6b43979d2d2ac2b44c285f8ec7b54ab75e5c9483ba7c6bd5c3c5e9e08bb5c134

Analysis

max time kernel
25s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e022fa33bc78d74597a2e1735024be0N.exe
Size

664KB
MD5

1e022fa33bc78d74597a2e1735024be0
SHA1

0da94cccca3f6506e6bcc78378414b0a236a1ed8
SHA256

6b43979d2d2ac2b44c285f8ec7b54ab75e5c9483ba7c6bd5c3c5e9e08bb5c134
SHA512

69aecdbfcfaa51bc28f1e1d49c2bc280b44a49cd9b30db577a62aeded119888185e7e09d9a39cd3f19c30f9c8a1816fa7621f1242bbe39618ecad2761caa22bd
SSDEEP

12288:+F3ULO2IiSNvEw6MyyngSh6ntHrnFlgG/Ot6CPM40bDhieAdlW:+tsO2mNMdMygh6tHrnnno6CP

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\WatchHide.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1e022fa33bc78d74597a2e1735024be0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1e022fa33bc78d74597a2e1735024be0N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
9172	9016	WerFault.exe	400
9088	8892	WerFault.exe	397
9832	8844	WerFault.exe	394
9820	8924	WerFault.exe	399
9292	9200	WerFault.exe	419
9916	9400	WerFault.exe	426
9056	9016	WerFault.exe	400
10192	8924	WerFault.exe	399
10472	3412	WerFault.exe	129
11848	1340	WerFault.exe	122
12096	2880	WerFault.exe	126
11792	2192	WerFault.exe	125
11164	4900	WerFault.exe	167
11008	2696	WerFault.exe	180
11068	2880	WerFault.exe	126
11532	3412	WerFault.exe	129
11308	7680	WerFault.exe	323
11992	7680	WerFault.exe	323
7456	6176	WerFault.exe	243
7132	6220	WerFault.exe	244
10852	6252	WerFault.exe	246
1476	6236	WerFault.exe	245
6356	6892	WerFault.exe	276
736	6988	WerFault.exe	282
7548	6972	WerFault.exe	281
11916	6940	WerFault.exe	279
5172	10152	WerFault.exe	462
6356	10188	WerFault.exe	463
7000	10112	WerFault.exe	465
12636	10092	WerFault.exe	466
6964	9656	WerFault.exe	471
2492	6284	WerFault.exe	940
8804	9332	WerFault.exe	477
1348	9728	WerFault.exe	484
8348	7048	Process not Found	969
7192	7332	Process not Found	977
2748	9656	Process not Found	471
6992	6284	Process not Found	940
4260	11300	Process not Found	667
8500	11324	Process not Found	665
6632	11704	Process not Found	677
11640	11808	Process not Found	678
13456	8184	Process not Found	354
13876	8440	Process not Found	1182
13932	7652	Process not Found	1195
13856	8136	Process not Found	355
12292	8184	Process not Found	354
8456	10344	Process not Found	488
2228	9268	Process not Found	494
13844	12136	Process not Found	504
13732	12252	Process not Found	510
9888	10344	Process not Found	488
8680	9268	Process not Found	494
4728	12136	Process not Found	504
7852	12252	Process not Found	510
1348	3468	Process not Found	109
8140	4276	Process not Found	133
11832	4276	Process not Found	133
9048	3468	Process not Found	109
5356	4800	Process not Found	808
5504	4800	Process not Found	808
7468	4724	Process not Found	760
4188	4772	Process not Found	762
2556	11132	Process not Found	761

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e022fa33bc78d74597a2e1735024be0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2872	1e022fa33bc78d74597a2e1735024be0N.exe
2872	1e022fa33bc78d74597a2e1735024be0N.exe
2760	1e022fa33bc78d74597a2e1735024be0N.exe
2760	1e022fa33bc78d74597a2e1735024be0N.exe
4412	1e022fa33bc78d74597a2e1735024be0N.exe
4412	1e022fa33bc78d74597a2e1735024be0N.exe
1116	1e022fa33bc78d74597a2e1735024be0N.exe
1116	1e022fa33bc78d74597a2e1735024be0N.exe
4804	1e022fa33bc78d74597a2e1735024be0N.exe
4804	1e022fa33bc78d74597a2e1735024be0N.exe
4260	1e022fa33bc78d74597a2e1735024be0N.exe
4260	1e022fa33bc78d74597a2e1735024be0N.exe
3364	1e022fa33bc78d74597a2e1735024be0N.exe
3364	1e022fa33bc78d74597a2e1735024be0N.exe
5040	1e022fa33bc78d74597a2e1735024be0N.exe
5040	1e022fa33bc78d74597a2e1735024be0N.exe
4476	1e022fa33bc78d74597a2e1735024be0N.exe
4476	1e022fa33bc78d74597a2e1735024be0N.exe
2300	1e022fa33bc78d74597a2e1735024be0N.exe
2300	1e022fa33bc78d74597a2e1735024be0N.exe
956	1e022fa33bc78d74597a2e1735024be0N.exe
956	1e022fa33bc78d74597a2e1735024be0N.exe
60	1e022fa33bc78d74597a2e1735024be0N.exe
60	1e022fa33bc78d74597a2e1735024be0N.exe
3456	1e022fa33bc78d74597a2e1735024be0N.exe
3456	1e022fa33bc78d74597a2e1735024be0N.exe
1136	1e022fa33bc78d74597a2e1735024be0N.exe
1136	1e022fa33bc78d74597a2e1735024be0N.exe
2236	1e022fa33bc78d74597a2e1735024be0N.exe
2236	1e022fa33bc78d74597a2e1735024be0N.exe
5116	1e022fa33bc78d74597a2e1735024be0N.exe
5116	1e022fa33bc78d74597a2e1735024be0N.exe
5112	1e022fa33bc78d74597a2e1735024be0N.exe
5112	1e022fa33bc78d74597a2e1735024be0N.exe
2540	1e022fa33bc78d74597a2e1735024be0N.exe
2540	1e022fa33bc78d74597a2e1735024be0N.exe
1464	1e022fa33bc78d74597a2e1735024be0N.exe
1464	1e022fa33bc78d74597a2e1735024be0N.exe
2252	1e022fa33bc78d74597a2e1735024be0N.exe
2252	1e022fa33bc78d74597a2e1735024be0N.exe
4640	1e022fa33bc78d74597a2e1735024be0N.exe
4640	1e022fa33bc78d74597a2e1735024be0N.exe
2680	1e022fa33bc78d74597a2e1735024be0N.exe
2680	1e022fa33bc78d74597a2e1735024be0N.exe
3344	1e022fa33bc78d74597a2e1735024be0N.exe
3344	1e022fa33bc78d74597a2e1735024be0N.exe
3180	1e022fa33bc78d74597a2e1735024be0N.exe
3180	1e022fa33bc78d74597a2e1735024be0N.exe
1816	1e022fa33bc78d74597a2e1735024be0N.exe
1816	1e022fa33bc78d74597a2e1735024be0N.exe
668	1e022fa33bc78d74597a2e1735024be0N.exe
668	1e022fa33bc78d74597a2e1735024be0N.exe
3468	1e022fa33bc78d74597a2e1735024be0N.exe
3468	1e022fa33bc78d74597a2e1735024be0N.exe
4268	1e022fa33bc78d74597a2e1735024be0N.exe
4268	1e022fa33bc78d74597a2e1735024be0N.exe
2932	1e022fa33bc78d74597a2e1735024be0N.exe
2932	1e022fa33bc78d74597a2e1735024be0N.exe
2648	1e022fa33bc78d74597a2e1735024be0N.exe
2648	1e022fa33bc78d74597a2e1735024be0N.exe
1784	1e022fa33bc78d74597a2e1735024be0N.exe
1784	1e022fa33bc78d74597a2e1735024be0N.exe
1384	1e022fa33bc78d74597a2e1735024be0N.exe
1384	1e022fa33bc78d74597a2e1735024be0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2760	2872	1e022fa33bc78d74597a2e1735024be0N.exe	84
PID 2872 wrote to memory of 2760	2872	1e022fa33bc78d74597a2e1735024be0N.exe	84
PID 2872 wrote to memory of 2760	2872	1e022fa33bc78d74597a2e1735024be0N.exe	84
PID 2760 wrote to memory of 4412	2760	1e022fa33bc78d74597a2e1735024be0N.exe	85
PID 2760 wrote to memory of 4412	2760	1e022fa33bc78d74597a2e1735024be0N.exe	85
PID 2760 wrote to memory of 4412	2760	1e022fa33bc78d74597a2e1735024be0N.exe	85
PID 4412 wrote to memory of 1116	4412	1e022fa33bc78d74597a2e1735024be0N.exe	86
PID 4412 wrote to memory of 1116	4412	1e022fa33bc78d74597a2e1735024be0N.exe	86
PID 4412 wrote to memory of 1116	4412	1e022fa33bc78d74597a2e1735024be0N.exe	86
PID 1116 wrote to memory of 4804	1116	1e022fa33bc78d74597a2e1735024be0N.exe	87
PID 1116 wrote to memory of 4804	1116	1e022fa33bc78d74597a2e1735024be0N.exe	87
PID 1116 wrote to memory of 4804	1116	1e022fa33bc78d74597a2e1735024be0N.exe	87
PID 4804 wrote to memory of 4260	4804	1e022fa33bc78d74597a2e1735024be0N.exe	88
PID 4804 wrote to memory of 4260	4804	1e022fa33bc78d74597a2e1735024be0N.exe	88
PID 4804 wrote to memory of 4260	4804	1e022fa33bc78d74597a2e1735024be0N.exe	88
PID 4260 wrote to memory of 3364	4260	1e022fa33bc78d74597a2e1735024be0N.exe	89
PID 4260 wrote to memory of 3364	4260	1e022fa33bc78d74597a2e1735024be0N.exe	89
PID 4260 wrote to memory of 3364	4260	1e022fa33bc78d74597a2e1735024be0N.exe	89
PID 3364 wrote to memory of 5040	3364	1e022fa33bc78d74597a2e1735024be0N.exe	90
PID 3364 wrote to memory of 5040	3364	1e022fa33bc78d74597a2e1735024be0N.exe	90
PID 3364 wrote to memory of 5040	3364	1e022fa33bc78d74597a2e1735024be0N.exe	90
PID 5040 wrote to memory of 4476	5040	1e022fa33bc78d74597a2e1735024be0N.exe	91
PID 5040 wrote to memory of 4476	5040	1e022fa33bc78d74597a2e1735024be0N.exe	91
PID 5040 wrote to memory of 4476	5040	1e022fa33bc78d74597a2e1735024be0N.exe	91
PID 4476 wrote to memory of 2300	4476	1e022fa33bc78d74597a2e1735024be0N.exe	92
PID 4476 wrote to memory of 2300	4476	1e022fa33bc78d74597a2e1735024be0N.exe	92
PID 4476 wrote to memory of 2300	4476	1e022fa33bc78d74597a2e1735024be0N.exe	92
PID 2300 wrote to memory of 956	2300	1e022fa33bc78d74597a2e1735024be0N.exe	93
PID 2300 wrote to memory of 956	2300	1e022fa33bc78d74597a2e1735024be0N.exe	93
PID 2300 wrote to memory of 956	2300	1e022fa33bc78d74597a2e1735024be0N.exe	93
PID 956 wrote to memory of 60	956	1e022fa33bc78d74597a2e1735024be0N.exe	94
PID 956 wrote to memory of 60	956	1e022fa33bc78d74597a2e1735024be0N.exe	94
PID 956 wrote to memory of 60	956	1e022fa33bc78d74597a2e1735024be0N.exe	94
PID 60 wrote to memory of 3456	60	1e022fa33bc78d74597a2e1735024be0N.exe	95
PID 60 wrote to memory of 3456	60	1e022fa33bc78d74597a2e1735024be0N.exe	95
PID 60 wrote to memory of 3456	60	1e022fa33bc78d74597a2e1735024be0N.exe	95
PID 3456 wrote to memory of 1136	3456	1e022fa33bc78d74597a2e1735024be0N.exe	96
PID 3456 wrote to memory of 1136	3456	1e022fa33bc78d74597a2e1735024be0N.exe	96
PID 3456 wrote to memory of 1136	3456	1e022fa33bc78d74597a2e1735024be0N.exe	96
PID 1136 wrote to memory of 2236	1136	1e022fa33bc78d74597a2e1735024be0N.exe	97
PID 1136 wrote to memory of 2236	1136	1e022fa33bc78d74597a2e1735024be0N.exe	97
PID 1136 wrote to memory of 2236	1136	1e022fa33bc78d74597a2e1735024be0N.exe	97
PID 2236 wrote to memory of 5116	2236	1e022fa33bc78d74597a2e1735024be0N.exe	98
PID 2236 wrote to memory of 5116	2236	1e022fa33bc78d74597a2e1735024be0N.exe	98
PID 2236 wrote to memory of 5116	2236	1e022fa33bc78d74597a2e1735024be0N.exe	98
PID 5116 wrote to memory of 5112	5116	1e022fa33bc78d74597a2e1735024be0N.exe	99
PID 5116 wrote to memory of 5112	5116	1e022fa33bc78d74597a2e1735024be0N.exe	99
PID 5116 wrote to memory of 5112	5116	1e022fa33bc78d74597a2e1735024be0N.exe	99
PID 5112 wrote to memory of 2540	5112	1e022fa33bc78d74597a2e1735024be0N.exe	100
PID 5112 wrote to memory of 2540	5112	1e022fa33bc78d74597a2e1735024be0N.exe	100
PID 5112 wrote to memory of 2540	5112	1e022fa33bc78d74597a2e1735024be0N.exe	100
PID 2540 wrote to memory of 1464	2540	1e022fa33bc78d74597a2e1735024be0N.exe	101
PID 2540 wrote to memory of 1464	2540	1e022fa33bc78d74597a2e1735024be0N.exe	101
PID 2540 wrote to memory of 1464	2540	1e022fa33bc78d74597a2e1735024be0N.exe	101
PID 1464 wrote to memory of 2252	1464	1e022fa33bc78d74597a2e1735024be0N.exe	102
PID 1464 wrote to memory of 2252	1464	1e022fa33bc78d74597a2e1735024be0N.exe	102
PID 1464 wrote to memory of 2252	1464	1e022fa33bc78d74597a2e1735024be0N.exe	102
PID 2252 wrote to memory of 4640	2252	1e022fa33bc78d74597a2e1735024be0N.exe	103
PID 2252 wrote to memory of 4640	2252	1e022fa33bc78d74597a2e1735024be0N.exe	103
PID 2252 wrote to memory of 4640	2252	1e022fa33bc78d74597a2e1735024be0N.exe	103
PID 4640 wrote to memory of 2680	4640	1e022fa33bc78d74597a2e1735024be0N.exe	104
PID 4640 wrote to memory of 2680	4640	1e022fa33bc78d74597a2e1735024be0N.exe	104
PID 4640 wrote to memory of 2680	4640	1e022fa33bc78d74597a2e1735024be0N.exe	104
PID 2680 wrote to memory of 3344	2680	1e022fa33bc78d74597a2e1735024be0N.exe	105

C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
"C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        14⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        20⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        23⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        26⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        33⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        34⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        35⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        36⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        37⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        38⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        39⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        40⤵
        Drops file in Program Files directory
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        41⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        43⤵
        Drops file in Program Files directory
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        44⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        45⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        46⤵
        Drops file in Program Files directory
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        47⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        48⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        49⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        50⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        51⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        52⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        53⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        54⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        55⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        56⤵
        Drops file in Program Files directory
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        57⤵
        Drops file in Program Files directory
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        58⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        59⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        60⤵
        Drops file in Program Files directory
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        61⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        62⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        63⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        64⤵
        Drops file in Program Files directory
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        65⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        66⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        67⤵
        Drops file in Program Files directory
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        68⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        69⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        70⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        71⤵
        Drops file in Program Files directory
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        72⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        73⤵
        Drops file in Program Files directory
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        74⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        75⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        76⤵
        Drops file in Program Files directory
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        77⤵
        Drops file in Program Files directory
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        78⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        79⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        80⤵
        Drops file in Program Files directory
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        82⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        83⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        84⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        85⤵
        Drops file in Program Files directory
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        86⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        87⤵
        Drops file in Program Files directory
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        88⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        89⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        90⤵
        Drops file in Program Files directory
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        91⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        93⤵
        Drops file in Program Files directory
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        94⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        95⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        96⤵
        Drops file in Program Files directory
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        97⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        98⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        100⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        101⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        102⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        103⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        104⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        105⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        106⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        107⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        109⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        110⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        111⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        112⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        113⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        114⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        115⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        116⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        117⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        118⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        120⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        121⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        122⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        123⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        124⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        125⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        126⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        127⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        128⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        129⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        130⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        131⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        132⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        133⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        134⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        135⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        136⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        137⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        138⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        139⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        140⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        141⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        142⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        143⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        144⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        145⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        146⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        148⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        149⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        150⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        151⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        153⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        154⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        155⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        156⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        157⤵
        Drops file in Program Files directory
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        158⤵
        Drops file in Program Files directory
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        159⤵
        Drops file in Program Files directory
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        161⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        162⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        164⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        165⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        166⤵
        Drops file in Program Files directory
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        167⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        168⤵
        Drops file in Program Files directory
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        169⤵
        Drops file in Program Files directory
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        170⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        171⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        172⤵
        Drops file in Program Files directory
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        173⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        174⤵
        Drops file in Program Files directory
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        176⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        177⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        178⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        179⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        180⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        181⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        182⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        183⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        184⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        185⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        186⤵
        Drops file in Program Files directory
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        187⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        188⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        189⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        190⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        191⤵
        Drops file in Program Files directory
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        192⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        193⤵
        Drops file in Program Files directory
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        194⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        195⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        196⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        197⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        198⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        199⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        200⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        201⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        202⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        203⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        204⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        205⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        206⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        207⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        208⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        209⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        210⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        211⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        212⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        215⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        216⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        217⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        218⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        220⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        221⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        222⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        224⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        225⤵
        System Location Discovery: System Language Discovery
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        226⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        227⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        228⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        229⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        231⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        232⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        233⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        234⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        235⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        236⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        237⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        238⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        239⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        240⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        241⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        242⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        243⤵
        System Location Discovery: System Language Discovery
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        244⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        245⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        246⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        247⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        249⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        250⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        251⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        252⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        253⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        254⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        255⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        256⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        257⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        258⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        259⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        260⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        261⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        262⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        263⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        264⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        265⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        266⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        267⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        268⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        269⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        270⤵
        System Location Discovery: System Language Discovery
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        271⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        272⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        273⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        274⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        275⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        276⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        277⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        278⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        279⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        280⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        281⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        282⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        283⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        284⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        285⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        286⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        287⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        288⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        289⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        290⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        291⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        292⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        293⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        294⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        295⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        296⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        297⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        298⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        299⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        300⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        301⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        302⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        303⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        304⤵
        Drops file in Program Files directory
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        305⤵
        System Location Discovery: System Language Discovery
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        306⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        307⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        308⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        309⤵
        Drops file in Program Files directory
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        310⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        311⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        312⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        313⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        314⤵
        Drops file in Program Files directory
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        315⤵
        Drops file in Program Files directory
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        316⤵
        Drops file in Program Files directory
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        317⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        318⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        319⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        320⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        321⤵
        System Location Discovery: System Language Discovery
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        322⤵
        System Location Discovery: System Language Discovery
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        323⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        324⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        325⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        326⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        327⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        328⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        329⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        330⤵
        System Location Discovery: System Language Discovery
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        331⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        332⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        333⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        334⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        335⤵
        Drops file in Program Files directory
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        336⤵
        Drops file in Program Files directory
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        337⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        338⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        339⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        340⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        341⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        342⤵
        Drops file in Program Files directory
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        343⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        344⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        345⤵
        Drops file in Program Files directory
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        346⤵
        Drops file in Program Files directory
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        347⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        348⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        349⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        350⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        351⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        352⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        353⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        354⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        355⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        356⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        357⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        358⤵
        System Location Discovery: System Language Discovery
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        359⤵
        System Location Discovery: System Language Discovery
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        360⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        361⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        362⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        363⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        364⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        365⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        366⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        367⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        368⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        369⤵
        System Location Discovery: System Language Discovery
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        370⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        371⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        372⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        373⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        374⤵
        System Location Discovery: System Language Discovery
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        375⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        376⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        377⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        378⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        379⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        380⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        381⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        382⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        383⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        384⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        385⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        386⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        387⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        388⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        389⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        390⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        391⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        392⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        393⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        394⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        395⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        396⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        397⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        398⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        399⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        400⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        401⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        402⤵
        System Location Discovery: System Language Discovery
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        403⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        404⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        405⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        406⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        407⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        408⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        409⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        410⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        411⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        412⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        413⤵
        System Location Discovery: System Language Discovery
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        414⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        415⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        416⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        417⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        418⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        419⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        420⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        421⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        422⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        423⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        424⤵
        System Location Discovery: System Language Discovery
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        425⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        426⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        427⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        429⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        430⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        431⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        432⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        433⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        434⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        435⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        436⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        437⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        438⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        439⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        440⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        441⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        442⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        443⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        444⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        445⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        446⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        447⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        448⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        449⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        450⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        451⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        452⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        453⤵
        System Location Discovery: System Language Discovery
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        454⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        455⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        456⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        457⤵
        System Location Discovery: System Language Discovery
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        458⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        459⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        460⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        461⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        462⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        463⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        464⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        465⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        466⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        467⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        468⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        469⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        470⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        471⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        472⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        473⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        474⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        475⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        476⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        477⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        478⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        479⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        480⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        481⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        482⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        483⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        484⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        485⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        486⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        487⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        488⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        489⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        490⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        491⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        492⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        493⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        494⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        495⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        496⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        497⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        498⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        499⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        500⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        501⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        502⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        503⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        504⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        505⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        506⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        507⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        508⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        509⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        510⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        511⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        512⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        513⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        514⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        515⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        516⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        517⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        518⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        519⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        520⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        521⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        522⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        523⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        524⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        525⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        526⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        527⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        528⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        529⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        530⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        531⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        532⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        533⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        534⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        535⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        536⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        537⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        538⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        539⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        540⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        541⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        542⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        543⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        544⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        545⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        546⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        547⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        548⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        549⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        550⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        551⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        552⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        553⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        554⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        555⤵
        System Location Discovery: System Language Discovery
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        556⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        557⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        558⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        559⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        560⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        561⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        562⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        563⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        564⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        565⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        566⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        567⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        568⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        569⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        570⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        571⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        572⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        573⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        574⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        575⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        576⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        577⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        578⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        579⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        580⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        581⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        582⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        583⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        584⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        585⤵
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        586⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        587⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        588⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        589⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        590⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        591⤵
        System Location Discovery: System Language Discovery
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        592⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        593⤵
        System Location Discovery: System Language Discovery
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        594⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        595⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        596⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        597⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        598⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        599⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        600⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        601⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        602⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        603⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        604⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        605⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        606⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        607⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        608⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        609⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        610⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        611⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        612⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        613⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        614⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        615⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        616⤵
        Drops file in Program Files directory
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        617⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        618⤵
        Drops file in Program Files directory
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        619⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        620⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        621⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        622⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        623⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        624⤵
        System Location Discovery: System Language Discovery
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        625⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        626⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        627⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        628⤵
        Drops file in Program Files directory
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        629⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        630⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        631⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        632⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        633⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        634⤵
        Drops file in Program Files directory
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        635⤵
        Drops file in Program Files directory
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        636⤵
        Drops file in Program Files directory
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        637⤵
        Drops file in Program Files directory
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        638⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        639⤵
        Drops file in Program Files directory
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        640⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        641⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        642⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        643⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        644⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        645⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        646⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        647⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        648⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        649⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        650⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        651⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        652⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        653⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        654⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        655⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        656⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        657⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        658⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        659⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        660⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        661⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        662⤵
        System Location Discovery: System Language Discovery
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        663⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        664⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        665⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        666⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        667⤵
        System Location Discovery: System Language Discovery
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        668⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        669⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        670⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        671⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        672⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        673⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        674⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        675⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        676⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        677⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        678⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        679⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        680⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        681⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        682⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        683⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        684⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        685⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        686⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        687⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        688⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        689⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        690⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        691⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        692⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        693⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        694⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        695⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        696⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        697⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        698⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        699⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e022fa33bc78d74597a2e1735024be0N.exe"
        700⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 384
        618⤵
        Program crash
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 432
        353⤵
        Program crash
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 476
        347⤵
        Program crash
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 444
        342⤵
        Program crash
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 436
        338⤵
        Program crash
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 436
        337⤵
        Program crash
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 388
        336⤵
        Program crash
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 436
        335⤵
        Program crash
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 428
        319⤵
        Program crash
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 424
        318⤵
        Program crash
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 428
        311⤵
        Program crash
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 428
        311⤵
        Program crash
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 448
        310⤵
        Program crash
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 468
        310⤵
        Program crash
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 436
        308⤵
        Program crash
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 384
        305⤵
        Program crash
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 432
        235⤵
        Program crash
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 432
        235⤵
        Program crash
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 368
        194⤵
        Program crash
        
        PID:736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 428
        193⤵
        Program crash
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 444
        191⤵
        Program crash
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 476
        188⤵
        Program crash
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 428
        160⤵
        Program crash
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 436
        159⤵
        Program crash
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 436
        158⤵
        Program crash
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 436
        157⤵
        Program crash
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 444
        96⤵
        Program crash
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 476
        83⤵
        Program crash
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 448
        48⤵
        Program crash
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 448
        48⤵
        Program crash
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 436
        45⤵
        Program crash
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 436
        45⤵
        Program crash
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 424
        44⤵
        Program crash
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 428
        41⤵
        Program crash
        
        PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 8892 -ip 8892
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 9016 -ip 9016
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 8924 -ip 8924
1⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 8844 -ip 8844
1⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8876 -ip 8876
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8860 -ip 8860
1⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8908 -ip 8908
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 9848 -ip 9848
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10224 -ip 10224
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 9100 -ip 9100
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 8876 -ip 8876
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 9252 -ip 9252
1⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8860 -ip 8860
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 9488 -ip 9488
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 8908 -ip 8908
1⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 9808 -ip 9808
1⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 9100 -ip 9100
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 9848 -ip 9848
1⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 10224 -ip 10224
1⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 9252 -ip 9252
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 9200 -ip 9200
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 9400 -ip 9400
1⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 9488 -ip 9488
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 9808 -ip 9808
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 9200 -ip 9200
1⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 9400 -ip 9400
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 8924 -ip 8924
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 9016 -ip 9016
1⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 8844 -ip 8844
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 8892 -ip 8892
1⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7680 -ip 7680
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1340 -ip 1340
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1280 -ip 1280
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2968 -ip 2968
1⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 512 -ip 512
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2192 -ip 2192
1⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2880 -ip 2880
1⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3412 -ip 3412
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 664 -ip 664
1⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4972 -ip 4972
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3668 -ip 3668
1⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3628 -ip 3628
1⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4856 -ip 4856
1⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 452 -ip 452
1⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3492 -ip 3492
1⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1260 -ip 1260
1⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4904 -ip 4904
1⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4672 -ip 4672
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3400 -ip 3400
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1212 -ip 1212
1⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 544 -ip 544
1⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2768 -ip 2768
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 3148 -ip 3148
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2060 -ip 2060
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4384 -ip 4384
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3688 -ip 3688
1⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 396 -ip 396
1⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2784 -ip 2784
1⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1988 -ip 1988
1⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2844 -ip 2844
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4716 -ip 4716
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 460 -ip 460
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3376 -ip 3376
1⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3356 -ip 3356
1⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 508 -ip 508
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 312 -ip 312
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2572 -ip 2572
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5064 -ip 5064
1⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 512 -ip 512
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2388 -ip 2388
1⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2284 -ip 2284
1⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4820 -ip 4820
1⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3656 -ip 3656
1⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4192 -ip 4192
1⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4568 -ip 4568
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4236 -ip 4236
1⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1660 -ip 1660
1⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3700 -ip 3700
1⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4364 -ip 4364
1⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2860 -ip 2860
1⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1944 -ip 1944
1⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4560 -ip 4560
1⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2696 -ip 2696
1⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3428 -ip 3428
1⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3920 -ip 3920
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1476 -ip 1476
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 372 -ip 372
1⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4900 -ip 4900
1⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1280 -ip 1280
1⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2968 -ip 2968
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 664 -ip 664
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4972 -ip 4972
1⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3668 -ip 3668
1⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4856 -ip 4856
1⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 452 -ip 452
1⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1260 -ip 1260
1⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3628 -ip 3628
1⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4672 -ip 4672
1⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3400 -ip 3400
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4904 -ip 4904
1⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3492 -ip 3492
1⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1212 -ip 1212
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 544 -ip 544
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2768 -ip 2768
1⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3148 -ip 3148
1⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2060 -ip 2060
1⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4384 -ip 4384
1⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 3688 -ip 3688
1⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 396 -ip 396
1⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 1988 -ip 1988
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 2784 -ip 2784
1⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4716 -ip 4716
1⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 460 -ip 460
1⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2844 -ip 2844
1⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 508 -ip 508
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3356 -ip 3356
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 3376 -ip 3376
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2572 -ip 2572
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5064 -ip 5064
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 312 -ip 312
1⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 3656 -ip 3656
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4820 -ip 4820
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 2388 -ip 2388
1⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2284 -ip 2284
1⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1660 -ip 1660
1⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4236 -ip 4236
1⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4364 -ip 4364
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4192 -ip 4192
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 4568 -ip 4568
1⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 3700 -ip 3700
1⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4560 -ip 4560
1⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2860 -ip 2860
1⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 1944 -ip 1944
1⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3920 -ip 3920
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3428 -ip 3428
1⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 372 -ip 372
1⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2696 -ip 2696
1⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 1476 -ip 1476
1⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 4900 -ip 4900
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2192 -ip 2192
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3412 -ip 3412
1⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2880 -ip 2880
1⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 1340 -ip 1340
1⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7680 -ip 7680
1⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6176 -ip 6176
1⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6220 -ip 6220
1⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6236 -ip 6236
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6252 -ip 6252
1⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6300 -ip 6300
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6356 -ip 6356
1⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6316 -ip 6316
1⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6268 -ip 6268
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6412 -ip 6412
1⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6380 -ip 6380
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6440 -ip 6440
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6456 -ip 6456
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6484 -ip 6484
1⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6544 -ip 6544
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6508 -ip 6508
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6596 -ip 6596
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6616 -ip 6616
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6644 -ip 6644
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6660 -ip 6660
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6672 -ip 6672
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6692 -ip 6692
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6712 -ip 6712
1⤵
PID:512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6728 -ip 6728
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6748 -ip 6748
1⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 6776 -ip 6776
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6792 -ip 6792
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6808 -ip 6808
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6824 -ip 6824
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6840 -ip 6840
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6356 -ip 6356
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6316 -ip 6316
1⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6876 -ip 6876
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6908 -ip 6908
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6892 -ip 6892
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6924 -ip 6924
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6856 -ip 6856
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6268 -ip 6268
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6412 -ip 6412
1⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6300 -ip 6300
1⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6456 -ip 6456
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6940 -ip 6940
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6956 -ip 6956
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6380 -ip 6380
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6972 -ip 6972
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6988 -ip 6988
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6660 -ip 6660
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6644 -ip 6644
1⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6596 -ip 6596
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6672 -ip 6672
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 6692 -ip 6692
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6616 -ip 6616
1⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6544 -ip 6544
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6508 -ip 6508
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6484 -ip 6484
1⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6776 -ip 6776
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6440 -ip 6440
1⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6728 -ip 6728
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6824 -ip 6824
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6712 -ip 6712
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6792 -ip 6792
1⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6748 -ip 6748
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6808 -ip 6808
1⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6840 -ip 6840
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6876 -ip 6876
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6924 -ip 6924
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6908 -ip 6908
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6856 -ip 6856
1⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6892 -ip 6892
1⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6956 -ip 6956
1⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6940 -ip 6940
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6972 -ip 6972
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6988 -ip 6988
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6176 -ip 6176
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6236 -ip 6236
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6252 -ip 6252
1⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6220 -ip 6220
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 10152 -ip 10152
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 10188 -ip 10188
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 10112 -ip 10112
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 10092 -ip 10092
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 9044 -ip 9044
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 9156 -ip 9156
1⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 8992 -ip 8992
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8916 -ip 8916
1⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 9044 -ip 9044
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 9656 -ip 9656
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 9188 -ip 9188
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 9156 -ip 9156
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 9684 -ip 9684
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 9436 -ip 9436
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 9332 -ip 9332
1⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 8992 -ip 8992
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 9664 -ip 9664
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 10080 -ip 10080
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 9892 -ip 9892
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 8916 -ip 8916
1⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 10016 -ip 10016
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 8908 -ip 8908
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9728 -ip 9728
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7364 -ip 7364
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 9188 -ip 9188
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6284 -ip 6284
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 10152 -ip 10152
1⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 512 -ip 512
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6324 -ip 6324
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7564 -ip 7564
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 12628 -ip 12628
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 9332 -ip 9332
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 9684 -ip 9684
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 9436 -ip 9436
1⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7728 -ip 7728
1⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7660 -ip 7660
1⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6428 -ip 6428
1⤵
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 9664 -ip 9664
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 9892 -ip 9892
1⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7588 -ip 7588
1⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 10080 -ip 10080
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 8908 -ip 8908
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 11244 -ip 11244
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6400 -ip 6400
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7756 -ip 7756
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 10016 -ip 10016
1⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 1164 -ip 1164
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7364 -ip 7364
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 9728 -ip 9728
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 10112 -ip 10112
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7048 -ip 7048
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6676 -ip 6676
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7708 -ip 7708
1⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6700 -ip 6700
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 512 -ip 512
1⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7564 -ip 7564
1⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6324 -ip 6324
1⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7320 -ip 7320
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7376 -ip 7376
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 10188 -ip 10188
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7380 -ip 7380
1⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7360 -ip 7360
1⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7728 -ip 7728
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 12628 -ip 12628
1⤵
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7332 -ip 7332
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4348 -ip 4348
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6640 -ip 6640
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6428 -ip 6428
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7660 -ip 7660
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 11244 -ip 11244
1⤵
PID:7028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe

Filesize
1.2MB

MD5
0b1910f3853fe884b6254640745a6926

SHA1
12f1758f270d05739ddeec647c114329b7348395

SHA256
f0a00b00043905dd95622a073e2386b4004846607a9b3faaa7cab0b07cd7cdd5

SHA512
957f2e2907604cea11a03b2dd4d35e814056cbf2ad5a84e34420a1b1b9639f15dd9ce5ce38fe7ebc49dca5cb2e35eccb2248f6e2fbabd890884543c9115346b4

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
956KB

MD5
32d62aed3afff0820bbb667d67b1e012

SHA1
a0d73c583f862acc9a0f4080453c78b1ac27c56b

SHA256
623a6672db34e0a921936d761ab984990b07f18bb41efd1fb2e9466ef450d9f1

SHA512
48e868aed438bd3ec1d6fa2834e1b2f613e95395bb8b31112435cb05bad3583faf6bbd065af2525121d13a3540487470f92530efeddeb7949e62b9291b7df697

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
285KB

MD5
766ef6dbed4dfba93aa68ef0d65c993c

SHA1
f8eac1a64613a1ce59fc6c427d6e4ff8be2bd2e5

SHA256
d78a33d6829c668a7d00a2f25af28f97f9dd26a4f766a81169f82ba4c62c9310

SHA512
a22e40db316b85f47c47c3fd05415543dce40907cf838b9abcb2c917586baac94afd5f3e56ca34145dcf474f1b940cdbbdbf48f9258e4415a0aeeaeebaba78d4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.4MB

MD5
c44e4d00194da41facd44fda7040e3c6

SHA1
1b1d43079be1b448c03bfb83f5db7825c155e305

SHA256
b77d3d11e37b50128902bcc7a959d192df3b258ebd43e1d0ea1c532866937442

SHA512
024ab7b8df61adc20295308c53e2cae476ca19b335132257254bebabfca6b00198defc0784ada4354aadec63686865782a153534d561ce2698f8bd523bdffe45

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX1695.tmp

Filesize
664KB

MD5
4064fdae8f13e00259637bc49a7966f8

SHA1
2d91b06a3a1db5ada80ec7759c22c979b94eb4cd

SHA256
8c4053596c2133bfa7d861a288b14079d899998aea9cb535344fdbcca2784b9c

SHA512
cc76547bc57bb8b0d028f5317e7cb71ec691167926203d0fff77d41b6fb8982a6dbba5c69fb90b3836c24aa094dc350837886a62ce049d18ec0d50b312604a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX3E22.tmp

Filesize
1.2MB

MD5
6892aaade69da7a665106d1a6339ed20

SHA1
b4bef16a6e9f5e924528346f1688cd92bf72898c

SHA256
42ba991cd48f3d3e1be72023cf68631ff56b0e841407590c71dd26261d9be770

SHA512
2a50032a04ed6c74923f2a22ff97302f0161e35f37c89a904fa5607dee17a0fc27ea9c66b2215d5a40f9e8695a07ec46954e9dcd32023d6590082074f9fee90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXD66F.tmp

Filesize
658KB

MD5
9a18a01c5ff28247dc54c65d02540e0b

SHA1
8fb263ab40cc8490d40058d41a73a7ce460810ef

SHA256
faf974432e47cfab53dc882d3c31c05aafae706121e8b3744868ff180d63cbef

SHA512
38321428cdf0c630ebae9ed62d75f67bfd6aee08490b743972deed0bf639b573ecafa8a605d5e026df4be37944a469d322486b6b4e3187ae1af088e262558ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXD681.tmp

Filesize
657KB

MD5
371fea90ac294c55c55955b1fd88cfef

SHA1
1336251fcab3f6ac33abd31d16c76426321890c0

SHA256
b820e29ede9006afb5565c10797be47af865e9ec205fa2e0a7a5694ca966da57

SHA512
e7823cb149957ab101a071b5d45c8b4e2ff1b261707e191f86762e3047ea38b8c110a8b5c958ef9646bbbbad76235903b5305898e40aa8d070ddc8dc715cd43c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXD705.tmp

Filesize
733KB

MD5
620da71bc081aa8762724dd093ceee6d

SHA1
002e65879aded281fd02a65f8a12d5a260ef15b1

SHA256
99b4fc2c77f82644894982a841fb016b539daad016c7fc8be2dc91f12285da4b

SHA512
09b335e5276cd9fd63e21b52e7cfa2e809d87cfaf4318d55ee2cca393cbaf73f4ab47ccb1ede4975f63a8e93989dd244be45a1df9ba3ecd152dc0244e8f7781d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcD60E.tmp

Filesize
664KB

MD5
1e022fa33bc78d74597a2e1735024be0

SHA1
0da94cccca3f6506e6bcc78378414b0a236a1ed8

SHA256
6b43979d2d2ac2b44c285f8ec7b54ab75e5c9483ba7c6bd5c3c5e9e08bb5c134

SHA512
69aecdbfcfaa51bc28f1e1d49c2bc280b44a49cd9b30db577a62aeded119888185e7e09d9a39cd3f19c30f9c8a1816fa7621f1242bbe39618ecad2761caa22bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcD62E.tmp

Filesize
666KB

MD5
a706b03180d982e0d681bd39294a50fc

SHA1
0ae4311aae48a6edbb5572f92ff59e9d0527afb9

SHA256
0bc97567ab4632d5079a2e6c566a3a84118e8b083c04fee4f1ffe3a860f56860

SHA512
6daadbe3498de826ee856171afd18bb0d13794f132d0241df9e132d99c9762068d29a554230264f18a851b7d469ea98d1bb9fed5bd4361d70285f732bf897a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcDFF2.tmp

Filesize
279KB

MD5
9c529023fd36e5ec3c5a53a7bb0acd88

SHA1
6c38127e520cdc3d58633a20368e7ff278383e84

SHA256
ca26e7c097f99649ea7ab38e2db72098d7a07376ee9d8e8403187a5962e2079e

SHA512
4c0df1fd58fad627af64976de85b606207ed79f76b4f6c762b9a962c676b83d7206923afbd98e5c08d7c1f54fb594867d1b6ac1a4e1df6de14935e6183f40a98

Download Submit
memory/60-2768-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/452-2817-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/512-2809-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/544-2821-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/664-2813-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/668-2797-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/956-2767-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1116-2760-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1136-2770-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1212-2823-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1260-2818-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1280-2810-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1384-2807-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1464-2779-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1784-2803-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1816-2793-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2060-2825-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2236-2771-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2252-2783-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2300-2766-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2540-2778-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2648-2802-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2680-2788-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2760-2758-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2872-1413-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2932-2801-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2968-2811-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3180-2792-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3344-2790-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3364-2763-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3400-2819-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3456-2769-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3468-2798-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3492-2822-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3628-2816-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/3668-2812-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4260-2762-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4268-2800-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4412-2759-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4476-2765-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4640-2785-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4672-2820-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4804-2761-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4856-2815-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4904-2824-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/4972-2814-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5040-2764-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5112-2776-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/5116-2775-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8844-858-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8860-782-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8876-781-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8892-859-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8908-851-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/8924-871-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9016-862-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9100-853-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9200-861-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9252-854-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9400-860-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9488-856-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9808-857-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/9848-852-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/10224-855-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download