124 -ip 7124
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7100 -ip 7100
1⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7024 -ip 7024
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7136 -ip 7136
1⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2200 -ip 2200
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7156 -ip 7156
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2388 -ip 2388
1⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7192 -ip 7192
1⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6336 -ip 6336
1⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6688 -ip 6688
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7232 -ip 7232
1⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7216 -ip 7216
1⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7248 -ip 7248
1⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 7264 -ip 7264
1⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7280 -ip 7280
1⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6768 -ip 6768
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6800 -ip 6800
1⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7312 -ip 7312
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6736 -ip 6736
1⤵
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7328 -ip 7328
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7296 -ip 7296
1⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6752 -ip 6752
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 7344 -ip 7344
1⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7380 -ip 7380
1⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7364 -ip 7364
1⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6720 -ip 6720
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6816 -ip 6816
1⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6884 -ip 6884
1⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6856 -ip 6856
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7396 -ip 7396
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6964 -ip 6964
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6944 -ip 6944
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7412 -ip 7412
1⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7068 -ip 7068
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7428 -ip 7428
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6980 -ip 6980
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7444 -ip 7444
1⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7460 -ip 7460
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7136 -ip 7136
1⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7024 -ip 7024
1⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7124 -ip 7124
1⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7100 -ip 7100
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7156 -ip 7156
1⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2200 -ip 2200
1⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2388 -ip 2388
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 8624 -ip 8624
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6336 -ip 6336
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 7232 -ip 7232
1⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7216 -ip 7216
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7264 -ip 7264
1⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7248 -ip 7248
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7280 -ip 7280
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7312 -ip 7312
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7328 -ip 7328
1⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7344 -ip 7344
1⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7296 -ip 7296
1⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7364 -ip 7364
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7380 -ip 7380
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7396 -ip 7396
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7412 -ip 7412
1⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7428 -ip 7428
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7460 -ip 7460
1⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7444 -ip 7444
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6704 -ip 6704
1⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7192 -ip 7192
1⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 10396 -ip 10396
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6928 -ip 6928
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 10416 -ip 10416
1⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10452 -ip 10452
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 10516 -ip 10516
1⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 10396 -ip 10396
1⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 10560 -ip 10560
1⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 10676 -ip 10676
1⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 10744 -ip 10744
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 10416 -ip 10416
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10780 -ip 10780
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 10760 -ip 10760
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 10452 -ip 10452
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 10828 -ip 10828
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 10792 -ip 10792
1⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 10812 -ip 10812
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 10560 -ip 10560
1⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 10516 -ip 10516
1⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 10896 -ip 10896
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10848 -ip 10848
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 10916 -ip 10916
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10676 -ip 10676
1⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 11016 -ip 11016
1⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10868 -ip 10868
1⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 10884 -ip 10884
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 11028 -ip 11028
1⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 10992 -ip 10992
1⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10956 -ip 10956
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 10932 -ip 10932
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 11064 -ip 11064
1⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 10744 -ip 10744
1⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 11052 -ip 11052
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 11124 -ip 11124
1⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 11160 -ip 11160
1⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 11092 -ip 11092
1⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10780 -ip 10780
1⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5396 -ip 5396
1⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 11184 -ip 11184
1⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7492 -ip 7492
1⤵
PID:13704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 11248 -ip 11248
1⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 11228 -ip 11228
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 11212 -ip 11212
1⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5372 -ip 5372
1⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 10436 -ip 10436
1⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10460 -ip 10460
1⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 10484 -ip 10484
1⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 10528 -ip 10528
1⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 10812 -ip 10812
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 10576 -ip 10576
1⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 10688 -ip 10688
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 10628 -ip 10628
1⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 10644 -ip 10644
1⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 10792 -ip 10792
1⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 10828 -ip 10828
1⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10552 -ip 10552
1⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 10760 -ip 10760
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5812 -ip 5812
1⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5824 -ip 5824
1⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5728 -ip 5728
1⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 10848 -ip 10848
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 10916 -ip 10916
1⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10896 -ip 10896
1⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 10884 -ip 10884
1⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 10868 -ip 10868
1⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 10992 -ip 10992
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 10956 -ip 10956
1⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 10932 -ip 10932
1⤵
PID:14252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 11028 -ip 11028
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 11016 -ip 11016
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 11052 -ip 11052
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 11064 -ip 11064
1⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 11124 -ip 11124
1⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 11092 -ip 11092
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 11160 -ip 11160
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 11184 -ip 11184
1⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 5396 -ip 5396
1⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 11248 -ip 11248
1⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 7492 -ip 7492
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 11212 -ip 11212
1⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 5372 -ip 5372
1⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 11228 -ip 11228
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 10436 -ip 10436
1⤵
PID:13716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10528 -ip 10528
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 10484 -ip 10484
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 10460 -ip 10460
1⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 10628 -ip 10628
1⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 10644 -ip 10644
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 10576 -ip 10576
1⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 5812 -ip 5812
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 5824 -ip 5824
1⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 10552 -ip 10552
1⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5728 -ip 5728
1⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 10688 -ip 10688
1⤵
PID:6812

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2508D12425D665E60EEBC5FF243664A1; domain=.bing.com; expires=Mon, 08-Sep-2025 14:13:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC7CEAB049784115955CCBE7F429EE6F Ref B: LON04EDGE1214 Ref C: 2024-08-14T14:13:49Z
date: Wed, 14 Aug 2024 14:13:49 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2508D12425D665E60EEBC5FF243664A1

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=1B0ddDXx1IcdrR6hrDKnxRZV8-zl-6i5k1GdX7zKkUs; domain=.bing.com; expires=Mon, 08-Sep-2025 14:13:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8064982FE6D748B08A04E6C2099EFDE0 Ref B: LON04EDGE1214 Ref C: 2024-08-14T14:13:49Z
date: Wed, 14 Aug 2024 14:13:49 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2508D12425D665E60EEBC5FF243664A1; MSPTC=1B0ddDXx1IcdrR6hrDKnxRZV8-zl-6i5k1GdX7zKkUs

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4325158CC9C641B9B56AFC7DAD08430E Ref B: LON04EDGE1214 Ref C: 2024-08-14T14:13:49Z
date: Wed, 14 Aug 2024 14:13:49 GMT
DNS

22.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.177.190.20.in-addr.arpa

IN PTR

Response
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

tls, http2

1.9kB
9.2kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

HTTP Response

204

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

132 B
90 B
2
1

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

22.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.177.190.20.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe

Filesize
1.2MB

MD5
e11f3ce2a819cf0f55e9826220e5b3a0

SHA1
4fd7fe074870ec9e77725cbbf7ed0f8f9714ed79

SHA256
4626186bf24ca31c5d385b19542bd0b651d6c3f7c5469d69a881e98725490a69

SHA512
2af5fd20c699a867d52b10754565c49012807231fee118ef36fac17d72f780b4027bdfc5609aeb44349b57e1d02229234a522372c29ddbdd845826bb12faa45c

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1008KB

MD5
7e1dc091b77bd10d51015cad43f5be02

SHA1
6dc00b9b711cc70f2f620ef56b24314ef8adcdd7

SHA256
2787ed9410f54f8a006ad6bc2003713b7644b34dc56baa16fa22abf0a42b2eb0

SHA512
cea9271bc414bd3065f6e021668cb803c00a7c27c4c7f28b78d66642d4d130cbcca686c2c3e40fec948448f5eefeae8c47ca71e40b2bcb8aa3de4e5899c7d0a7

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
346KB

MD5
cf0b065fdb952d06cd0b4d8b0bb38734

SHA1
5773aab90986e3a7f42a4786c318afd54dde6def

SHA256
7abef6b339c0aa29ff17b7a02a8f0c5f7478fd0ddd7c94c037c06bb801795073

SHA512
fc220bc01a3a2a35a77f134802c2f4977142b1ebd7cd4fe2a4c57457eb1aee128ffb18696c3a9c13457871bf86cb1eefc402e4c99060892a7824aa889a2b7f8c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.5MB

MD5
e50dc84da8ff40129f9dd40f46d25882

SHA1
2c01f3c403d5a6a5c833c5aa0ceea1f572740224

SHA256
2d47d09273da9a68dce439119dd833a4c99a7e96572932e32833c101682426d8

SHA512
14c8f3c0db06dfab5e368bba802bfb99e12f881ff100d90837727eaa83f0dfec4274e0b204c6d254cf23de904d64141cc0fc6c447f2a3152f1bc0b1f39f0ef55

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX9107.tmp

Filesize
529KB

MD5
8cccb97985a71e4e38f27b06dda54f93

SHA1
e0917e51826fde57d203890ccdfba61004e5e032

SHA256
d99de0f8751416960e7f53edeaf66d651a4a0b639ec9b9e8c46c5fb4981c7bf0

SHA512
ff4657cd3f757fdd6f034cbf3474d5cef8fd5ce6fba48f36a41ca558d2976b4228887b8a5cfd1258b4970bea5ebfd225dddab0f9bb00c80e83a990c530a8e3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX9118.tmp

Filesize
527KB

MD5
30246e3548bf66361c3893dd71d75c67

SHA1
ac49b9f6f02de0f0d0e1e5c213f6680021f86957

SHA256
b1df1055c6a892f98964264bda37f0cd247a6fb2b1fbc52796492fcdfad24a73

SHA512
cb7ed757c3c1ba0f15faaeb9a4785a7dc027c52ccd76a18e07120ca6c2c51b0159bde9ccf6c597ae614475c087725c198bc86e1879a84c7f2c02741e1c56f818

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX911C.tmp

Filesize
542KB

MD5
73d632a3e6006073d24b757308c18a81

SHA1
ea8e75244102ec9c5d7a3b7c641fc9787bf0eb3a

SHA256
694e242a64829b67dcd25728478c2584770cb37399fd114e8a85e3706a2eb7ba

SHA512
bd10364b0c7776c0375713432d13b55efb6fabaafd759a1cc99bf29e4e4c308b712b1897cd95729488e5d026ab48b6e3709c9abc562a7112af4ec848f9440308

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc90A8.tmp

Filesize
534KB

MD5
97e4a4608603f4820a7febbcadd46800

SHA1
7b7a660383ecd78d95641e6d5d296afb7a2b3371

SHA256
ab8e6d3f8b80ec5370aac106d92edc0721c3796d8f0d3a165bdbf214603535ec

SHA512
b59b747d9d92ced6bc15d89e0057cf37a44e132f572969144f78585c892c9157e18a545b1ccfcc96150ae2b6beaff333340d70cdfe65ea6521021f59144d21d1

Download Submit
memory/5252-1469-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5272-1494-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5288-1527-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5308-1515-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5324-1516-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5340-1517-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5356-1518-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5372-1519-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5388-1520-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5404-1521-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5424-1522-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5444-1523-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5460-1524-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5476-1525-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5492-1526-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5672-1539-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5688-1538-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5704-1537-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5716-1535-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5732-1536-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5748-1534-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5764-1533-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5784-1531-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5796-1532-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5812-1530-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5836-1529-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/5852-1528-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7476-1324-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7492-1466-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7508-1464-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7528-1463-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7544-1467-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7560-1325-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7576-1327-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7592-1332-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7616-1326-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7632-1333-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7648-1329-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7664-1328-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7680-1331-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7696-1446-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7716-1443-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7732-1449-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7752-1330-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7768-1442-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7784-1445-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7800-1447-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7816-1444-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7832-1453-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7848-1454-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7864-1458-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7880-1455-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7896-1451-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7912-1448-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7928-1465-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7944-1450-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7960-1452-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7976-1456-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/7992-1462-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/8008-1457-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/8024-1459-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/8040-1468-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/8056-1461-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download
memory/8072-1460-0x0000000000400000-0x000000000048F000-memory.dmp

Filesize
572KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.