26d98e0de670589c407e9c299cf29def69fe0775e6da6b242e6b8a5db5904f08

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0cd5289e6da9f91801489efacb1dbc0N.exe
Size

2.7MB
MD5

b0cd5289e6da9f91801489efacb1dbc0
SHA1

070b7df7cdfff462949b40b9fb82eb1ecd10311f
SHA256

26d98e0de670589c407e9c299cf29def69fe0775e6da6b242e6b8a5db5904f08
SHA512

9a64807dac79607193cdaecaafc4ea39fbbf35903825162287458da92917dcab8483b57b449ec4e1de0c662779734a97ce0870874b47f4b855782fd0b950f7c6
SSDEEP

49152:7/2l0chEnLKz6L0LNwvu7AYC28Np2fjuguBHllRAT/B3277cEFYDlQ419zJ:ghELKz6LSNwvu7HiWuBHDRA1277BFGlD

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b0cd5289e6da9f91801489efacb1dbc0N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
5884	1540	WerFault.exe	82
5424	1540	WerFault.exe	82
6172	4436	WerFault.exe	83
6408	4436	WerFault.exe	83
7016	456	WerFault.exe	85
6832	456	WerFault.exe	85
7536	1384	WerFault.exe	90
7736	1384	WerFault.exe	90
8928	5316	WerFault.exe	228
9088	5224	WerFault.exe	224
9076	5692	WerFault.exe	198
9012	5956	WerFault.exe	212
8756	5316	WerFault.exe	228
8896	5692	WerFault.exe	198
8788	5956	WerFault.exe	212
8392	5284	WerFault.exe	226
5792	1812	WerFault.exe
6068	8140	WerFault.exe	398
8048	8564	WerFault.exe	378
7716	8016	WerFault.exe	390
7840	8016	WerFault.exe	390
8528	1812	WerFault.exe	372
5320	7656	WerFault.exe	332
2212	7656	WerFault.exe	332
836	7772	WerFault.exe	335
5184	7772	WerFault.exe	335
7872	7756	WerFault.exe	337
7268	6692	WerFault.exe	280
1868	6716	WerFault.exe	281
8568	6748	WerFault.exe	282
9264	6548	WerFault.exe	314
9804	6176	WerFault.exe	299
9728	6968	WerFault.exe	310
10224	6548	WerFault.exe	314
7056	7756	WerFault.exe	337
10180	984	WerFault.exe	158
9852	7948	WerFault.exe	459
9300	7852	WerFault.exe	460
9524	984	WerFault.exe	158
7140	7948	WerFault.exe	459
10252	7852	WerFault.exe	460
10816	1624	WerFault.exe	159
11112	1624	WerFault.exe	159
10580	4980	WerFault.exe	160
10256	2596	WerFault.exe	108
2724	560	WerFault.exe	109
10788	2640	WerFault.exe	111
13508	4052	WerFault.exe	148
11780	10832	WerFault.exe	841
3380	10600	WerFault.exe	833
12616	4980	Process not Found	160
13348	5220	Process not Found	243
10264	8580	Process not Found	481
10476	6124	Process not Found	475
14284	8100	Process not Found	479
5552	8420	Process not Found	499
12572	8108	Process not Found	507
11588	5180	Process not Found	510
13380	5220	Process not Found	243
13708	11036	Process not Found	883
10596	8392	Process not Found	812
10608	11036	Process not Found	883
9180	11580	Process not Found	888
10316	8392	Process not Found	812

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0cd5289e6da9f91801489efacb1dbc0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1540	b0cd5289e6da9f91801489efacb1dbc0N.exe
1540	b0cd5289e6da9f91801489efacb1dbc0N.exe
4436	b0cd5289e6da9f91801489efacb1dbc0N.exe
4436	b0cd5289e6da9f91801489efacb1dbc0N.exe
456	b0cd5289e6da9f91801489efacb1dbc0N.exe
456	b0cd5289e6da9f91801489efacb1dbc0N.exe
5104	b0cd5289e6da9f91801489efacb1dbc0N.exe
5104	b0cd5289e6da9f91801489efacb1dbc0N.exe
1868	b0cd5289e6da9f91801489efacb1dbc0N.exe
1868	b0cd5289e6da9f91801489efacb1dbc0N.exe
4692	b0cd5289e6da9f91801489efacb1dbc0N.exe
4692	b0cd5289e6da9f91801489efacb1dbc0N.exe
572	b0cd5289e6da9f91801489efacb1dbc0N.exe
572	b0cd5289e6da9f91801489efacb1dbc0N.exe
1384	b0cd5289e6da9f91801489efacb1dbc0N.exe
1384	b0cd5289e6da9f91801489efacb1dbc0N.exe
2152	b0cd5289e6da9f91801489efacb1dbc0N.exe
2152	b0cd5289e6da9f91801489efacb1dbc0N.exe
2524	b0cd5289e6da9f91801489efacb1dbc0N.exe
2524	b0cd5289e6da9f91801489efacb1dbc0N.exe
3432	b0cd5289e6da9f91801489efacb1dbc0N.exe
3432	b0cd5289e6da9f91801489efacb1dbc0N.exe
2412	b0cd5289e6da9f91801489efacb1dbc0N.exe
2412	b0cd5289e6da9f91801489efacb1dbc0N.exe
2996	b0cd5289e6da9f91801489efacb1dbc0N.exe
2996	b0cd5289e6da9f91801489efacb1dbc0N.exe
836	b0cd5289e6da9f91801489efacb1dbc0N.exe
836	b0cd5289e6da9f91801489efacb1dbc0N.exe
644	b0cd5289e6da9f91801489efacb1dbc0N.exe
644	b0cd5289e6da9f91801489efacb1dbc0N.exe
4600	b0cd5289e6da9f91801489efacb1dbc0N.exe
4600	b0cd5289e6da9f91801489efacb1dbc0N.exe
4544	b0cd5289e6da9f91801489efacb1dbc0N.exe
4544	b0cd5289e6da9f91801489efacb1dbc0N.exe
1788	b0cd5289e6da9f91801489efacb1dbc0N.exe
1788	b0cd5289e6da9f91801489efacb1dbc0N.exe
2764	b0cd5289e6da9f91801489efacb1dbc0N.exe
2764	b0cd5289e6da9f91801489efacb1dbc0N.exe
4068	b0cd5289e6da9f91801489efacb1dbc0N.exe
4068	b0cd5289e6da9f91801489efacb1dbc0N.exe
4632	b0cd5289e6da9f91801489efacb1dbc0N.exe
4632	b0cd5289e6da9f91801489efacb1dbc0N.exe
3992	b0cd5289e6da9f91801489efacb1dbc0N.exe
3992	b0cd5289e6da9f91801489efacb1dbc0N.exe
1992	b0cd5289e6da9f91801489efacb1dbc0N.exe
1992	b0cd5289e6da9f91801489efacb1dbc0N.exe
2596	b0cd5289e6da9f91801489efacb1dbc0N.exe
2596	b0cd5289e6da9f91801489efacb1dbc0N.exe
560	b0cd5289e6da9f91801489efacb1dbc0N.exe
560	b0cd5289e6da9f91801489efacb1dbc0N.exe
4176	b0cd5289e6da9f91801489efacb1dbc0N.exe
4176	b0cd5289e6da9f91801489efacb1dbc0N.exe
2640	b0cd5289e6da9f91801489efacb1dbc0N.exe
2640	b0cd5289e6da9f91801489efacb1dbc0N.exe
1920	b0cd5289e6da9f91801489efacb1dbc0N.exe
1920	b0cd5289e6da9f91801489efacb1dbc0N.exe
916	b0cd5289e6da9f91801489efacb1dbc0N.exe
916	b0cd5289e6da9f91801489efacb1dbc0N.exe
4984	b0cd5289e6da9f91801489efacb1dbc0N.exe
4984	b0cd5289e6da9f91801489efacb1dbc0N.exe
4580	b0cd5289e6da9f91801489efacb1dbc0N.exe
4580	b0cd5289e6da9f91801489efacb1dbc0N.exe
1392	b0cd5289e6da9f91801489efacb1dbc0N.exe
1392	b0cd5289e6da9f91801489efacb1dbc0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 4436	1540	b0cd5289e6da9f91801489efacb1dbc0N.exe	83
PID 1540 wrote to memory of 4436	1540	b0cd5289e6da9f91801489efacb1dbc0N.exe	83
PID 1540 wrote to memory of 4436	1540	b0cd5289e6da9f91801489efacb1dbc0N.exe	83
PID 4436 wrote to memory of 456	4436	b0cd5289e6da9f91801489efacb1dbc0N.exe	85
PID 4436 wrote to memory of 456	4436	b0cd5289e6da9f91801489efacb1dbc0N.exe	85
PID 4436 wrote to memory of 456	4436	b0cd5289e6da9f91801489efacb1dbc0N.exe	85
PID 456 wrote to memory of 5104	456	b0cd5289e6da9f91801489efacb1dbc0N.exe	86
PID 456 wrote to memory of 5104	456	b0cd5289e6da9f91801489efacb1dbc0N.exe	86
PID 456 wrote to memory of 5104	456	b0cd5289e6da9f91801489efacb1dbc0N.exe	86
PID 5104 wrote to memory of 1868	5104	b0cd5289e6da9f91801489efacb1dbc0N.exe	87
PID 5104 wrote to memory of 1868	5104	b0cd5289e6da9f91801489efacb1dbc0N.exe	87
PID 5104 wrote to memory of 1868	5104	b0cd5289e6da9f91801489efacb1dbc0N.exe	87
PID 1868 wrote to memory of 4692	1868	b0cd5289e6da9f91801489efacb1dbc0N.exe	88
PID 1868 wrote to memory of 4692	1868	b0cd5289e6da9f91801489efacb1dbc0N.exe	88
PID 1868 wrote to memory of 4692	1868	b0cd5289e6da9f91801489efacb1dbc0N.exe	88
PID 4692 wrote to memory of 572	4692	b0cd5289e6da9f91801489efacb1dbc0N.exe	89
PID 4692 wrote to memory of 572	4692	b0cd5289e6da9f91801489efacb1dbc0N.exe	89
PID 4692 wrote to memory of 572	4692	b0cd5289e6da9f91801489efacb1dbc0N.exe	89
PID 572 wrote to memory of 1384	572	b0cd5289e6da9f91801489efacb1dbc0N.exe	90
PID 572 wrote to memory of 1384	572	b0cd5289e6da9f91801489efacb1dbc0N.exe	90
PID 572 wrote to memory of 1384	572	b0cd5289e6da9f91801489efacb1dbc0N.exe	90
PID 1384 wrote to memory of 2152	1384	b0cd5289e6da9f91801489efacb1dbc0N.exe	91
PID 1384 wrote to memory of 2152	1384	b0cd5289e6da9f91801489efacb1dbc0N.exe	91
PID 1384 wrote to memory of 2152	1384	b0cd5289e6da9f91801489efacb1dbc0N.exe	91
PID 2152 wrote to memory of 2524	2152	b0cd5289e6da9f91801489efacb1dbc0N.exe	92
PID 2152 wrote to memory of 2524	2152	b0cd5289e6da9f91801489efacb1dbc0N.exe	92
PID 2152 wrote to memory of 2524	2152	b0cd5289e6da9f91801489efacb1dbc0N.exe	92
PID 2524 wrote to memory of 3432	2524	b0cd5289e6da9f91801489efacb1dbc0N.exe	93
PID 2524 wrote to memory of 3432	2524	b0cd5289e6da9f91801489efacb1dbc0N.exe	93
PID 2524 wrote to memory of 3432	2524	b0cd5289e6da9f91801489efacb1dbc0N.exe	93
PID 3432 wrote to memory of 2412	3432	b0cd5289e6da9f91801489efacb1dbc0N.exe	94
PID 3432 wrote to memory of 2412	3432	b0cd5289e6da9f91801489efacb1dbc0N.exe	94
PID 3432 wrote to memory of 2412	3432	b0cd5289e6da9f91801489efacb1dbc0N.exe	94
PID 2412 wrote to memory of 2996	2412	b0cd5289e6da9f91801489efacb1dbc0N.exe	95
PID 2412 wrote to memory of 2996	2412	b0cd5289e6da9f91801489efacb1dbc0N.exe	95
PID 2412 wrote to memory of 2996	2412	b0cd5289e6da9f91801489efacb1dbc0N.exe	95
PID 2996 wrote to memory of 836	2996	b0cd5289e6da9f91801489efacb1dbc0N.exe	96
PID 2996 wrote to memory of 836	2996	b0cd5289e6da9f91801489efacb1dbc0N.exe	96
PID 2996 wrote to memory of 836	2996	b0cd5289e6da9f91801489efacb1dbc0N.exe	96
PID 836 wrote to memory of 644	836	b0cd5289e6da9f91801489efacb1dbc0N.exe	97
PID 836 wrote to memory of 644	836	b0cd5289e6da9f91801489efacb1dbc0N.exe	97
PID 836 wrote to memory of 644	836	b0cd5289e6da9f91801489efacb1dbc0N.exe	97
PID 644 wrote to memory of 4600	644	b0cd5289e6da9f91801489efacb1dbc0N.exe	99
PID 644 wrote to memory of 4600	644	b0cd5289e6da9f91801489efacb1dbc0N.exe	99
PID 644 wrote to memory of 4600	644	b0cd5289e6da9f91801489efacb1dbc0N.exe	99
PID 4600 wrote to memory of 4544	4600	b0cd5289e6da9f91801489efacb1dbc0N.exe	100
PID 4600 wrote to memory of 4544	4600	b0cd5289e6da9f91801489efacb1dbc0N.exe	100
PID 4600 wrote to memory of 4544	4600	b0cd5289e6da9f91801489efacb1dbc0N.exe	100
PID 4544 wrote to memory of 1788	4544	b0cd5289e6da9f91801489efacb1dbc0N.exe	101
PID 4544 wrote to memory of 1788	4544	b0cd5289e6da9f91801489efacb1dbc0N.exe	101
PID 4544 wrote to memory of 1788	4544	b0cd5289e6da9f91801489efacb1dbc0N.exe	101
PID 1788 wrote to memory of 2764	1788	b0cd5289e6da9f91801489efacb1dbc0N.exe	102
PID 1788 wrote to memory of 2764	1788	b0cd5289e6da9f91801489efacb1dbc0N.exe	102
PID 1788 wrote to memory of 2764	1788	b0cd5289e6da9f91801489efacb1dbc0N.exe	102
PID 2764 wrote to memory of 4068	2764	b0cd5289e6da9f91801489efacb1dbc0N.exe	103
PID 2764 wrote to memory of 4068	2764	b0cd5289e6da9f91801489efacb1dbc0N.exe	103
PID 2764 wrote to memory of 4068	2764	b0cd5289e6da9f91801489efacb1dbc0N.exe	103
PID 4068 wrote to memory of 4632	4068	b0cd5289e6da9f91801489efacb1dbc0N.exe	105
PID 4068 wrote to memory of 4632	4068	b0cd5289e6da9f91801489efacb1dbc0N.exe	105
PID 4068 wrote to memory of 4632	4068	b0cd5289e6da9f91801489efacb1dbc0N.exe	105
PID 4632 wrote to memory of 3992	4632	b0cd5289e6da9f91801489efacb1dbc0N.exe	106
PID 4632 wrote to memory of 3992	4632	b0cd5289e6da9f91801489efacb1dbc0N.exe	106
PID 4632 wrote to memory of 3992	4632	b0cd5289e6da9f91801489efacb1dbc0N.exe	106
PID 3992 wrote to memory of 1992	3992	b0cd5289e6da9f91801489efacb1dbc0N.exe	107

C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
"C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        16⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        26⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        30⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        31⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        32⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        33⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        34⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        35⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        36⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        39⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        40⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        42⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        43⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        44⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        45⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        47⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        48⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        49⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        50⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        51⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        52⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        53⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        54⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        55⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        56⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        58⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        60⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        61⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        62⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        63⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        64⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        65⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        66⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        67⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        68⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        69⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        70⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        71⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        72⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        73⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        74⤵
        Drops file in Program Files directory
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        75⤵
        Drops file in Program Files directory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        76⤵
        Drops file in Program Files directory
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        77⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        78⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        79⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        80⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        81⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        82⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        83⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        84⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        85⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        86⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        87⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        88⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        89⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        90⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        91⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        92⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        93⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        94⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        96⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        97⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        98⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        99⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        100⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        102⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        103⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        104⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        105⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        106⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        107⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        108⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        109⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        110⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        111⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        112⤵
        Drops file in Program Files directory
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        113⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        114⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        115⤵
        Drops file in Program Files directory
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        116⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        117⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        119⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        120⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        121⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        122⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        123⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        124⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        125⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        126⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        127⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        128⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        129⤵
        Drops file in Program Files directory
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        130⤵
        Drops file in Program Files directory
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        131⤵
        Drops file in Program Files directory
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        132⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        135⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        136⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        137⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        138⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        139⤵
        Drops file in Program Files directory
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        140⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        141⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        142⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        143⤵
        Drops file in Program Files directory
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        144⤵
        Drops file in Program Files directory
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        145⤵
        Drops file in Program Files directory
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        146⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        147⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        148⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        149⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        150⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        151⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        153⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        154⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        156⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        157⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        158⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        159⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        160⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        162⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        163⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        164⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        165⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        166⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        167⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        169⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        170⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        171⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        173⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        174⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        176⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        177⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        178⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        180⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        181⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        183⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        184⤵
        Drops file in Program Files directory
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        185⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        186⤵
        Drops file in Program Files directory
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        187⤵
        Drops file in Program Files directory
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        188⤵
        Drops file in Program Files directory
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        189⤵
        Drops file in Program Files directory
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        190⤵
        Drops file in Program Files directory
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        191⤵
        Drops file in Program Files directory
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        192⤵
        Drops file in Program Files directory
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        193⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        194⤵
        Drops file in Program Files directory
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        195⤵
        Drops file in Program Files directory
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        196⤵
        Drops file in Program Files directory
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        197⤵
        Drops file in Program Files directory
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        199⤵
        Drops file in Program Files directory
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        200⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        201⤵
        Drops file in Program Files directory
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        202⤵
        Drops file in Program Files directory
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        203⤵
        Drops file in Program Files directory
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        204⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        205⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        206⤵
        Drops file in Program Files directory
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        207⤵
        Drops file in Program Files directory
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        208⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        209⤵
        Drops file in Program Files directory
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        210⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        211⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        212⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        213⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        214⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        215⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        216⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        217⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        218⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        219⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        220⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        221⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        222⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        223⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        224⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        225⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        226⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        227⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        228⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        229⤵
        Drops file in Program Files directory
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        230⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        231⤵
        Drops file in Program Files directory
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        232⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        233⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        234⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        235⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        236⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        237⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        238⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        239⤵
        System Location Discovery: System Language Discovery
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        241⤵
        Drops file in Program Files directory
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        242⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        243⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        244⤵
        Drops file in Program Files directory
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        245⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        246⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        247⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        248⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        249⤵
        Drops file in Program Files directory
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        250⤵
        Drops file in Program Files directory
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        251⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        252⤵
        System Location Discovery: System Language Discovery
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        253⤵
        Drops file in Program Files directory
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        254⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        255⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        256⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        257⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        258⤵
        Drops file in Program Files directory
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        259⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        260⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        261⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        262⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        263⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        264⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        265⤵
        System Location Discovery: System Language Discovery
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        266⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        267⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        268⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        269⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        270⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        271⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        272⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        273⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        274⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        275⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        276⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        277⤵
        Drops file in Program Files directory
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        278⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        279⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        280⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        281⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        282⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        283⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        284⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        285⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        286⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        287⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        288⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        289⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        290⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        291⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        292⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        293⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        294⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        295⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        296⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        297⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        298⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        299⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        300⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        301⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        302⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        303⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        304⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        305⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        306⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        307⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        308⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        309⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        310⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        311⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        312⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        313⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        314⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        315⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        316⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        317⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        318⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        319⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        320⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        321⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        322⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        323⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        324⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        325⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        326⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        327⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        328⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        329⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        330⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        331⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        332⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        333⤵
        System Location Discovery: System Language Discovery
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        334⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        335⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        336⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        337⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        338⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        339⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        340⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        341⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        342⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        343⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        344⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        345⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        346⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        347⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        348⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        349⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        350⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        351⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        352⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        353⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        354⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        355⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        356⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        357⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        358⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        359⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        360⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        361⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        362⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        363⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        364⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        365⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        366⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        367⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        368⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        369⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        370⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        371⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        372⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        373⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        374⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        375⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        376⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        377⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        378⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        379⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        380⤵
        System Location Discovery: System Language Discovery
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        381⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        382⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        383⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        384⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        385⤵
        System Location Discovery: System Language Discovery
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        386⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        387⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        388⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        389⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        390⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        391⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        392⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        393⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        394⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        395⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        396⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        397⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        398⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        399⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        400⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        401⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        402⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        403⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        404⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        405⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        406⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        407⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        408⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        409⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        410⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        411⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        412⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        413⤵
        System Location Discovery: System Language Discovery
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        414⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        415⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        416⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        417⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        418⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        419⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        420⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        421⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        422⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        423⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        424⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        425⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        426⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        427⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        429⤵
        System Location Discovery: System Language Discovery
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        430⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        431⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        432⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        433⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        434⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        435⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        436⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        437⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        438⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        439⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        440⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        441⤵
        System Location Discovery: System Language Discovery
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        442⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        443⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        444⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        445⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        446⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        447⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        448⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        449⤵
        System Location Discovery: System Language Discovery
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        450⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        451⤵
        System Location Discovery: System Language Discovery
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        452⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        453⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        454⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        455⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        456⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        457⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        458⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        459⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        460⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        461⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        462⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        463⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        464⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        465⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        466⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        467⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        468⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        469⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        470⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        471⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        472⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        473⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        475⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        476⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        477⤵
        System Location Discovery: System Language Discovery
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        478⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        479⤵
        System Location Discovery: System Language Discovery
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        480⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        481⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        482⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        483⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        484⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        485⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        486⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        487⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        488⤵
        System Location Discovery: System Language Discovery
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        489⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        490⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        491⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        492⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        493⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        494⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        495⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        496⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        497⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        498⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        499⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        500⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        501⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        502⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        503⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        504⤵
        System Location Discovery: System Language Discovery
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        505⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        506⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        507⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        508⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        509⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        510⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        511⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        512⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        513⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        514⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        515⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        516⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        517⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        518⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        519⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        520⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        522⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        523⤵
        System Location Discovery: System Language Discovery
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        524⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        525⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        526⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        527⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        528⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        529⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        530⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        531⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        532⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        533⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        534⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        535⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        536⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        537⤵
        System Location Discovery: System Language Discovery
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        538⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        539⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        540⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        541⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        542⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        543⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        544⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        545⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        546⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        547⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        548⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        549⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        550⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        551⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        552⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        553⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        554⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        555⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        556⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        557⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        558⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        559⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        560⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        561⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        562⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        563⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        564⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        565⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        566⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        567⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        568⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        569⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        570⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        571⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        572⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        573⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        574⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        575⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        576⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        577⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        578⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        579⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        580⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        581⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        582⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        583⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        584⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        585⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        586⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        587⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        588⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        589⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        590⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        591⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        592⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        593⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        594⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        595⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        596⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        597⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        598⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        599⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        600⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        601⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        602⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        603⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        604⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        605⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        606⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        607⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        608⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        609⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        610⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        611⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        612⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        613⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        614⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        615⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        616⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        617⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        618⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        619⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        620⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        621⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        622⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        623⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        624⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        625⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        626⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        627⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        628⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        629⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        630⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        631⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b0cd5289e6da9f91801489efacb1dbc0N.exe"
        632⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 368
        525⤵
        Program crash
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 428
        519⤵
        Program crash
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 428
        279⤵
        Program crash
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 392
        279⤵
        Program crash
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 428
        278⤵
        Program crash
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 428
        278⤵
        Program crash
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 440
        251⤵
        Program crash
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 428
        249⤵
        Program crash
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 428
        249⤵
        Program crash
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 384
        246⤵
        Program crash
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 368
        244⤵
        Program crash
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 368
        244⤵
        Program crash
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 440
        232⤵
        Program crash
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 440
        232⤵
        Program crash
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 440
        231⤵
        Program crash
        
        PID:836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 440
        231⤵
        Program crash
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 440
        230⤵
        Program crash
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 440
        230⤵
        Program crash
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 392
        214⤵
        Program crash
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 392
        214⤵
        Program crash
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 460
        210⤵
        Program crash
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 396
        201⤵
        Program crash
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 396
        187⤵
        Program crash
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 440
        186⤵
        Program crash
        
        PID:1868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 440
        185⤵
        Program crash
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 440
        142⤵
        Program crash
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 440
        142⤵
        Program crash
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 384
        140⤵
        Program crash
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 436
        138⤵
        Program crash
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 440
        126⤵
        Program crash
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 440
        126⤵
        Program crash
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 436
        115⤵
        Program crash
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 436
        115⤵
        Program crash
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 440
        77⤵
        Program crash
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 440
        76⤵
        Program crash
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 432
        76⤵
        Program crash
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 440
        75⤵
        Program crash
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 440
        75⤵
        Program crash
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 392
        65⤵
        Program crash
        
        PID:13508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 428
        28⤵
        Program crash
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 392
        26⤵
        Program crash
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 428
        25⤵
        Program crash
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 440
        9⤵
        Program crash
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 440
        9⤵
        Program crash
        
        PID:7736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 440
      4⤵
      Program crash
      PID:7016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 484
      4⤵
      Program crash
      PID:6832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 440
    3⤵
    - Program crash
    PID:6172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 440
    3⤵
    - Program crash
    PID:6408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 468
  2⤵
  - Program crash
  PID:5884
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 468
  2⤵
  - Program crash
  PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1540 -ip 1540
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1540 -ip 1540
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4436 -ip 4436
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4436 -ip 4436
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 456 -ip 456
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 456 -ip 456
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1384 -ip 1384
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1384 -ip 1384
1⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5316 -ip 5316
1⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5956 -ip 5956
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5224 -ip 5224
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5940 -ip 5940
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5232 -ip 5232
1⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5692 -ip 5692
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6124 -ip 6124
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5924 -ip 5924
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5908 -ip 5908
1⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5468 -ip 5468
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6060 -ip 6060
1⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5344 -ip 5344
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6140 -ip 6140
1⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5396 -ip 5396
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6028 -ip 6028
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6004 -ip 6004
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6092 -ip 6092
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5796 -ip 5796
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5676 -ip 5676
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5876 -ip 5876
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5816 -ip 5816
1⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5968 -ip 5968
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5840 -ip 5840
1⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5988 -ip 5988
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5300 -ip 5300
1⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5444 -ip 5444
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5284 -ip 5284
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6076 -ip 6076
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6108 -ip 6108
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5780 -ip 5780
1⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6044 -ip 6044
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5724 -ip 5724
1⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5656 -ip 5656
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5856 -ip 5856
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5232 -ip 5232
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6124 -ip 6124
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5940 -ip 5940
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5924 -ip 5924
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5468 -ip 5468
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5908 -ip 5908
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5344 -ip 5344
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6060 -ip 6060
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6028 -ip 6028
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5396 -ip 5396
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6140 -ip 6140
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6004 -ip 6004
1⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5816 -ip 5816
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5968 -ip 5968
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6092 -ip 6092
1⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5796 -ip 5796
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5676 -ip 5676
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5876 -ip 5876
1⤵
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5988 -ip 5988
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5444 -ip 5444
1⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5840 -ip 5840
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6076 -ip 6076
1⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5300 -ip 5300
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5284 -ip 5284
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5780 -ip 5780
1⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6108 -ip 6108
1⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6044 -ip 6044
1⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5856 -ip 5856
1⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5724 -ip 5724
1⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5656 -ip 5656
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5956 -ip 5956
1⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5316 -ip 5316
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5692 -ip 5692
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5224 -ip 5224
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 8564 -ip 8564
1⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1812 -ip 1812
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 8492 -ip 8492
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8604 -ip 8604
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7856 -ip 7856
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7952 -ip 7952
1⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 8016 -ip 8016
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 8064 -ip 8064
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5036 -ip 5036
1⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 8140 -ip 8140
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7468 -ip 7468
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4252 -ip 4252
1⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7452 -ip 7452
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7856 -ip 7856
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1144 -ip 1144
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7624 -ip 7624
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1816 -ip 1816
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 8564 -ip 8564
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 8492 -ip 8492
1⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 8604 -ip 8604
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5036 -ip 5036
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 8064 -ip 8064
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 8140 -ip 8140
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7952 -ip 7952
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7468 -ip 7468
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7452 -ip 7452
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4252 -ip 4252
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1144 -ip 1144
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7624 -ip 7624
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1816 -ip 1816
1⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 8016 -ip 8016
1⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1812 -ip 1812
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7656 -ip 7656
1⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7656 -ip 7656
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7772 -ip 7772
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7772 -ip 7772
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7756 -ip 7756
1⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6692 -ip 6692
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6716 -ip 6716
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6748 -ip 6748
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6768 -ip 6768
1⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6880 -ip 6880
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6972 -ip 6972
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7036 -ip 7036
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6768 -ip 6768
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7084 -ip 7084
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7108 -ip 7108
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6880 -ip 6880
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7140 -ip 7140
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5884 -ip 5884
1⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7156 -ip 7156
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7120 -ip 7120
1⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1432 -ip 1432
1⤵
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7036 -ip 7036
1⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5864 -ip 5864
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6300 -ip 6300
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6176 -ip 6176
1⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6972 -ip 6972
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6412 -ip 6412
1⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6804 -ip 6804
1⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6820 -ip 6820
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7084 -ip 7084
1⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6356 -ip 6356
1⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6856 -ip 6856
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6900 -ip 6900
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7108 -ip 7108
1⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6928 -ip 6928
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6968 -ip 6968
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4432 -ip 4432
1⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6940 -ip 6940
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7140 -ip 7140
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7120 -ip 7120
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5884 -ip 5884
1⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7156 -ip 7156
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6548 -ip 6548
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5352 -ip 5352
1⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7020 -ip 7020
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1432 -ip 1432
1⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5864 -ip 5864
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6176 -ip 6176
1⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6300 -ip 6300
1⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6804 -ip 6804
1⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6860 -ip 6860
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6356 -ip 6356
1⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6412 -ip 6412
1⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6820 -ip 6820
1⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6856 -ip 6856
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6900 -ip 6900
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6928 -ip 6928
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4432 -ip 4432
1⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6940 -ip 6940
1⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6968 -ip 6968
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7020 -ip 7020
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5352 -ip 5352
1⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6716 -ip 6716
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6748 -ip 6748
1⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6860 -ip 6860
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6692 -ip 6692
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6548 -ip 6548
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7756 -ip 7756
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 984 -ip 984
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7948 -ip 7948
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7852 -ip 7852
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 984 -ip 984
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7948 -ip 7948
1⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7852 -ip 7852
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1624 -ip 1624
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1624 -ip 1624
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4980 -ip 4980
1⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2596 -ip 2596
1⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 560 -ip 560
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4176 -ip 4176
1⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1920 -ip 1920
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2640 -ip 2640
1⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 916 -ip 916
1⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4984 -ip 4984
1⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4580 -ip 4580
1⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3916 -ip 3916
1⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3396 -ip 3396
1⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1392 -ip 1392
1⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3864 -ip 3864
1⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2632 -ip 2632
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1236 -ip 1236
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2480 -ip 2480
1⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1760 -ip 1760
1⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 872 -ip 872
1⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 916 -ip 916
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2276 -ip 2276
1⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3532 -ip 3532
1⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2256 -ip 2256
1⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1876 -ip 1876
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2156 -ip 2156
1⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 968 -ip 968
1⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1920 -ip 1920
1⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4176 -ip 4176
1⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5064 -ip 5064
1⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4984 -ip 4984
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 4884 -ip 4884
1⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4076 -ip 4076
1⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 4580 -ip 4580
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2868 -ip 2868
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2988 -ip 2988
1⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3916 -ip 3916
1⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 932 -ip 932
1⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4052 -ip 4052
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 428 -ip 428
1⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3508 -ip 3508
1⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 9988 -ip 9988
1⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2472 -ip 2472
1⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 8156 -ip 8156
1⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10072 -ip 10072
1⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6172 -ip 6172
1⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6916 -ip 6916
1⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2076 -ip 2076
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2536 -ip 2536
1⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 9976 -ip 9976
1⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3192 -ip 3192
1⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 3096 -ip 3096
1⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3396 -ip 3396
1⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 2288 -ip 2288
1⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2836 -ip 2836
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 1392 -ip 1392
1⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3864 -ip 3864
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 1304 -ip 1304
1⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 10584 -ip 10584
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6860 -ip 6860
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 1508 -ip 1508
1⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 404 -ip 404
1⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6388 -ip 6388
1⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 10076 -ip 10076
1⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1860 -ip 1860
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 1336 -ip 1336
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6704 -ip 6704
1⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 10264 -ip 10264
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 10300 -ip 10300
1⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5352 -ip 5352
1⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 9820 -ip 9820
1⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 3904 -ip 3904
1⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 10464 -ip 10464
1⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2436 -ip 2436
1⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 10560 -ip 10560
1⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 10548 -ip 10548
1⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 10804 -ip 10804
1⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 116 -ip 116
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 10368 -ip 10368
1⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1236 -ip 1236
1⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 2632 -ip 2632
1⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3576 -ip 3576
1⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 10528 -ip 10528
1⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10396 -ip 10396
1⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 10336 -ip 10336
1⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 10728 -ip 10728
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 10428 -ip 10428
1⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 10352 -ip 10352
1⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 10748 -ip 10748
1⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 10324 -ip 10324
1⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 2480 -ip 2480
1⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 1760 -ip 1760
1⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 10768 -ip 10768
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 10832 -ip 10832
1⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 10684 -ip 10684
1⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 872 -ip 872
1⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 2276 -ip 2276
1⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 10600 -ip 10600
1⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 2156 -ip 2156
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2256 -ip 2256
1⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3532 -ip 3532
1⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 968 -ip 968
1⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1876 -ip 1876
1⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 4884 -ip 4884
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5064 -ip 5064
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2988 -ip 2988
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2868 -ip 2868
1⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4076 -ip 4076
1⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 932 -ip 932
1⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 4052 -ip 4052
1⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 428 -ip 428
1⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3508 -ip 3508
1⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2472 -ip 2472
1⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 9988 -ip 9988
1⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 8156 -ip 8156
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 9976 -ip 9976
1⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2536 -ip 2536
1⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 10072 -ip 10072
1⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2076 -ip 2076
1⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6172 -ip 6172
1⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6916 -ip 6916
1⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3192 -ip 3192
1⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 3096 -ip 3096
1⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 2288 -ip 2288
1⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2836 -ip 2836
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6860 -ip 6860
1⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 10584 -ip 10584
1⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 1304 -ip 1304
1⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1508 -ip 1508
1⤵
PID:13916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 404 -ip 404
1⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1860 -ip 1860
1⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10076 -ip 10076
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 10264 -ip 10264
1⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1336 -ip 1336
1⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6388 -ip 6388
1⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6704 -ip 6704
1⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 10300 -ip 10300
1⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5352 -ip 5352
1⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 9820 -ip 9820
1⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3904 -ip 3904
1⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 10464 -ip 10464
1⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 10560 -ip 10560
1⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2436 -ip 2436
1⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 10548 -ip 10548
1⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 116 -ip 116
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 10368 -ip 10368
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 10804 -ip 10804
1⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 10528 -ip 10528
1⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 10336 -ip 10336
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 3576 -ip 3576
1⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 10396 -ip 10396
1⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 10728 -ip 10728
1⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 10428 -ip 10428
1⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 10352 -ip 10352
1⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 10748 -ip 10748
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 10832 -ip 10832
1⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 10600 -ip 10600
1⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 2596 -ip 2596
1⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 560 -ip 560
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 2640 -ip 2640
1⤵
PID:7280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zG.exe

Filesize
998KB

MD5
bdbfa48b9d0f180c75f9e53910922e60

SHA1
fb35765cd4cc4caed0fadc600ace4258070f37e7

SHA256
7805ada9c33dd5cc180ccc9fa969c2c1d1f402a9c586aadbb5a63d8ff57ed2b0

SHA512
25f27ac0f4f1535ffabb83fabcf3541a701306577dd422d8723b94322fd3c05d8ffa651c1296df9ada3cbcb7e5eba3f6fb9b58ed4955ace1282f4934bfc4b0e0

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
335KB

MD5
946934600967153ff26ccf9c8ec6f792

SHA1
b6dc656804afadb466a35f373fbaebae45d73228

SHA256
22661a1b67558e2a3d9901d48625969cbacdce9f9ae5fb1623ef66e006c51d27

SHA512
dfa35334610fb769ee393a7329de14e85840f171d1b35f7775871228a1c63e54a5b3d1c475fbb2496aaf97dc4e48f815b984eb784934bb28e0d838a9f33b57ee

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.5MB

MD5
427c5584e62e6e8c9b449a4f2cf7a301

SHA1
21fbabcb8d248b8400cc5eaf7c881a71195fcb1e

SHA256
c3a8aa21020c43654e3c7b320e90f66986e3310a0b7b9beea552a621bd0c2edc

SHA512
2b3643ead8a5f7c806e1c2192521f2707a6a15b369e7858ce96642a6262bec20c2748a00658d3a62c62accd9ff2a628c9f54b9b140631b1ddc138c045772bc20

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXAC95.tmp

Filesize
1.2MB

MD5
47bb27953a4a8757b321f20f6f27cda6

SHA1
a9bbcabe0ad81facf4d7e6b99e84d1e72c81640e

SHA256
8fd157718595dca8c0a037e057a49c8077ed8af4ead5feb3fa9de954cbc58a24

SHA512
650802da74700af72f89c5f90d90cf798a21b303effe03bb39d4451544db9aa6329f74be15f03d2e2568a74ff97b7f3f79a5b77066b17b1cbeaf9bf5b30f5903

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB5AB.tmp

Filesize
2.7MB

MD5
160fe7974816a07e6a42b58ef45b1eb6

SHA1
48ca58967b41588fbe2f459c0e8a1dd6718b2e43

SHA256
d50abc4fbfabae570c582949ec98829822310737b732d5bc212054558109f243

SHA512
9f40cd7b2188752f9cee30b52527df7f1ac02b45416087d766bed941205ca244c97324a4c42263a012bcd9f6d6d32519f39e31b6e50cd9af55e86b4b426ebe74

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA02E.tmp

Filesize
2.7MB

MD5
b0cd5289e6da9f91801489efacb1dbc0

SHA1
070b7df7cdfff462949b40b9fb82eb1ecd10311f

SHA256
26d98e0de670589c407e9c299cf29def69fe0775e6da6b242e6b8a5db5904f08

SHA512
9a64807dac79607193cdaecaafc4ea39fbbf35903825162287458da92917dcab8483b57b449ec4e1de0c662779734a97ce0870874b47f4b855782fd0b950f7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA658.tmp

Filesize
2.7MB

MD5
d792b50f9c8c826675954137ddecc395

SHA1
ac0b980741c6b76f1b45e6045f80d7080183c8c8

SHA256
5d2867c71427f229f2642eeb1f60235d7b3e7978e87927cb6c41141dd55e9442

SHA512
93c05dad0340419c6d7a7e41143322b2c673bde167ac4851bd61bf5fa48d7e0c81fc4c4db34d2e63c2e45d4e4a5a90ea05245288db36b2fd604b2cfdaa452ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA9C3.tmp

Filesize
318KB

MD5
01f55f7620ccb45236fd9751ef30d926

SHA1
e5b1fab27abc4f844b88668d99811e35c6fd5f80

SHA256
be57d935213b494db251acf57f75a9fc736e4157a4bcae2280fbcc6246f0733c

SHA512
2073e776694a6586c2d760716de21acee87ed278edc9403230c1a7e4d9e0779bc992e9aaf43ad57467a0ad32be4d5d86aad8bd048a526ad9e9e47720f35c3025

Download Submit
memory/456-173-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/560-796-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/572-206-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/644-228-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/836-229-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/916-800-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1384-234-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1392-831-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1540-94-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1788-226-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1868-204-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1920-799-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1992-232-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2152-207-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2412-230-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2524-208-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2596-795-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2640-798-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2764-224-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2996-231-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3396-835-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3432-209-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3992-233-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4068-223-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4176-797-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4436-135-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4544-225-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4580-830-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4600-227-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4632-222-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4692-205-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4984-801-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5104-172-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5224-669-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5232-640-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5284-754-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5300-662-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5344-642-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5396-648-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5444-665-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5468-647-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5656-668-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5676-656-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5724-667-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5780-659-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5796-655-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5816-652-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5840-664-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5856-666-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5876-658-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5908-646-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5924-641-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5940-650-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5968-654-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5988-657-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6004-651-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6028-649-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6044-661-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6060-644-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6076-663-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6092-653-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6108-660-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6124-643-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/6140-645-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download