89e61e6d81a87b3972b2038a4ac0704a74bce56040ea57a01088023dce1823d3

Analysis

max time kernel
21s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 16:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Size

641KB
MD5

2a08da6710c5f4af9f1dfe92a9df3dd0
SHA1

cb69f404b6376a193a5ec29b4fc54614162110ea
SHA256

89e61e6d81a87b3972b2038a4ac0704a74bce56040ea57a01088023dce1823d3
SHA512

ca93e3ccd626595585ecd02b0936c3a11108708a123aef9617ce6b90673a067c4045dbdde355719862c43c26c21d187ba0cb08ae70d278abf14bd58b0dc3eef8
SSDEEP

3072:5rUkWzVIMULOJQSfbzg0jcOORQh8b6/s5DymqWa2uUZARbpvqi+qvybdlDno0G:5y3ULOJQSfbzTRk5DJqj2uUZARL2L

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3856	4312	WerFault.exe	82
1828	4312	WerFault.exe	82
1172	2068	WerFault.exe	83
4432	2068	WerFault.exe	83
5208	2428	WerFault.exe	84
5488	2428	WerFault.exe	84
5972	4252	WerFault.exe	85
5136	4252	WerFault.exe	85
5140	4964	WerFault.exe	86
6252	4964	WerFault.exe	86
6392	2012	WerFault.exe	105
6684	2012	WerFault.exe	105
6308	5696	WerFault.exe	230
6200	5712	WerFault.exe	231
6356	5728	WerFault.exe	232
8324	5964	WerFault.exe	235
7364	6120	WerFault.exe	244
9044	3276	WerFault.exe	277
8992	3208	WerFault.exe	273
9128	5728	WerFault.exe	232
7428	5712	WerFault.exe	231
10900	7664	WerFault.exe	483
10828	5912	WerFault.exe	328
11388	6216	WerFault.exe	330
11644	1152	WerFault.exe	329
11624	3144	WerFault.exe	332
10876	7176	WerFault.exe	347
11168	7540	WerFault.exe	349
11304	6216	WerFault.exe	330
11512	3144	WerFault.exe	332
11732	7540	WerFault.exe	349
12168	7664	WerFault.exe	483
11308	7624	WerFault.exe	484
12576	7624	WerFault.exe	484
12492	5740	WerFault.exe	623
13300	8100	WerFault.exe	622
12772	5712	WerFault.exe	627
12812	9320	WerFault.exe	634
12516	9540	WerFault.exe	644
12932	9588	WerFault.exe	647
13140	9444	WerFault.exe	638
7584	9320	WerFault.exe	634
9296	9540	WerFault.exe	644
13168	9588	WerFault.exe	647
9464	3480	WerFault.exe	106
14616	1432	WerFault.exe	123
14932	2912	Process not Found	147
14656	10752	Process not Found	862
13692	12592	Process not Found	874
13488	12484	Process not Found	891
14292	7412	Process not Found	479
9592	8504	Process not Found	444
14896	9116	Process not Found	473
15296	9208	Process not Found	478
15160	7412	Process not Found	479
4108	10252	Process not Found	687
2364	10264	Process not Found	688
14888	10284	Process not Found	689
8396	10300	Process not Found	690
12620	10980	Process not Found	727
224	10912	Process not Found	723
2228	10284	Process not Found	689
12696	10252	Process not Found	687
10380	12588	Process not Found	944

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4312	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4312	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2068	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2068	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2428	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2428	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4252	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4252	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4964	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4964	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
972	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
972	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2212	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2212	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3564	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3564	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2084	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2084	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
5108	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
5108	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3132	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3132	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4748	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4748	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3640	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3640	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1588	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1588	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3792	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3792	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4904	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4904	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2960	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2960	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2280	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2280	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1232	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1232	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4088	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
4088	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1076	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1076	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2360	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2360	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2012	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2012	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3480	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3480	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1408	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1408	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3420	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
3420	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2604	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
2604	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
5020	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
5020	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1404	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1404	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1240	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
1240	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 2068	4312	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	83
PID 4312 wrote to memory of 2068	4312	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	83
PID 4312 wrote to memory of 2068	4312	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	83
PID 2068 wrote to memory of 2428	2068	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	84
PID 2068 wrote to memory of 2428	2068	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	84
PID 2068 wrote to memory of 2428	2068	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	84
PID 2428 wrote to memory of 4252	2428	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	85
PID 2428 wrote to memory of 4252	2428	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	85
PID 2428 wrote to memory of 4252	2428	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	85
PID 4252 wrote to memory of 4964	4252	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	86
PID 4252 wrote to memory of 4964	4252	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	86
PID 4252 wrote to memory of 4964	4252	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	86
PID 4964 wrote to memory of 972	4964	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	87
PID 4964 wrote to memory of 972	4964	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	87
PID 4964 wrote to memory of 972	4964	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	87
PID 972 wrote to memory of 2212	972	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	88
PID 972 wrote to memory of 2212	972	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	88
PID 972 wrote to memory of 2212	972	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	88
PID 2212 wrote to memory of 4688	2212	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	89
PID 2212 wrote to memory of 4688	2212	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	89
PID 2212 wrote to memory of 4688	2212	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	89
PID 4688 wrote to memory of 3564	4688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	90
PID 4688 wrote to memory of 3564	4688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	90
PID 4688 wrote to memory of 3564	4688	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	90
PID 3564 wrote to memory of 2084	3564	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	91
PID 3564 wrote to memory of 2084	3564	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	91
PID 3564 wrote to memory of 2084	3564	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	91
PID 2084 wrote to memory of 5108	2084	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	92
PID 2084 wrote to memory of 5108	2084	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	92
PID 2084 wrote to memory of 5108	2084	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	92
PID 5108 wrote to memory of 3132	5108	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	93
PID 5108 wrote to memory of 3132	5108	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	93
PID 5108 wrote to memory of 3132	5108	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	93
PID 3132 wrote to memory of 4748	3132	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	94
PID 3132 wrote to memory of 4748	3132	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	94
PID 3132 wrote to memory of 4748	3132	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	94
PID 4748 wrote to memory of 3640	4748	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	95
PID 4748 wrote to memory of 3640	4748	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	95
PID 4748 wrote to memory of 3640	4748	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	95
PID 3640 wrote to memory of 1588	3640	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	96
PID 3640 wrote to memory of 1588	3640	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	96
PID 3640 wrote to memory of 1588	3640	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	96
PID 1588 wrote to memory of 3792	1588	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	97
PID 1588 wrote to memory of 3792	1588	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	97
PID 1588 wrote to memory of 3792	1588	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	97
PID 3792 wrote to memory of 4904	3792	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	98
PID 3792 wrote to memory of 4904	3792	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	98
PID 3792 wrote to memory of 4904	3792	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	98
PID 4904 wrote to memory of 2960	4904	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	99
PID 4904 wrote to memory of 2960	4904	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	99
PID 4904 wrote to memory of 2960	4904	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	99
PID 2960 wrote to memory of 2280	2960	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	100
PID 2960 wrote to memory of 2280	2960	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	100
PID 2960 wrote to memory of 2280	2960	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	100
PID 2280 wrote to memory of 1232	2280	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	101
PID 2280 wrote to memory of 1232	2280	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	101
PID 2280 wrote to memory of 1232	2280	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	101
PID 1232 wrote to memory of 4088	1232	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	102
PID 1232 wrote to memory of 4088	1232	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	102
PID 1232 wrote to memory of 4088	1232	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	102
PID 4088 wrote to memory of 1076	4088	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	103
PID 4088 wrote to memory of 1076	4088	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	103
PID 4088 wrote to memory of 1076	4088	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	103
PID 1076 wrote to memory of 2360	1076	2a08da6710c5f4af9f1dfe92a9df3dd0N.exe	104

C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
"C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
      4⤵
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        15⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        24⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        25⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        26⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        28⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        31⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        34⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        35⤵
        Drops file in Program Files directory
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        36⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        37⤵
        Drops file in Program Files directory
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        38⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        39⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        40⤵
        Drops file in Program Files directory
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        41⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        42⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        43⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        44⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        45⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        46⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        47⤵
        Drops file in Program Files directory
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        48⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        49⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        50⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        51⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        52⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        53⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        54⤵
        Drops file in Program Files directory
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        55⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        56⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        57⤵
        Drops file in Program Files directory
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        58⤵
        Drops file in Program Files directory
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        59⤵
        Drops file in Program Files directory
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        60⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        61⤵
        Drops file in Program Files directory
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        62⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        63⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        64⤵
        Drops file in Program Files directory
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        65⤵
        Drops file in Program Files directory
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        66⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        67⤵
        Drops file in Program Files directory
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        68⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        69⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        70⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        71⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        72⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        73⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        74⤵
        Drops file in Program Files directory
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        75⤵
        Drops file in Program Files directory
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        76⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        77⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        78⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        79⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        81⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        82⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        83⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        84⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        85⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        88⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        90⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        91⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        92⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        93⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        94⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        95⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        96⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        97⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        98⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        99⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        100⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        101⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        102⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        103⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        104⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        105⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        106⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        107⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        108⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        109⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        110⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        111⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        113⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        114⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        115⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        116⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        117⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        118⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        119⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        120⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        121⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        122⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        123⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        124⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        125⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        126⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        127⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        129⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        130⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        131⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        132⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        133⤵
        Drops file in Program Files directory
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        134⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        135⤵
        Drops file in Program Files directory
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        136⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        137⤵
        Drops file in Program Files directory
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        138⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        139⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        140⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        141⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        142⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        143⤵
        Drops file in Program Files directory
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        144⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        145⤵
        Drops file in Program Files directory
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        146⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        147⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        148⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        149⤵
        Drops file in Program Files directory
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        150⤵
        Drops file in Program Files directory
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        151⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        152⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        153⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        154⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        155⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        157⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        158⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        159⤵
        Drops file in Program Files directory
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        160⤵
        Drops file in Program Files directory
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        161⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        162⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        163⤵
        Drops file in Program Files directory
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        164⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        165⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        166⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        167⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        168⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        170⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        171⤵
        Drops file in Program Files directory
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        172⤵
        Drops file in Program Files directory
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        173⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        174⤵
        Drops file in Program Files directory
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        175⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        176⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        177⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        178⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        179⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        180⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        181⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        182⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        183⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        184⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        185⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        186⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        187⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        188⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        189⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        190⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        191⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        192⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        193⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        194⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        195⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        196⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        197⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        198⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        199⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        200⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        202⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        203⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        204⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        205⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        206⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        207⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        208⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        209⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        210⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        211⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        212⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        214⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        215⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        216⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        217⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        220⤵
        Drops file in Program Files directory
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        221⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        222⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        223⤵
        Drops file in Program Files directory
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        224⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        225⤵
        Drops file in Program Files directory
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        226⤵
        Drops file in Program Files directory
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        227⤵
        Drops file in Program Files directory
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        228⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        229⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        231⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        232⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        233⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        234⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        235⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        236⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        237⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        238⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        239⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        240⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        241⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        242⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        243⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        244⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        245⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        246⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        247⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        248⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        249⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        250⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        251⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        252⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        253⤵
        System Location Discovery: System Language Discovery
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        254⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        255⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        256⤵
        System Location Discovery: System Language Discovery
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        257⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        258⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        259⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        260⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        261⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        262⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        263⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        264⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        265⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        266⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        267⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        268⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        269⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        270⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        271⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        272⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        273⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        274⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        275⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        276⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        277⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        278⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        279⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        280⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        281⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        282⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        283⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        284⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        285⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        286⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        287⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        288⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        289⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        290⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        291⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        292⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        293⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        294⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        295⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        296⤵
        System Location Discovery: System Language Discovery
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        297⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        298⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        299⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        300⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        301⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        302⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        303⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        304⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        305⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        306⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        307⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        308⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        309⤵
        System Location Discovery: System Language Discovery
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        310⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        311⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        312⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        313⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        314⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        315⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        316⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        317⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        318⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        319⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        320⤵
        System Location Discovery: System Language Discovery
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        321⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        322⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        323⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        324⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        325⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        326⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        327⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        328⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        329⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        330⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        331⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        332⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        333⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        334⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        335⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        336⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        337⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        338⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        339⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        340⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        341⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        342⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        343⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        344⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        345⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        346⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        347⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        348⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        349⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        350⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        351⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        352⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        353⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        354⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        355⤵
        System Location Discovery: System Language Discovery
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        356⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        357⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        358⤵
        System Location Discovery: System Language Discovery
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        359⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        360⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        361⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        362⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        363⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        364⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        365⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        366⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        367⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        368⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        369⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        370⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        371⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        372⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        373⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        374⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        375⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        376⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        377⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        378⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        379⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        380⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        381⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        382⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        383⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        384⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        385⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        386⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        387⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        388⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        389⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        390⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        391⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        392⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        393⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        394⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        395⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        396⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        397⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        398⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        399⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        400⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        401⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        402⤵
        System Location Discovery: System Language Discovery
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        403⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        404⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        405⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        406⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        407⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        408⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        409⤵
        System Location Discovery: System Language Discovery
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        410⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        411⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        412⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        413⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        414⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        415⤵
        System Location Discovery: System Language Discovery
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        416⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        417⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        418⤵
        Drops file in Program Files directory
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        419⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        420⤵
        Drops file in Program Files directory
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        421⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        422⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        423⤵
        Drops file in Program Files directory
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        424⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        425⤵
        System Location Discovery: System Language Discovery
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        426⤵
        Drops file in Program Files directory
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        427⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        429⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        430⤵
        Drops file in Program Files directory
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        431⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        432⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        433⤵
        Drops file in Program Files directory
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        434⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        435⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        436⤵
        Drops file in Program Files directory
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        437⤵
        Drops file in Program Files directory
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        438⤵
        Drops file in Program Files directory
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        439⤵
        Drops file in Program Files directory
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        440⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        441⤵
        Drops file in Program Files directory
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        442⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        443⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        444⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        445⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        446⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        447⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        448⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        449⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        450⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        451⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        452⤵
        System Location Discovery: System Language Discovery
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        453⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        454⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        455⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        456⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        457⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        458⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        459⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        460⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        461⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        462⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        463⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        464⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        465⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        466⤵
        System Location Discovery: System Language Discovery
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        467⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        468⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        469⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        470⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        471⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        472⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        473⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        475⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        476⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        477⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        478⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        479⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        480⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        481⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        482⤵
        System Location Discovery: System Language Discovery
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        483⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        484⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        485⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        486⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        487⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        488⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        489⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        490⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        491⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        492⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        493⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        494⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        495⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        496⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        497⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        498⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        499⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        500⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        501⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        502⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        503⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        504⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        505⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        506⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        507⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        508⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        509⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        510⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        511⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        512⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        513⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        514⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        515⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        516⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        517⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        518⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        519⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        520⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        521⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        522⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        523⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        524⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        525⤵
        System Location Discovery: System Language Discovery
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        526⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        527⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        528⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        529⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        530⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        531⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        532⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        533⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        534⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        535⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        536⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        537⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        538⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        539⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        540⤵
        System Location Discovery: System Language Discovery
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        541⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        542⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        543⤵
        System Location Discovery: System Language Discovery
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        544⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        545⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        546⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        547⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        548⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        549⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        550⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        551⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        552⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        553⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        554⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        555⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        556⤵
        System Location Discovery: System Language Discovery
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        557⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        558⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        559⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        560⤵
        System Location Discovery: System Language Discovery
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        561⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        562⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        563⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        564⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        565⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        566⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        567⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        568⤵
        System Location Discovery: System Language Discovery
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        569⤵
        System Location Discovery: System Language Discovery
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        570⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        571⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        572⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        573⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        574⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        575⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        576⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        577⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        578⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        579⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        580⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        581⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        582⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        583⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        584⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        585⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        586⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        587⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        588⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        589⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        590⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        591⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        592⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        593⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        594⤵
        System Location Discovery: System Language Discovery
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        595⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        596⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        597⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        598⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        599⤵
        System Location Discovery: System Language Discovery
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        600⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        601⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        602⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        603⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        604⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        605⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        606⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        607⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        608⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        609⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        610⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        611⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        612⤵
        System Location Discovery: System Language Discovery
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        613⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        614⤵
        System Location Discovery: System Language Discovery
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        615⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        616⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        617⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        618⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        619⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        620⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        621⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        622⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        623⤵
        System Location Discovery: System Language Discovery
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        624⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        625⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        626⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        627⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        628⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        629⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        630⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        631⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        632⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        633⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        634⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        635⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        636⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        637⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        638⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        639⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        640⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        641⤵
        System Location Discovery: System Language Discovery
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        642⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        643⤵
        System Location Discovery: System Language Discovery
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        644⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        645⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        646⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        647⤵
        System Location Discovery: System Language Discovery
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        648⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        649⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        650⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        651⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        652⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        653⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        654⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        655⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        656⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        657⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        658⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        659⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        660⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        661⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        662⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        663⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        664⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        665⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        666⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        667⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        668⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        669⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        670⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        671⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        672⤵
        System Location Discovery: System Language Discovery
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        673⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        674⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        675⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        676⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        677⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        678⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        679⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        680⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        681⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        682⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        683⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        684⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        685⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        686⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        687⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        688⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        689⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        690⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        691⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        692⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        693⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        694⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        695⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        696⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        697⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        698⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        699⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        700⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        701⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        702⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        703⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        704⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        705⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        706⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        707⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2a08da6710c5f4af9f1dfe92a9df3dd0N.exe"
        708⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 448
        442⤵
        Program crash
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 448
        442⤵
        Program crash
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 456
        439⤵
        Program crash
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 476
        439⤵
        Program crash
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 448
        433⤵
        Program crash
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 448
        429⤵
        Program crash
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 476
        429⤵
        Program crash
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 440
        422⤵
        Program crash
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 368
        420⤵
        Program crash
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 436
        419⤵
        Program crash
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 436
        281⤵
        Program crash
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 436
        281⤵
        Program crash
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 440
        280⤵
        Program crash
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 440
        280⤵
        Program crash
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 396
        231⤵
        Program crash
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 456
        231⤵
        Program crash
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 208
        230⤵
        Program crash
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 436
        223⤵
        Program crash
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 436
        223⤵
        Program crash
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 436
        222⤵
        Program crash
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 472
        222⤵
        Program crash
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 460
        221⤵
        Program crash
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 392
        220⤵
        Program crash
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 432
        175⤵
        Program crash
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 428
        171⤵
        Program crash
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 452
        146⤵
        Program crash
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 436
        138⤵
        Program crash
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 452
        136⤵
        Program crash
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 452
        136⤵
        Program crash
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 444
        135⤵
        Program crash
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 444
        135⤵
        Program crash
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 436
        134⤵
        Program crash
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 448
        40⤵
        Program crash
        
        PID:14616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 440
        26⤵
        Program crash
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 440
        25⤵
        Program crash
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 440
        25⤵
        Program crash
        
        PID:6684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 440
        6⤵
        Program crash
        
        PID:5140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 440
        6⤵
        Program crash
        
        PID:6252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 440
        5⤵
        Program crash
        
        PID:5972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 440
        5⤵
        Program crash
        
        PID:5136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 440
      4⤵
      Program crash
      PID:5208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 440
      4⤵
      Program crash
      PID:5488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 440
    3⤵
    - Program crash
    PID:1172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 440
    3⤵
    - Program crash
    PID:4432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 468
  2⤵
  - Program crash
  PID:3856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 468
  2⤵
  - Program crash
  PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4312 -ip 4312
1⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4312 -ip 4312
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2068 -ip 2068
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2068 -ip 2068
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2428 -ip 2428
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2428 -ip 2428
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4252 -ip 4252
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4252 -ip 4252
1⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4964 -ip 4964
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4964 -ip 4964
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2012 -ip 2012
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2012 -ip 2012
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5696 -ip 5696
1⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5712 -ip 5712
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5728 -ip 5728
1⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5964 -ip 5964
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5992 -ip 5992
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6012 -ip 6012
1⤵
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5744 -ip 5744
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6032 -ip 6032
1⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6044 -ip 6044
1⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6060 -ip 6060
1⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1420 -ip 1420
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6076 -ip 6076
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6100 -ip 6100
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4456 -ip 4456
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6136 -ip 6136
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6120 -ip 6120
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5432 -ip 5432
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6012 -ip 6012
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5776 -ip 5776
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5512 -ip 5512
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5488 -ip 5488
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5208 -ip 5208
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3616 -ip 3616
1⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5812 -ip 5812
1⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4956 -ip 4956
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5792 -ip 5792
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5144 -ip 5144
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4544 -ip 4544
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5124 -ip 5124
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4612 -ip 4612
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5872 -ip 5872
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5232 -ip 5232
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5848 -ip 5848
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5804 -ip 5804
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5884 -ip 5884
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1172 -ip 1172
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5832 -ip 5832
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3208 -ip 3208
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5932 -ip 5932
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5896 -ip 5896
1⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5820 -ip 5820
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5980 -ip 5980
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3276 -ip 3276
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6032 -ip 6032
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5992 -ip 5992
1⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5744 -ip 5744
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5976 -ip 5976
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1420 -ip 1420
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6044 -ip 6044
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6060 -ip 6060
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4456 -ip 4456
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6076 -ip 6076
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6120 -ip 6120
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6136 -ip 6136
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6100 -ip 6100
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5432 -ip 5432
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5776 -ip 5776
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5512 -ip 5512
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5488 -ip 5488
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4956 -ip 4956
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3616 -ip 3616
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5812 -ip 5812
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5144 -ip 5144
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5792 -ip 5792
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5208 -ip 5208
1⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4544 -ip 4544
1⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4612 -ip 4612
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5872 -ip 5872
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5232 -ip 5232
1⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5848 -ip 5848
1⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5124 -ip 5124
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5804 -ip 5804
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5884 -ip 5884
1⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1172 -ip 1172
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3208 -ip 3208
1⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5980 -ip 5980
1⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5932 -ip 5932
1⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5832 -ip 5832
1⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5820 -ip 5820
1⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5896 -ip 5896
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3276 -ip 3276
1⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5976 -ip 5976
1⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5696 -ip 5696
1⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5728 -ip 5728
1⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5712 -ip 5712
1⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5964 -ip 5964
1⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7664 -ip 7664
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5912 -ip 5912
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1152 -ip 1152
1⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6216 -ip 6216
1⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3144 -ip 3144
1⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 436 -ip 436
1⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6332 -ip 6332
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6292 -ip 6292
1⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6212 -ip 6212
1⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 1512 -ip 1512
1⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6332 -ip 6332
1⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6292 -ip 6292
1⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 436 -ip 436
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4008 -ip 4008
1⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6212 -ip 6212
1⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7176 -ip 7176
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1512 -ip 1512
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7540 -ip 7540
1⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4008 -ip 4008
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7176 -ip 7176
1⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5912 -ip 5912
1⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6216 -ip 6216
1⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3144 -ip 3144
1⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1152 -ip 1152
1⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7540 -ip 7540
1⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7664 -ip 7664
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7624 -ip 7624
1⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7624 -ip 7624
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 8100 -ip 8100
1⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5740 -ip 5740
1⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5712 -ip 5712
1⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7884 -ip 7884
1⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 8700 -ip 8700
1⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 9236 -ip 9236
1⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 9256 -ip 9256
1⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 9272 -ip 9272
1⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7884 -ip 7884
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 9304 -ip 9304
1⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 9288 -ip 9288
1⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 9236 -ip 9236
1⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 9336 -ip 9336
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9320 -ip 9320
1⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 9400 -ip 9400
1⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 8700 -ip 8700
1⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9272 -ip 9272
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 9256 -ip 9256
1⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 9460 -ip 9460
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 9428 -ip 9428
1⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 9288 -ip 9288
1⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 9304 -ip 9304
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 9444 -ip 9444
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 9476 -ip 9476
1⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 9492 -ip 9492
1⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 9400 -ip 9400
1⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 9336 -ip 9336
1⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 9508 -ip 9508
1⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9524 -ip 9524
1⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 9460 -ip 9460
1⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 9540 -ip 9540
1⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 9556 -ip 9556
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 9476 -ip 9476
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 9572 -ip 9572
1⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 9588 -ip 9588
1⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 9428 -ip 9428
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 9604 -ip 9604
1⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9492 -ip 9492
1⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5740 -ip 5740
1⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9444 -ip 9444
1⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9556 -ip 9556
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 9524 -ip 9524
1⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 9508 -ip 9508
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 9572 -ip 9572
1⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5712 -ip 5712
1⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 9604 -ip 9604
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8100 -ip 8100
1⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 9320 -ip 9320
1⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 9540 -ip 9540
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 9588 -ip 9588
1⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3480 -ip 3480
1⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1408 -ip 1408
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2688 -ip 2688
1⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3420 -ip 3420
1⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2604 -ip 2604
1⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 1404 -ip 1404
1⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5020 -ip 5020
1⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1240 -ip 1240
1⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1644 -ip 1644
1⤵
PID:13924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2408 -ip 2408
1⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1400 -ip 1400
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2980 -ip 2980
1⤵
PID:14688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4488 -ip 4488
1⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1432 -ip 1432
1⤵
PID:14352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1548 -ip 1548
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2196 -ip 2196
1⤵
PID:14416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2984 -ip 2984
1⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2944 -ip 2944
1⤵
PID:14588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4140 -ip 4140
1⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2600 -ip 2600
1⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4524 -ip 4524
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2028 -ip 2028
1⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2688 -ip 2688
1⤵
PID:13776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1408 -ip 1408
1⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3376 -ip 3376
1⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2304 -ip 2304
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1004 -ip 1004
1⤵
PID:14420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4492 -ip 4492
1⤵
PID:14760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4664 -ip 4664
1⤵
PID:14804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1932 -ip 1932
1⤵
PID:14820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4560 -ip 4560
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 764 -ip 764
1⤵
PID:15320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5068 -ip 5068
1⤵
PID:14404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1720 -ip 1720
1⤵
PID:14524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4604 -ip 4604
1⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4620 -ip 4620
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4356 -ip 4356
1⤵
PID:14768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3528 -ip 3528
1⤵
PID:13528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3900 -ip 3900
1⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1516 -ip 1516
1⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4108 -ip 4108
1⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3744 -ip 3744
1⤵
PID:14876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 1148 -ip 1148
1⤵
PID:14900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3988 -ip 3988
1⤵
PID:14936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1200 -ip 1200
1⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3048 -ip 3048
1⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2912 -ip 2912
1⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 232 -ip 232
1⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2524 -ip 2524
1⤵
PID:14368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4992 -ip 4992
1⤵
PID:14376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 208 -ip 208
1⤵
PID:14576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1908 -ip 1908
1⤵
PID:14896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2364 -ip 2364
1⤵
PID:15024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2604 -ip 2604
1⤵
PID:15136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1240 -ip 1240
1⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1644 -ip 1644
1⤵
PID:15220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5020 -ip 5020
1⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 1404 -ip 1404
1⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 3420 -ip 3420
1⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 2408 -ip 2408
1⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4488 -ip 4488
1⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 2980 -ip 2980
1⤵
PID:14612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 2984 -ip 2984
1⤵
PID:14940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 1548 -ip 1548
1⤵
PID:14772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 2196 -ip 2196
1⤵
PID:14908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 2944 -ip 2944
1⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 4140 -ip 4140
1⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 1400 -ip 1400
1⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2600 -ip 2600
1⤵
PID:14472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2028 -ip 2028
1⤵
PID:15016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 4524 -ip 4524
1⤵
PID:15188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1256 -p 2304 -ip 2304
1⤵
PID:15268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3376 -ip 3376
1⤵
PID:15300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4664 -ip 4664
1⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 1932 -ip 1932
1⤵
PID:15344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 4560 -ip 4560
1⤵
PID:13804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 4492 -ip 4492
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1004 -ip 1004
1⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 764 -ip 764
1⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5068 -ip 5068
1⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1720 -ip 1720
1⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 4604 -ip 4604
1⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 1516 -ip 1516
1⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 4620 -ip 4620
1⤵
PID:13488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 3528 -ip 3528
1⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 4356 -ip 4356
1⤵
PID:14228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 3900 -ip 3900
1⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 11612 -ip 11612
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 11748 -ip 11748
1⤵
PID:13368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 3744 -ip 3744
1⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1148 -ip 1148
1⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 11528 -ip 11528
1⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 4108 -ip 4108
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 1200 -ip 1200
1⤵
PID:13820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
5c4d7453a712b5d8d8cc7e85eb922e68

SHA1
eccbe6bf8deeb8544fcb9dcb93426eac586bdd1f

SHA256
ff52b43dc66761da079d7fdf0e8558888911115b6709a3c51f68423b82fc0d6f

SHA512
29d3887223307db278dbde94c62e8ba863fba9c5924980c7e92313bd956c65698f8a56e5691ee3f6435bab1c19c700e53994633d2173dc58f105d4a798bfc5f4

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.3MB

MD5
be03709eb2126abeb6498d6c649ca9e6

SHA1
839c2ef3301997e636fdee3256ae12ee67b5333e

SHA256
bb47820292482b117bff731092636c2b995f86f78c459b8d1094fd2691a3a9b4

SHA512
c045c1abaf6f4c24acbaeb93f3188970db3b58f9bce24bc30ebbce92a0823bde3d8a396dc0cdc4ed1cc28f3dbf0091a9df6c11278164c7516c69726f4ddace8e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
624KB

MD5
7aa0bce62b1a24ec4dace9faf56da493

SHA1
f635f5913224c5fec29e07bb71d337d7e27a5b4e

SHA256
aac9043dbb76daa2c27ad7296835684050d7471f4bcb216ffdc573554a49bde9

SHA512
e2a3520ce622c46fb2fa1c86e0ff8daf218bc3b64c6fb833154318cccb6911de12f84265185a1adf7709981fe12e47e77edf89709a6ae63733d542415ee61b1c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.8MB

MD5
55707f019d4fa84c00d9689d95f96376

SHA1
303708521ca5b48a18675bc86cde8a60ec1dec84

SHA256
c17b2bf61240a1273770324408a426349011b8b17b35851f4553020cb90dc5aa

SHA512
b93af24ca0db61035bb719f3caa71faddfe1f6743aeea3116ec6cbe48388689faca116eea1ad02aa8d59d557f2a3b3d88e3eb6651bbaa4bde7ab46bc80fb3a36

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXA666.tmp

Filesize
1.5MB

MD5
4e9a4072a06781f1e0933973e9ef5478

SHA1
72ad13feda9e39dc7f3abbe16c31b9494ddb3c63

SHA256
f5d5f45e2e830e304a48dd889a5de68821cbfa05f535e4856fe2946f018028c8

SHA512
88a38b98990d6ea2b1241836554c4ad4a95db61d5abfeb63219fe97445adcb70b390a62988cc25e9f00da0025e6db842a0755975957d8758377bde31624c51fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc9DA8.tmp

Filesize
641KB

MD5
2a08da6710c5f4af9f1dfe92a9df3dd0

SHA1
cb69f404b6376a193a5ec29b4fc54614162110ea

SHA256
89e61e6d81a87b3972b2038a4ac0704a74bce56040ea57a01088023dce1823d3

SHA512
ca93e3ccd626595585ecd02b0936c3a11108708a123aef9617ce6b90673a067c4045dbdde355719862c43c26c21d187ba0cb08ae70d278abf14bd58b0dc3eef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA1A0.tmp

Filesize
620KB

MD5
9e103f9e0fee9adb30614a47101c640f

SHA1
cf076689cfbb7aa13ba239ff4236971381c80ac2

SHA256
799e2f95631632156cc2ff4af2c52e36d046e1a987eead22a592f355719cfead

SHA512
c341bb68314794780d4ba748c4b2287fa2208a85e4829d3105c3cd289ed154de81f92b1587912763e79cb9ac03ed03209f3e46eb31a42256bb0d8419b02fca0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA430.tmp

Filesize
605KB

MD5
8cc235147b9080bbb9fb40edc5f97997

SHA1
fe6b00f6bc1f0500e8a105928d7a4872e97fbc54

SHA256
5d9e79976a4864d24d3d1de8ebc06f78d867a64d2be79d0c1aff66e165c4f33d

SHA512
e8d0904a01ce25a4c99325ac45a8c5ea221d9d3507ec8d7a29c239aa89d16bea54dc8d147f818e2e2cd43fd8642235102a6b46ae688bd0155f310b3a4664500c

Download Submit
memory/972-237-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1076-253-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1172-1166-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1232-250-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1420-1142-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1588-246-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2012-276-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2068-135-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2084-242-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2212-238-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2280-252-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2360-275-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2428-172-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2960-251-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3132-243-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3208-1176-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3564-240-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3616-1153-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3640-245-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/3792-247-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4088-249-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4252-215-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4312-94-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4456-1141-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4544-1158-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4612-1159-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4688-239-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4748-244-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4904-248-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4956-1150-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4964-254-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5108-241-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5124-1162-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5144-1155-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5208-1156-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5232-1161-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5432-1151-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5488-1149-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5512-1152-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5696-1172-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5744-1140-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5776-1148-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5792-1157-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5804-1163-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5812-1154-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5820-1168-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5832-1167-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5848-1160-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5872-1164-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5884-1165-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5896-1171-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5932-1169-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5964-1174-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5976-1173-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5980-1170-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/5992-1139-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6012-1137-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6032-1138-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6044-1145-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6060-1143-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6076-1144-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6100-1147-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6120-1175-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6136-1146-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download