f221cedffb83a769b79666002a385754fe0ac48cc1a775ea6821bd142664c719

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

915dbe41cfb549d6118c26567b9193a0N.exe
Size

529KB
MD5

915dbe41cfb549d6118c26567b9193a0
SHA1

9dc397049909ad2aea4df0ac08c20119d33a5e82
SHA256

f221cedffb83a769b79666002a385754fe0ac48cc1a775ea6821bd142664c719
SHA512

d7f23133b5787e26924f96c8ca5d0e3b5708df503c9d51fdc282d43da7e9fb4508dc6cac6ae749c5e57b3b32d541ac962f123a0cebe41311d06dd267bd08de47
SSDEEP

6144:CLc3ULOJQSfbzTRk5DJqj2uUZARLPw6rBDvvF3apsQeiQCfQkXny4NZQ7IO1u3kP:CLc3ULO2IiSG6v8sQfDXnjZQtUQ

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\StopClose.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	915dbe41cfb549d6118c26567b9193a0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	915dbe41cfb549d6118c26567b9193a0N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
11424	6628	WerFault.exe	260
2892	6644	WerFault.exe	261
10900	6660	WerFault.exe	262
11660	6676	WerFault.exe	263
520	6660	WerFault.exe	262
6952	6628	WerFault.exe	260
6956	6676	WerFault.exe	263
7032	6644	WerFault.exe	261
13308	10540	WerFault.exe	500
12504	10572	WerFault.exe	502
13028	10556	WerFault.exe	501
13108	10588	WerFault.exe	503
12544	10812	WerFault.exe	517
13096	10780	WerFault.exe	515
10900	10540	WerFault.exe	500
11396	10556	WerFault.exe	501
7024	2536	WerFault.exe	111
7224	2536	WerFault.exe	111
12740	2900	WerFault.exe	97
13024	2900	WerFault.exe	97
13796	2276	WerFault.exe	94
14028	2276	WerFault.exe	94
13656	4272	WerFault.exe	93
14436	11676	WerFault.exe	603
14720	6724	WerFault.exe	605
14748	12052	WerFault.exe	607
16320	6768	WerFault.exe	616
16276	11800	WerFault.exe	642
16284	6864	WerFault.exe	643
14684	11676	WerFault.exe	603
16288	6724	WerFault.exe	605
14692	4272	WerFault.exe	93
12264	5528	WerFault.exe	196
15348	12224	WerFault.exe	560
14864	11344	WerFault.exe	570
15140	12224	WerFault.exe	560
15304	11864	WerFault.exe	573
14448	11532	WerFault.exe	575
14976	11744	Process not Found	583
11860	11972	Process not Found	599
11240	10960	Process not Found	593
11800	11864	Process not Found	573
15100	11744	Process not Found	583
15304	11972	Process not Found	599
11676	5528	Process not Found	196
16444	7632	Process not Found	322
16760	7664	Process not Found	324
16868	7648	Process not Found	323
17340	7696	Process not Found	326
7776	8564	Process not Found	372
14256	8548	Process not Found	371
17100	8740	Process not Found	383
7820	8708	Process not Found	381
16748	17000	Process not Found	1225
16756	17356	Process not Found	1218
16700	17180	Process not Found	1227
7972	17000	Process not Found	1225
8004	17356	Process not Found	1218
8772	16796	Process not Found	1236
8724	17196	Process not Found	1247
7960	17180	Process not Found	1227
8696	16988	Process not Found	1260
16908	16796	Process not Found	1236
8576	17196	Process not Found	1247

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	915dbe41cfb549d6118c26567b9193a0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2652	915dbe41cfb549d6118c26567b9193a0N.exe
2652	915dbe41cfb549d6118c26567b9193a0N.exe
4508	915dbe41cfb549d6118c26567b9193a0N.exe
4508	915dbe41cfb549d6118c26567b9193a0N.exe
3616	915dbe41cfb549d6118c26567b9193a0N.exe
3616	915dbe41cfb549d6118c26567b9193a0N.exe
1736	915dbe41cfb549d6118c26567b9193a0N.exe
1736	915dbe41cfb549d6118c26567b9193a0N.exe
1412	915dbe41cfb549d6118c26567b9193a0N.exe
1412	915dbe41cfb549d6118c26567b9193a0N.exe
2584	915dbe41cfb549d6118c26567b9193a0N.exe
2584	915dbe41cfb549d6118c26567b9193a0N.exe
2304	915dbe41cfb549d6118c26567b9193a0N.exe
2304	915dbe41cfb549d6118c26567b9193a0N.exe
3404	915dbe41cfb549d6118c26567b9193a0N.exe
3404	915dbe41cfb549d6118c26567b9193a0N.exe
4840	915dbe41cfb549d6118c26567b9193a0N.exe
4840	915dbe41cfb549d6118c26567b9193a0N.exe
4176	915dbe41cfb549d6118c26567b9193a0N.exe
4176	915dbe41cfb549d6118c26567b9193a0N.exe
4272	915dbe41cfb549d6118c26567b9193a0N.exe
4272	915dbe41cfb549d6118c26567b9193a0N.exe
2276	915dbe41cfb549d6118c26567b9193a0N.exe
2276	915dbe41cfb549d6118c26567b9193a0N.exe
5112	915dbe41cfb549d6118c26567b9193a0N.exe
5112	915dbe41cfb549d6118c26567b9193a0N.exe
3468	915dbe41cfb549d6118c26567b9193a0N.exe
3468	915dbe41cfb549d6118c26567b9193a0N.exe
2900	915dbe41cfb549d6118c26567b9193a0N.exe
2900	915dbe41cfb549d6118c26567b9193a0N.exe
2440	915dbe41cfb549d6118c26567b9193a0N.exe
2440	915dbe41cfb549d6118c26567b9193a0N.exe
2340	915dbe41cfb549d6118c26567b9193a0N.exe
2340	915dbe41cfb549d6118c26567b9193a0N.exe
3452	915dbe41cfb549d6118c26567b9193a0N.exe
3452	915dbe41cfb549d6118c26567b9193a0N.exe
4080	915dbe41cfb549d6118c26567b9193a0N.exe
4080	915dbe41cfb549d6118c26567b9193a0N.exe
1492	915dbe41cfb549d6118c26567b9193a0N.exe
1492	915dbe41cfb549d6118c26567b9193a0N.exe
3648	915dbe41cfb549d6118c26567b9193a0N.exe
3648	915dbe41cfb549d6118c26567b9193a0N.exe
1968	915dbe41cfb549d6118c26567b9193a0N.exe
1968	915dbe41cfb549d6118c26567b9193a0N.exe
4900	915dbe41cfb549d6118c26567b9193a0N.exe
4900	915dbe41cfb549d6118c26567b9193a0N.exe
2000	915dbe41cfb549d6118c26567b9193a0N.exe
2000	915dbe41cfb549d6118c26567b9193a0N.exe
2772	915dbe41cfb549d6118c26567b9193a0N.exe
2772	915dbe41cfb549d6118c26567b9193a0N.exe
1304	915dbe41cfb549d6118c26567b9193a0N.exe
1304	915dbe41cfb549d6118c26567b9193a0N.exe
4872	915dbe41cfb549d6118c26567b9193a0N.exe
4872	915dbe41cfb549d6118c26567b9193a0N.exe
4764	915dbe41cfb549d6118c26567b9193a0N.exe
4764	915dbe41cfb549d6118c26567b9193a0N.exe
2536	915dbe41cfb549d6118c26567b9193a0N.exe
2536	915dbe41cfb549d6118c26567b9193a0N.exe
1564	915dbe41cfb549d6118c26567b9193a0N.exe
1564	915dbe41cfb549d6118c26567b9193a0N.exe
1872	915dbe41cfb549d6118c26567b9193a0N.exe
1872	915dbe41cfb549d6118c26567b9193a0N.exe
3212	915dbe41cfb549d6118c26567b9193a0N.exe
3212	915dbe41cfb549d6118c26567b9193a0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 4508	2652	915dbe41cfb549d6118c26567b9193a0N.exe	84
PID 2652 wrote to memory of 4508	2652	915dbe41cfb549d6118c26567b9193a0N.exe	84
PID 2652 wrote to memory of 4508	2652	915dbe41cfb549d6118c26567b9193a0N.exe	84
PID 4508 wrote to memory of 3616	4508	915dbe41cfb549d6118c26567b9193a0N.exe	85
PID 4508 wrote to memory of 3616	4508	915dbe41cfb549d6118c26567b9193a0N.exe	85
PID 4508 wrote to memory of 3616	4508	915dbe41cfb549d6118c26567b9193a0N.exe	85
PID 3616 wrote to memory of 1736	3616	915dbe41cfb549d6118c26567b9193a0N.exe	86
PID 3616 wrote to memory of 1736	3616	915dbe41cfb549d6118c26567b9193a0N.exe	86
PID 3616 wrote to memory of 1736	3616	915dbe41cfb549d6118c26567b9193a0N.exe	86
PID 1736 wrote to memory of 1412	1736	915dbe41cfb549d6118c26567b9193a0N.exe	87
PID 1736 wrote to memory of 1412	1736	915dbe41cfb549d6118c26567b9193a0N.exe	87
PID 1736 wrote to memory of 1412	1736	915dbe41cfb549d6118c26567b9193a0N.exe	87
PID 1412 wrote to memory of 2584	1412	915dbe41cfb549d6118c26567b9193a0N.exe	88
PID 1412 wrote to memory of 2584	1412	915dbe41cfb549d6118c26567b9193a0N.exe	88
PID 1412 wrote to memory of 2584	1412	915dbe41cfb549d6118c26567b9193a0N.exe	88
PID 2584 wrote to memory of 2304	2584	915dbe41cfb549d6118c26567b9193a0N.exe	89
PID 2584 wrote to memory of 2304	2584	915dbe41cfb549d6118c26567b9193a0N.exe	89
PID 2584 wrote to memory of 2304	2584	915dbe41cfb549d6118c26567b9193a0N.exe	89
PID 2304 wrote to memory of 3404	2304	915dbe41cfb549d6118c26567b9193a0N.exe	90
PID 2304 wrote to memory of 3404	2304	915dbe41cfb549d6118c26567b9193a0N.exe	90
PID 2304 wrote to memory of 3404	2304	915dbe41cfb549d6118c26567b9193a0N.exe	90
PID 3404 wrote to memory of 4840	3404	915dbe41cfb549d6118c26567b9193a0N.exe	91
PID 3404 wrote to memory of 4840	3404	915dbe41cfb549d6118c26567b9193a0N.exe	91
PID 3404 wrote to memory of 4840	3404	915dbe41cfb549d6118c26567b9193a0N.exe	91
PID 4840 wrote to memory of 4176	4840	915dbe41cfb549d6118c26567b9193a0N.exe	92
PID 4840 wrote to memory of 4176	4840	915dbe41cfb549d6118c26567b9193a0N.exe	92
PID 4840 wrote to memory of 4176	4840	915dbe41cfb549d6118c26567b9193a0N.exe	92
PID 4176 wrote to memory of 4272	4176	915dbe41cfb549d6118c26567b9193a0N.exe	93
PID 4176 wrote to memory of 4272	4176	915dbe41cfb549d6118c26567b9193a0N.exe	93
PID 4176 wrote to memory of 4272	4176	915dbe41cfb549d6118c26567b9193a0N.exe	93
PID 4272 wrote to memory of 2276	4272	915dbe41cfb549d6118c26567b9193a0N.exe	94
PID 4272 wrote to memory of 2276	4272	915dbe41cfb549d6118c26567b9193a0N.exe	94
PID 4272 wrote to memory of 2276	4272	915dbe41cfb549d6118c26567b9193a0N.exe	94
PID 2276 wrote to memory of 5112	2276	915dbe41cfb549d6118c26567b9193a0N.exe	95
PID 2276 wrote to memory of 5112	2276	915dbe41cfb549d6118c26567b9193a0N.exe	95
PID 2276 wrote to memory of 5112	2276	915dbe41cfb549d6118c26567b9193a0N.exe	95
PID 5112 wrote to memory of 3468	5112	915dbe41cfb549d6118c26567b9193a0N.exe	96
PID 5112 wrote to memory of 3468	5112	915dbe41cfb549d6118c26567b9193a0N.exe	96
PID 5112 wrote to memory of 3468	5112	915dbe41cfb549d6118c26567b9193a0N.exe	96
PID 3468 wrote to memory of 2900	3468	915dbe41cfb549d6118c26567b9193a0N.exe	97
PID 3468 wrote to memory of 2900	3468	915dbe41cfb549d6118c26567b9193a0N.exe	97
PID 3468 wrote to memory of 2900	3468	915dbe41cfb549d6118c26567b9193a0N.exe	97
PID 2900 wrote to memory of 2440	2900	915dbe41cfb549d6118c26567b9193a0N.exe	98
PID 2900 wrote to memory of 2440	2900	915dbe41cfb549d6118c26567b9193a0N.exe	98
PID 2900 wrote to memory of 2440	2900	915dbe41cfb549d6118c26567b9193a0N.exe	98
PID 2440 wrote to memory of 2340	2440	915dbe41cfb549d6118c26567b9193a0N.exe	99
PID 2440 wrote to memory of 2340	2440	915dbe41cfb549d6118c26567b9193a0N.exe	99
PID 2440 wrote to memory of 2340	2440	915dbe41cfb549d6118c26567b9193a0N.exe	99
PID 2340 wrote to memory of 3452	2340	915dbe41cfb549d6118c26567b9193a0N.exe	100
PID 2340 wrote to memory of 3452	2340	915dbe41cfb549d6118c26567b9193a0N.exe	100
PID 2340 wrote to memory of 3452	2340	915dbe41cfb549d6118c26567b9193a0N.exe	100
PID 3452 wrote to memory of 4080	3452	915dbe41cfb549d6118c26567b9193a0N.exe	101
PID 3452 wrote to memory of 4080	3452	915dbe41cfb549d6118c26567b9193a0N.exe	101
PID 3452 wrote to memory of 4080	3452	915dbe41cfb549d6118c26567b9193a0N.exe	101
PID 4080 wrote to memory of 1492	4080	915dbe41cfb549d6118c26567b9193a0N.exe	102
PID 4080 wrote to memory of 1492	4080	915dbe41cfb549d6118c26567b9193a0N.exe	102
PID 4080 wrote to memory of 1492	4080	915dbe41cfb549d6118c26567b9193a0N.exe	102
PID 1492 wrote to memory of 3648	1492	915dbe41cfb549d6118c26567b9193a0N.exe	103
PID 1492 wrote to memory of 3648	1492	915dbe41cfb549d6118c26567b9193a0N.exe	103
PID 1492 wrote to memory of 3648	1492	915dbe41cfb549d6118c26567b9193a0N.exe	103
PID 3648 wrote to memory of 1968	3648	915dbe41cfb549d6118c26567b9193a0N.exe	104
PID 3648 wrote to memory of 1968	3648	915dbe41cfb549d6118c26567b9193a0N.exe	104
PID 3648 wrote to memory of 1968	3648	915dbe41cfb549d6118c26567b9193a0N.exe	104
PID 1968 wrote to memory of 4900	1968	915dbe41cfb549d6118c26567b9193a0N.exe	105

C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
"C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        12⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        15⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        25⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        26⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        29⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        31⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        33⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        34⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        35⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        36⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        38⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        39⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        40⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        41⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        42⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        43⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        45⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        46⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        47⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        48⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        49⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        50⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        51⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        52⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        53⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        54⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        55⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        56⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        57⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        58⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        59⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        60⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        61⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        62⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        63⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        64⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        65⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        66⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        67⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        68⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        69⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        70⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        71⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        72⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        73⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        74⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        75⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        76⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        78⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        79⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        80⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        81⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        82⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        83⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        84⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        85⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        86⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        87⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        88⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        89⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        90⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        92⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        93⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        94⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        95⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        96⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        97⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        98⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        100⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        101⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        102⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        104⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        105⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        106⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        107⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        108⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        109⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        110⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        111⤵
        Drops file in Program Files directory
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        112⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        113⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        114⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        115⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        116⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        117⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        118⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        119⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        120⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        122⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        123⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        124⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        125⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        126⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        127⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        128⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        129⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        131⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        132⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        133⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        134⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        135⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        137⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        138⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        139⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        141⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        142⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        143⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        144⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        145⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        146⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        147⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        148⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        149⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        150⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        152⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        153⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        154⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        155⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        156⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        157⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        159⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        160⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        161⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        162⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        163⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        164⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        165⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        166⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        167⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        168⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        169⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        170⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        171⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        172⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        173⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        174⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        175⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        177⤵
        Drops file in Program Files directory
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        178⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        179⤵
        Drops file in Program Files directory
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        180⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        181⤵
        Drops file in Program Files directory
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        182⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        183⤵
        Drops file in Program Files directory
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        184⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        185⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        186⤵
        Drops file in Program Files directory
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        187⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        188⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        189⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        190⤵
        Drops file in Program Files directory
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        191⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        192⤵
        Drops file in Program Files directory
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        193⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        195⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        196⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        197⤵
        Drops file in Program Files directory
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        198⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        199⤵
        Drops file in Program Files directory
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        200⤵
        Drops file in Program Files directory
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        201⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        202⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        203⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        204⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        205⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        206⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        207⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        208⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        209⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        210⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        212⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        213⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        214⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        215⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        216⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        217⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        218⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        219⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        220⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        221⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        222⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        223⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        224⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        225⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        226⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        227⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        228⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        229⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        230⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        231⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        232⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        233⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        234⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        235⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        236⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        237⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        238⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        239⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        240⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        241⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        242⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        243⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        244⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        245⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        246⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        247⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        248⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        249⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        250⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        251⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        252⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        253⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        254⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        255⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        256⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        257⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        258⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        259⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        260⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        261⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        262⤵
        System Location Discovery: System Language Discovery
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        263⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        264⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        265⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        266⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        267⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        268⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        269⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        270⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        271⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        272⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        273⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        274⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        275⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        276⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        277⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        278⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        279⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        280⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        281⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        282⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        283⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        284⤵
        System Location Discovery: System Language Discovery
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        285⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        286⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        287⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        288⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        289⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        290⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        291⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        292⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        293⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        294⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        295⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        296⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        297⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        298⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        299⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        300⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        301⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        302⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        303⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        304⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        305⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        306⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        307⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        308⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        309⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        310⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        311⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        312⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        313⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        314⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        315⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        316⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        317⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        318⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        319⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        320⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        321⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        322⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        323⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        324⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        325⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        326⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        327⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        328⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        329⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        330⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        331⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        332⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        333⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        334⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        335⤵
        System Location Discovery: System Language Discovery
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        336⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        337⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        338⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        339⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        340⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        341⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        342⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        343⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        344⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        345⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        346⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        347⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        348⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        349⤵
        System Location Discovery: System Language Discovery
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        350⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        351⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        352⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        353⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        354⤵
        System Location Discovery: System Language Discovery
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        355⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        356⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        357⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        358⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        359⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        360⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        361⤵
        System Location Discovery: System Language Discovery
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        362⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        363⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        364⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        365⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        366⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        367⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        368⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        369⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        370⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        371⤵
        System Location Discovery: System Language Discovery
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        372⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        373⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        374⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        375⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        376⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        377⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        378⤵
        System Location Discovery: System Language Discovery
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        379⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        380⤵
        System Location Discovery: System Language Discovery
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        381⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        382⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        383⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        384⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        385⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        386⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        387⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        388⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        389⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        390⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        391⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        392⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        393⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        394⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        395⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        396⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        397⤵
        System Location Discovery: System Language Discovery
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        398⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        399⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        400⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        401⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        402⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        403⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        404⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        405⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        406⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        407⤵
        System Location Discovery: System Language Discovery
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        408⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        409⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        410⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        411⤵
        Drops file in Program Files directory
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        412⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        413⤵
        Drops file in Program Files directory
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        414⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        415⤵
        Drops file in Program Files directory
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        416⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        417⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        418⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        419⤵
        Drops file in Program Files directory
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        420⤵
        Drops file in Program Files directory
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        421⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        422⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        423⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        424⤵
        Drops file in Program Files directory
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        425⤵
        Drops file in Program Files directory
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        426⤵
        System Location Discovery: System Language Discovery
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        427⤵
        Drops file in Program Files directory
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        428⤵
        Drops file in Program Files directory
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        429⤵
        Drops file in Program Files directory
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        430⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        431⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        432⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        433⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        434⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        435⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        436⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        437⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        438⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        439⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        440⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        441⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        442⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        443⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        444⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        445⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        446⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        447⤵
        Drops file in Program Files directory
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        448⤵
        System Location Discovery: System Language Discovery
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        449⤵
        System Location Discovery: System Language Discovery
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        450⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        451⤵
        Drops file in Program Files directory
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        452⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        453⤵
        Drops file in Program Files directory
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        454⤵
        Drops file in Program Files directory
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        455⤵
        Drops file in Program Files directory
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        456⤵
        Drops file in Program Files directory
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        457⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        458⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        459⤵
        Drops file in Program Files directory
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        460⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        461⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        462⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        463⤵
        Drops file in Program Files directory
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        464⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        465⤵
        System Location Discovery: System Language Discovery
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        466⤵
        Drops file in Program Files directory
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        467⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        468⤵
        Drops file in Program Files directory
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        469⤵
        Drops file in Program Files directory
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        470⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        471⤵
        Drops file in Program Files directory
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        472⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        473⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        474⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        475⤵
        Drops file in Program Files directory
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        476⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        477⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        478⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        479⤵
        Drops file in Program Files directory
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        480⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        481⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        482⤵
        Drops file in Program Files directory
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        483⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        484⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        485⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        486⤵
        Drops file in Program Files directory
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        487⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        488⤵
        Drops file in Program Files directory
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        489⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        490⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        491⤵
        Drops file in Program Files directory
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        492⤵
        Drops file in Program Files directory
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        493⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        494⤵
        Drops file in Program Files directory
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        495⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        496⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        497⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        498⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        499⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        500⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        501⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        502⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        503⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        504⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        505⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        506⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        507⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        508⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        509⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        510⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        511⤵
        System Location Discovery: System Language Discovery
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        512⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        513⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        514⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        515⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        516⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        517⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        518⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        519⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        520⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        521⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        522⤵
        System Location Discovery: System Language Discovery
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        523⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        524⤵
        System Location Discovery: System Language Discovery
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        525⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        526⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        527⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        528⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        529⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        530⤵
        System Location Discovery: System Language Discovery
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        531⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        532⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        533⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        534⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        535⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        536⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        537⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        538⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        539⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        540⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        541⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        542⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        543⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        544⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        545⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        546⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        547⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        548⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        549⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        550⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        551⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        552⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        553⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        554⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        555⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        556⤵
        System Location Discovery: System Language Discovery
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        557⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        558⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        559⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        560⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        561⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        562⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        563⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        564⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        565⤵
        System Location Discovery: System Language Discovery
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        566⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        567⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        568⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        569⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        570⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        571⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        572⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        573⤵
        System Location Discovery: System Language Discovery
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        574⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        575⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        576⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        577⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        578⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        579⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        580⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        581⤵
        System Location Discovery: System Language Discovery
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        582⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        583⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        584⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        585⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        586⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        587⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        588⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        589⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        590⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        591⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        592⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        593⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        594⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        595⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        596⤵
        System Location Discovery: System Language Discovery
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        597⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        598⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        599⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        600⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        601⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        602⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        603⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        604⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        605⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        606⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        607⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        608⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        609⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        610⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        611⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        612⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        613⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        614⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        615⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        616⤵
        System Location Discovery: System Language Discovery
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        617⤵
        System Location Discovery: System Language Discovery
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        618⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        619⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        620⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        621⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        622⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        623⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        624⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        625⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        626⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        627⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        628⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        629⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        630⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        631⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        632⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        633⤵
        System Location Discovery: System Language Discovery
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        634⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        635⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        636⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        637⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        638⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        639⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        640⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        641⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        642⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        643⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        644⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        645⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        646⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        647⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        648⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        649⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        650⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        651⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        652⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        653⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        654⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        655⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        656⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        657⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        658⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        659⤵
        System Location Discovery: System Language Discovery
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        660⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        661⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        662⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        663⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        664⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        665⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        666⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        667⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        668⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        669⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        670⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        671⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        672⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        673⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        674⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        675⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        676⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        677⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        678⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        679⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        680⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        681⤵
        System Location Discovery: System Language Discovery
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        682⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        683⤵
        System Location Discovery: System Language Discovery
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        684⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        685⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        686⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        687⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        688⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        689⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        690⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        691⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        692⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        693⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        694⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        695⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        696⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        697⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        698⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        699⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        700⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        701⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        702⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        703⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        704⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        705⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        706⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        707⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        708⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        709⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        710⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        711⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        712⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        713⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        714⤵
        System Location Discovery: System Language Discovery
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        715⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        716⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        717⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        718⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        719⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        720⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        721⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        722⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        723⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        724⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        725⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        726⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        727⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        728⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        729⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        730⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        731⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        732⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        733⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        734⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        735⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        736⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        737⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        738⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        739⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        740⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        741⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        742⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        743⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        744⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        745⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        746⤵
        System Location Discovery: System Language Discovery
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        747⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        748⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        749⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        750⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        751⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        752⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        753⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        754⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        755⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        756⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        757⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        758⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        759⤵
        System Location Discovery: System Language Discovery
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        760⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        761⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        762⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        763⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        764⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        765⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        766⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        767⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        768⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        769⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        770⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        771⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        772⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        773⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        774⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        775⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        776⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        777⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        778⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        779⤵
        System Location Discovery: System Language Discovery
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        780⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        781⤵
        System Location Discovery: System Language Discovery
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        782⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        783⤵
        System Location Discovery: System Language Discovery
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        784⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        785⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        786⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        787⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        788⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        789⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        790⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        791⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        792⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        793⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        794⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        795⤵
        System Location Discovery: System Language Discovery
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        796⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        797⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        798⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        799⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        800⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        801⤵
        System Location Discovery: System Language Discovery
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        802⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\915dbe41cfb549d6118c26567b9193a0N.exe"
        803⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 460
        497⤵
        Program crash
        
        PID:16284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11800 -s 476
        496⤵
        Program crash
        
        PID:16276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 436
        471⤵
        Program crash
        
        PID:16320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12052 -s 444
        465⤵
        Program crash
        
        PID:14748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 436
        464⤵
        Program crash
        
        PID:14720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 436
        464⤵
        Program crash
        
        PID:16288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11676 -s 436
        463⤵
        Program crash
        
        PID:14436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11676 -s 436
        463⤵
        Program crash
        
        PID:14684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11532 -s 448
        450⤵
        Program crash
        
        PID:14448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11864 -s 424
        449⤵
        Program crash
        
        PID:15304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11344 -s 436
        448⤵
        Program crash
        
        PID:14864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12224 -s 432
        447⤵
        Program crash
        
        PID:15348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12224 -s 428
        447⤵
        Program crash
        
        PID:15140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 468
        428⤵
        Program crash
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 472
        426⤵
        Program crash
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 440
        414⤵
        Program crash
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 428
        413⤵
        Program crash
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 436
        412⤵
        Program crash
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 436
        412⤵
        Program crash
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 372
        411⤵
        Program crash
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 372
        411⤵
        Program crash
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 432
        179⤵
        Program crash
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 432
        179⤵
        Program crash
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 436
        178⤵
        Program crash
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 436
        178⤵
        Program crash
        
        PID:520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 392
        177⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 392
        177⤵
        Program crash
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 428
        176⤵
        Program crash
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 448
        176⤵
        Program crash
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 408
        112⤵
        Program crash
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 432
        30⤵
        Program crash
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 432
        30⤵
        Program crash
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 440
        16⤵
        Program crash
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 440
        16⤵
        Program crash
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 440
        13⤵
        Program crash
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 440
        13⤵
        Program crash
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 440
        12⤵
        Program crash
        
        PID:13656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 440
        12⤵
        Program crash
        
        PID:14692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6676 -ip 6676
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6660 -ip 6660
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6644 -ip 6644
1⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 6628 -ip 6628
1⤵
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6608 -ip 6608
1⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6728 -ip 6728
1⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6696 -ip 6696
1⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6712 -ip 6712
1⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6760 -ip 6760
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6776 -ip 6776
1⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6744 -ip 6744
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6792 -ip 6792
1⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6608 -ip 6608
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6808 -ip 6808
1⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6824 -ip 6824
1⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6728 -ip 6728
1⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6696 -ip 6696
1⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 6888 -ip 6888
1⤵
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6712 -ip 6712
1⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6840 -ip 6840
1⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6920 -ip 6920
1⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6856 -ip 6856
1⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6872 -ip 6872
1⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6776 -ip 6776
1⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6760 -ip 6760
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6792 -ip 6792
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6936 -ip 6936
1⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6744 -ip 6744
1⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6904 -ip 6904
1⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6824 -ip 6824
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6808 -ip 6808
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6968 -ip 6968
1⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6952 -ip 6952
1⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6988 -ip 6988
1⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7004 -ip 7004
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7020 -ip 7020
1⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6888 -ip 6888
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7036 -ip 7036
1⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6936 -ip 6936
1⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6856 -ip 6856
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6872 -ip 6872
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6920 -ip 6920
1⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6904 -ip 6904
1⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6840 -ip 6840
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6968 -ip 6968
1⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6952 -ip 6952
1⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6988 -ip 6988
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7004 -ip 7004
1⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7020 -ip 7020
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7036 -ip 7036
1⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6660 -ip 6660
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6676 -ip 6676
1⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6628 -ip 6628
1⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6644 -ip 6644
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 10540 -ip 10540
1⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 10556 -ip 10556
1⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 10572 -ip 10572
1⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 10604 -ip 10604
1⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 10588 -ip 10588
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 10636 -ip 10636
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10620 -ip 10620
1⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 10652 -ip 10652
1⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 10668 -ip 10668
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 10684 -ip 10684
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 10700 -ip 10700
1⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10604 -ip 10604
1⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 10716 -ip 10716
1⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10636 -ip 10636
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 10620 -ip 10620
1⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10652 -ip 10652
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 10732 -ip 10732
1⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 10668 -ip 10668
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 10748 -ip 10748
1⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10684 -ip 10684
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 10764 -ip 10764
1⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 10700 -ip 10700
1⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 10716 -ip 10716
1⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 10780 -ip 10780
1⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10796 -ip 10796
1⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 10812 -ip 10812
1⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 10828 -ip 10828
1⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10732 -ip 10732
1⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10848 -ip 10848
1⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 10748 -ip 10748
1⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 10764 -ip 10764
1⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10780 -ip 10780
1⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 10812 -ip 10812
1⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 10828 -ip 10828
1⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 10796 -ip 10796
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 10848 -ip 10848
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 10540 -ip 10540
1⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 10572 -ip 10572
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 10556 -ip 10556
1⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 10588 -ip 10588
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2536 -ip 2536
1⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2536 -ip 2536
1⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2900 -ip 2900
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2900 -ip 2900
1⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2276 -ip 2276
1⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2276 -ip 2276
1⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4272 -ip 4272
1⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 11676 -ip 11676
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6724 -ip 6724
1⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 12052 -ip 12052
1⤵
PID:14420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 12136 -ip 12136
1⤵
PID:14448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 11876 -ip 11876
1⤵
PID:14684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 11088 -ip 11088
1⤵
PID:15108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6768 -ip 6768
1⤵
PID:14392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 12136 -ip 12136
1⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 11876 -ip 11876
1⤵
PID:14452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 11004 -ip 11004
1⤵
PID:15460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 12000 -ip 12000
1⤵
PID:15980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1768 -ip 1768
1⤵
PID:16328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 11336 -ip 11336
1⤵
PID:16344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6740 -ip 6740
1⤵
PID:14712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 11332 -ip 11332
1⤵
PID:14760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6788 -ip 6788
1⤵
PID:15024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 11816 -ip 11816
1⤵
PID:15032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 11856 -ip 11856
1⤵
PID:15096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2116 -ip 2116
1⤵
PID:14636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6784 -ip 6784
1⤵
PID:15716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6760 -ip 6760
1⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 11516 -ip 11516
1⤵
PID:15184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 11912 -ip 11912
1⤵
PID:14932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6816 -ip 6816
1⤵
PID:14352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6820 -ip 6820
1⤵
PID:14660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6776 -ip 6776
1⤵
PID:14688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 12264 -ip 12264
1⤵
PID:14796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 12256 -ip 12256
1⤵
PID:14808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10356 -ip 10356
1⤵
PID:14816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 11256 -ip 11256
1⤵
PID:15640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 11608 -ip 11608
1⤵
PID:15648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 11696 -ip 11696
1⤵
PID:15656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 11280 -ip 11280
1⤵
PID:14784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 11384 -ip 11384
1⤵
PID:16156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 11088 -ip 11088
1⤵
PID:16172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 12096 -ip 12096
1⤵
PID:16180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 11004 -ip 11004
1⤵
PID:14376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 12000 -ip 12000
1⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1768 -ip 1768
1⤵
PID:14512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 11800 -ip 11800
1⤵
PID:15216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6864 -ip 6864
1⤵
PID:14828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 11336 -ip 11336
1⤵
PID:14868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 11240 -ip 11240
1⤵
PID:14900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 11332 -ip 11332
1⤵
PID:15244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 11816 -ip 11816
1⤵
PID:15252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6740 -ip 6740
1⤵
PID:14476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 11856 -ip 11856
1⤵
PID:14544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6788 -ip 6788
1⤵
PID:14548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2116 -ip 2116
1⤵
PID:15372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6760 -ip 6760
1⤵
PID:15404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6784 -ip 6784
1⤵
PID:15432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 11516 -ip 11516
1⤵
PID:15484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 11912 -ip 11912
1⤵
PID:15512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6816 -ip 6816
1⤵
PID:15520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 10356 -ip 10356
1⤵
PID:15528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 11696 -ip 11696
1⤵
PID:15552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6820 -ip 6820
1⤵
PID:15584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 11256 -ip 11256
1⤵
PID:15616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 12264 -ip 12264
1⤵
PID:16220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 11608 -ip 11608
1⤵
PID:15112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6776 -ip 6776
1⤵
PID:15752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 12256 -ip 12256
1⤵
PID:15784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 11384 -ip 11384
1⤵
PID:15808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 11280 -ip 11280
1⤵
PID:15844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 12096 -ip 12096
1⤵
PID:15876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 11800 -ip 11800
1⤵
PID:15900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6864 -ip 6864
1⤵
PID:15908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 11240 -ip 11240
1⤵
PID:15936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 11676 -ip 11676
1⤵
PID:16088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6724 -ip 6724
1⤵
PID:16112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6768 -ip 6768
1⤵
PID:16036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 12052 -ip 12052
1⤵
PID:14588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4272 -ip 4272
1⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5528 -ip 5528
1⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 12224 -ip 12224
1⤵
PID:16348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 11344 -ip 11344
1⤵
PID:14692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 12224 -ip 12224
1⤵
PID:16356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 11864 -ip 11864
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 11532 -ip 11532
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 11728 -ip 11728
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 12228 -ip 12228
1⤵
PID:14976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 11744 -ip 11744
1⤵
PID:14780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe

Filesize
1.2MB

MD5
bd4505b7d4d55029905f913ec3d455fa

SHA1
6309988e7ed5fa88d3d9c2d1596dee7025989acc

SHA256
2f84b63dc70b93221e88c976c6ae0c136c956aa21b693ace9cd4398a4a3c4c2e

SHA512
bf2731d2e665acce3a348fd09dde6610338d450688c8bf6c2ad8ce4ca2e6c18de93623ad8243607cee66c6422c581a65f5f15f52615fa0a6bbcb8fa9fd2479f7

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
341KB

MD5
4d0e5190e1e707e3b39bcb7949dc7a75

SHA1
651b726a51478fa4be9f541c1f3cf475b5181ed2

SHA256
2228efe20cd2d71efe2100c12f93f501ba35cb487af8d5613fb15c259cc2fac9

SHA512
359c738d5a4c4f9814f459cdacd3f1ddbb6b4ad478a3ba2b30d161126074adeaf779b6b1bb0eb1aef243484b77e3d13e0067a25483a55f52f40afe6b741941d4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.5MB

MD5
ab5c570323fe953aec88dd11424df53c

SHA1
ead151ce1f20539b6a12ffa3024146dbf06248fc

SHA256
c447ec030260765c0c4584ac976ae269ac094aac0efd9a7020a1782a324ffb5e

SHA512
9a88e1dfbdd32a7b77bc439cc28132b4e72381eea5578754fb979e904fe14857aecc13434fd8229e729e48a09f085b6bd7d253ebe3e913919569b000a0f7e01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX995B.tmp

Filesize
542KB

MD5
06c1230eeed7a9e91ef5eb6b8b0b1f4d

SHA1
46eba2d0b793a802248e202aa50d736e1d3121dc

SHA256
04e51ea52731bc93d182fb40ea527add09efedb5791618e7564f7fdf6f0511e3

SHA512
d04dab1f3711b29815f5e3dcc026f295b78e807792ef751f014ba00565de9d4557d9e7670bbcf1ed04b3b220b1e1b9ff551ab411b4cd8cfc841949d5a8dc541f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB05C.tmp

Filesize
325KB

MD5
10243d05f2530a0efcc074f06d91e64b

SHA1
cade17a8873fb6c43b8c8a7d2ef4d491815bebb3

SHA256
dd913a09bcbfe29aa70d95832adcbf1f24cf954960822b4fdb3be9b9b52c61e2

SHA512
e6862625155f443c78bf1e4aff33f35afc2633c0fcccaaff867e0b382f283dce59266ff3398adb6847c192d11359b3d1e89468349fe09bcd8c91be2347df674d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc98E5.tmp

Filesize
529KB

MD5
915dbe41cfb549d6118c26567b9193a0

SHA1
9dc397049909ad2aea4df0ac08c20119d33a5e82

SHA256
f221cedffb83a769b79666002a385754fe0ac48cc1a775ea6821bd142664c719

SHA512
d7f23133b5787e26924f96c8ca5d0e3b5708df503c9d51fdc282d43da7e9fb4508dc6cac6ae749c5e57b3b32d541ac962f123a0cebe41311d06dd267bd08de47

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcB393.tmp

Filesize
1010KB

MD5
310638fefe3f9e5fa691f5ea8c932915

SHA1
0fd351ebddf01def8f6c289ee71950d29df7d421

SHA256
3064485c4dc08d048a108d9f6195e0407c6e13b6c4875711aeed76bd87104abe

SHA512
61e267e9d23a1c30f5ddb92804f5e744375a51f9331a7e30fb608ca4bf087d7ebd4e4f6ee3a89567d79ff431a80322e80e79106bab44f851fbcc1f2e1de53665

Download Submit
memory/1304-1077-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1412-1055-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1492-1071-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1564-1081-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1736-1054-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1872-1082-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1968-1073-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2000-1075-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2276-1062-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2304-1057-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2340-1067-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2440-1066-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2536-1080-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2584-1056-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2652-1051-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2772-1076-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2900-1065-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3212-1083-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3404-1058-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3452-1068-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3468-1064-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3616-1053-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/3648-1072-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4080-1070-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4176-1060-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4272-1061-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4508-1052-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4764-1079-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4840-1059-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4872-1078-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/4900-1074-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/5112-1063-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6608-930-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6628-1285-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6644-1466-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6660-1385-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6676-1318-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6696-928-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6712-1069-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6728-929-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6744-1084-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6760-1086-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6776-1087-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6792-1085-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6808-1089-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6824-1088-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6840-1096-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6856-1092-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6872-1093-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6888-1090-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6904-1095-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6920-1094-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6936-1091-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6952-1098-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6968-1097-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/6988-1099-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/7004-1100-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/7020-1101-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/7036-1102-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/10604-1707-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/10620-1830-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/10636-1748-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/10652-1829-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/10668-1898-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download