40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Size

3.2MB
MD5

caa260aea481ab01c250da052ec5ea00
SHA1

7118228a5cf719e93b6fe96063e3f6808e522e88
SHA256

40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885
SHA512

7831fd962c9833896341b16af980dc6d898617c76f751fe69c21a66b5770bd353239c467865c9e6a3f3496be3b6706842359bc4bc3eefc2d5ffafb0f3139a861
SSDEEP

49152:x2z8ewBYFWHVFExklYSZO3qkM9bHO7+3rt5O26DWsSVsW0bqKKCAcY:8FwWklYuO3S9C7s5O3ZSB0bqKTA

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
5704	1096	WerFault.exe	138
6492	1096	WerFault.exe	138
6924	2900	WerFault.exe	148
7164	2900	WerFault.exe	148
7056	1100	WerFault.exe	146
7276	1100	WerFault.exe	146
7704	4628	WerFault.exe	142
7948	4628	WerFault.exe	142
3188	7404	WerFault.exe	340
7564	7404	WerFault.exe	340
7704	7416	WerFault.exe	341
396	7416	WerFault.exe	341
1876	7436	WerFault.exe	342
7252	7436	WerFault.exe	342
4228	7452	WerFault.exe	343
7564	7452	WerFault.exe	343
1736	7772	WerFault.exe	352
1972	7772	WerFault.exe	352
7808	7796	WerFault.exe	353
7648	7796	WerFault.exe	353
4876	7500	WerFault.exe	344
7952	7500	WerFault.exe	344
7252	7736	WerFault.exe	350
7484	7736	WerFault.exe	350
844	7720	WerFault.exe	349
4092	2236	WerFault.exe	116
7280	532	WerFault.exe	113
8884	6072	WerFault.exe	236
8876	5920	WerFault.exe	253
8860	5640	WerFault.exe	256
8804	5664	WerFault.exe	245
8404	2760	WerFault.exe	107
8676	5664	WerFault.exe	245
9204	5900	WerFault.exe	252
3864	6160	WerFault.exe	258
8544	2236	WerFault.exe	116
8332	5860	WerFault.exe	250
8336	5900	WerFault.exe	252
8380	6160	WerFault.exe	258
7312	5860	WerFault.exe	250
5024	6992	WerFault.exe	295
3212	9172	WerFault.exe	438
7916	9172	WerFault.exe	438
8968	6992	WerFault.exe	295
8316	6976	WerFault.exe	294
4724	6976	WerFault.exe	294
7592	3392	WerFault.exe	130
7576	3392	WerFault.exe	130
8876	6956	WerFault.exe	293
8936	6956	WerFault.exe	293
9752	2200	WerFault.exe	170
9780	4052	WerFault.exe	169
9508	4776	WerFault.exe	172
1532	4284	WerFault.exe	191
9844	2984	WerFault.exe	586
11092	6248	WerFault.exe	611
9448	10436	WerFault.exe	795
2424	10820	WerFault.exe	825
9780	9292	WerFault.exe	812
9552	10864	WerFault.exe	838
11016	10820	WerFault.exe	825
10724	7528	WerFault.exe	607
10216	8096	WerFault.exe	614
10224	9020	WerFault.exe	594

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2564	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2564	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4116	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4116	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3160	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3160	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4340	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4340	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1468	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1468	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4520	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4520	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2608	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2608	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4796	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4796	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3920	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3920	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1432	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1432	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4824	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4824	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3500	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3500	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
544	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
544	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2884	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2884	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3576	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3576	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1252	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1252	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1172	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
1172	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
404	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
404	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2648	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2648	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4364	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4364	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3376	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3376	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2240	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2240	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3864	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3864	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2280	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2280	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3020	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
3020	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2660	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2660	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2760	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2760	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
840	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
840	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4528	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4528	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2672	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2672	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2256	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
2256	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4400	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
4400	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 4116	2564	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	82
PID 2564 wrote to memory of 4116	2564	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	82
PID 2564 wrote to memory of 4116	2564	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	82
PID 4116 wrote to memory of 3160	4116	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	83
PID 4116 wrote to memory of 3160	4116	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	83
PID 4116 wrote to memory of 3160	4116	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	83
PID 3160 wrote to memory of 4340	3160	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	84
PID 3160 wrote to memory of 4340	3160	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	84
PID 3160 wrote to memory of 4340	3160	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	84
PID 4340 wrote to memory of 1468	4340	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	85
PID 4340 wrote to memory of 1468	4340	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	85
PID 4340 wrote to memory of 1468	4340	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	85
PID 1468 wrote to memory of 4520	1468	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	86
PID 1468 wrote to memory of 4520	1468	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	86
PID 1468 wrote to memory of 4520	1468	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	86
PID 4520 wrote to memory of 2608	4520	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	87
PID 4520 wrote to memory of 2608	4520	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	87
PID 4520 wrote to memory of 2608	4520	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	87
PID 2608 wrote to memory of 4796	2608	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	88
PID 2608 wrote to memory of 4796	2608	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	88
PID 2608 wrote to memory of 4796	2608	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	88
PID 4796 wrote to memory of 3920	4796	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	89
PID 4796 wrote to memory of 3920	4796	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	89
PID 4796 wrote to memory of 3920	4796	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	89
PID 3920 wrote to memory of 1432	3920	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	90
PID 3920 wrote to memory of 1432	3920	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	90
PID 3920 wrote to memory of 1432	3920	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	90
PID 1432 wrote to memory of 4824	1432	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	91
PID 1432 wrote to memory of 4824	1432	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	91
PID 1432 wrote to memory of 4824	1432	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	91
PID 4824 wrote to memory of 3500	4824	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	92
PID 4824 wrote to memory of 3500	4824	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	92
PID 4824 wrote to memory of 3500	4824	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	92
PID 3500 wrote to memory of 544	3500	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	93
PID 3500 wrote to memory of 544	3500	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	93
PID 3500 wrote to memory of 544	3500	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	93
PID 544 wrote to memory of 2884	544	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	94
PID 544 wrote to memory of 2884	544	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	94
PID 544 wrote to memory of 2884	544	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	94
PID 2884 wrote to memory of 3576	2884	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	95
PID 2884 wrote to memory of 3576	2884	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	95
PID 2884 wrote to memory of 3576	2884	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	95
PID 3576 wrote to memory of 1252	3576	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	96
PID 3576 wrote to memory of 1252	3576	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	96
PID 3576 wrote to memory of 1252	3576	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	96
PID 1252 wrote to memory of 1172	1252	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	97
PID 1252 wrote to memory of 1172	1252	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	97
PID 1252 wrote to memory of 1172	1252	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	97
PID 1172 wrote to memory of 404	1172	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	98
PID 1172 wrote to memory of 404	1172	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	98
PID 1172 wrote to memory of 404	1172	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	98
PID 404 wrote to memory of 2648	404	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	99
PID 404 wrote to memory of 2648	404	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	99
PID 404 wrote to memory of 2648	404	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	99
PID 2648 wrote to memory of 4364	2648	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	100
PID 2648 wrote to memory of 4364	2648	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	100
PID 2648 wrote to memory of 4364	2648	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	100
PID 4364 wrote to memory of 3376	4364	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	101
PID 4364 wrote to memory of 3376	4364	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	101
PID 4364 wrote to memory of 3376	4364	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	101
PID 3376 wrote to memory of 2240	3376	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	102
PID 3376 wrote to memory of 2240	3376	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	102
PID 3376 wrote to memory of 2240	3376	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	102
PID 2240 wrote to memory of 3864	2240	40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe	103

C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
"C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
  "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
    "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
      "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        15⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        20⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        21⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        25⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        26⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        27⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        29⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        30⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        31⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        32⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        33⤵
        Drops file in Program Files directory
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        34⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        35⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        36⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        37⤵
        Drops file in Program Files directory
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        38⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        39⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        40⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        41⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        42⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        43⤵
        Drops file in Program Files directory
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        44⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        45⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        46⤵
        Drops file in Program Files directory
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        47⤵
        Drops file in Program Files directory
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        48⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        49⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        50⤵
        Drops file in Program Files directory
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        51⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        52⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        53⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        54⤵
        Drops file in Program Files directory
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        55⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        56⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        57⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        58⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        60⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        61⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        62⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        63⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        65⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        66⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        67⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        68⤵
        Drops file in Program Files directory
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        70⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        71⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        73⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        74⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        75⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        76⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        77⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        78⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        79⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        80⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        81⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        82⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        83⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        84⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        85⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        86⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        87⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        88⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        92⤵
        Drops file in Program Files directory
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        93⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        94⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        95⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        98⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        99⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        100⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        101⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        102⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        103⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        104⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        105⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        106⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        107⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        108⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        109⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        110⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        111⤵
        Drops file in Program Files directory
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        112⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        113⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        114⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        115⤵
        Drops file in Program Files directory
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        116⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        117⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        118⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        119⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        120⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        122⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        123⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        124⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        125⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        126⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        128⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        129⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        130⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        131⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        132⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        133⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        134⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        135⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        136⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        137⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        138⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        139⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        140⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        141⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        142⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        143⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        144⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        145⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        146⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        147⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        148⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        149⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        152⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        153⤵
        Drops file in Program Files directory
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        154⤵
        Drops file in Program Files directory
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        155⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        156⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        157⤵
        Drops file in Program Files directory
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        158⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        159⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        160⤵
        Drops file in Program Files directory
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        161⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        162⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        163⤵
        Drops file in Program Files directory
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        164⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        165⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        166⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        167⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        168⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        169⤵
        Drops file in Program Files directory
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        170⤵
        Drops file in Program Files directory
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        171⤵
        Drops file in Program Files directory
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        172⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        173⤵
        Drops file in Program Files directory
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        174⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        175⤵
        Drops file in Program Files directory
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        176⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        177⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        178⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        179⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        180⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        181⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        182⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        183⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        184⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        185⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        187⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        189⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        191⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        192⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        193⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        194⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        195⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        197⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        198⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        199⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        200⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        201⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        202⤵
        Drops file in Program Files directory
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        203⤵
        Drops file in Program Files directory
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        205⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        206⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        207⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        208⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        209⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        210⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        212⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        213⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        215⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        216⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        217⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        218⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        219⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        220⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        221⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        222⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        223⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        224⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        225⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        226⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        227⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        228⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        229⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        230⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        231⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        232⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        233⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        234⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        235⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        236⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        237⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        238⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        239⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        240⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        241⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        242⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        243⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        244⤵
        Drops file in Program Files directory
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        245⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        246⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        247⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        248⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        249⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        250⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        251⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        252⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        253⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        254⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        255⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        256⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        257⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        258⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        259⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        260⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        261⤵
        Drops file in Program Files directory
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        262⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        263⤵
        Drops file in Program Files directory
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        264⤵
        Drops file in Program Files directory
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        265⤵
        Drops file in Program Files directory
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        266⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        267⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        268⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        269⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        270⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        271⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        272⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        273⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        274⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        275⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        276⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        277⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        278⤵
        System Location Discovery: System Language Discovery
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        279⤵
        System Location Discovery: System Language Discovery
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        280⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        281⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        282⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        283⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        284⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        285⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        286⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        287⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        288⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        289⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        290⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        291⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        292⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        293⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        294⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        295⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        296⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        297⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        298⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        299⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        300⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        301⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        302⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        303⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        304⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        305⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        306⤵
        System Location Discovery: System Language Discovery
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        307⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        308⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        309⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        310⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        311⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        312⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        313⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        314⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        315⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        316⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        317⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        318⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        319⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        320⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        321⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        322⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        323⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        324⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        325⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        326⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        327⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        328⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        329⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        330⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        331⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        332⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        333⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        334⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        335⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        336⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        337⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        338⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        339⤵
        Drops file in Program Files directory
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        340⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        341⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        342⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        343⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        344⤵
        Drops file in Program Files directory
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        345⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        346⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        347⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        348⤵
        Drops file in Program Files directory
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        349⤵
        Drops file in Program Files directory
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        350⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        351⤵
        Drops file in Program Files directory
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        352⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        353⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        354⤵
        System Location Discovery: System Language Discovery
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        355⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        356⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        357⤵
        Drops file in Program Files directory
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        358⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        359⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        360⤵
        Drops file in Program Files directory
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        361⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        362⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        363⤵
        Drops file in Program Files directory
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        364⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        365⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        366⤵
        Drops file in Program Files directory
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        367⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        368⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        369⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        370⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        371⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        372⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        373⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        374⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        375⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        376⤵
        Drops file in Program Files directory
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        377⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        378⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        379⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        380⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        381⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        382⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        383⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        384⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        385⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        386⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        387⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        388⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        389⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        390⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        391⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        392⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        393⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        394⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        395⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        396⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        397⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        398⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        399⤵
        System Location Discovery: System Language Discovery
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        400⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        401⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        402⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        403⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        404⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        405⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        406⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        407⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        408⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        409⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        410⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        411⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        412⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        413⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        414⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        415⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        416⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        417⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        418⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        419⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        420⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        421⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        422⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        423⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        424⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        425⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        426⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        427⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        428⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        429⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        430⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        431⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        432⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        433⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        434⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        435⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        436⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        437⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        438⤵
        System Location Discovery: System Language Discovery
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        439⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        440⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        441⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        442⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        443⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        444⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        445⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        446⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        447⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        448⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        449⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        450⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        451⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        452⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        453⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        454⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        455⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        456⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        457⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        458⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        459⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        460⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        461⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        462⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        463⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        464⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        465⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        466⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        467⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        468⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        469⤵
        Drops file in Program Files directory
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        470⤵
        Drops file in Program Files directory
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        471⤵
        Drops file in Program Files directory
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        472⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        473⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        474⤵
        System Location Discovery: System Language Discovery
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        475⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        476⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        477⤵
        System Location Discovery: System Language Discovery
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        478⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        479⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        480⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        481⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        482⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        483⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        484⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        485⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        486⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        487⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        488⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        489⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        490⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        491⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        492⤵
        System Location Discovery: System Language Discovery
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        493⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        494⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        495⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        496⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        497⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        498⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        499⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        500⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        501⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        502⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        503⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        504⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        505⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        506⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        507⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        508⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        509⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        510⤵
        System Location Discovery: System Language Discovery
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        511⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        512⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        513⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        514⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        515⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        516⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        517⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        518⤵
        System Location Discovery: System Language Discovery
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        519⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        520⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        521⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        522⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        523⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        524⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        525⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        526⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        527⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        528⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        529⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        530⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        531⤵
        System Location Discovery: System Language Discovery
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        532⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        533⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        534⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        535⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        536⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        537⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        538⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        539⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        540⤵
        System Location Discovery: System Language Discovery
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        541⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        542⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        543⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        544⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        545⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        546⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        547⤵
        System Location Discovery: System Language Discovery
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        548⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        549⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        550⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        551⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        552⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        553⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        554⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        555⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        556⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        557⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        558⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        559⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        560⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        561⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        562⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        563⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        564⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        565⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        566⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        567⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        568⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        569⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        570⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        571⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        572⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        573⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        574⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        575⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        576⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        577⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        578⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        579⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        580⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        581⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        582⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        583⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        584⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        585⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        586⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        587⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        588⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        589⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        590⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        591⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        592⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        593⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        594⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        595⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        596⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        597⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        598⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        599⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        600⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        601⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        602⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        603⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        604⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        605⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        606⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        607⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        608⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        609⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        610⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        611⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        612⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        613⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        614⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        615⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        616⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        617⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        618⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        619⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        620⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        621⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        622⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        623⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        624⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885N.exe"
        625⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 444
        479⤵
        Program crash
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 432
        474⤵
        Program crash
        
        PID:2424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 456
        474⤵
        Program crash
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 384
        469⤵
        Program crash
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 432
        464⤵
        Program crash
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 436
        441⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 444
        431⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 452
        423⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 448
        367⤵
        Program crash
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 448
        367⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 428
        364⤵
        Program crash
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 456
        360⤵
        Program crash
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 456
        360⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 436
        351⤵
        Program crash
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 436
        351⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 460
        345⤵
        
        PID:768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 460
        345⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 368
        344⤵
        Program crash
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 440
        283⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 440
        283⤵
        Program crash
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 440
        255⤵
        Program crash
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 440
        255⤵
        Program crash
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 440
        254⤵
        Program crash
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 440
        254⤵
        Program crash
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 440
        252⤵
        Program crash
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 440
        252⤵
        Program crash
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 440
        251⤵
        Program crash
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 440
        248⤵
        Program crash
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 440
        248⤵
        Program crash
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 440
        247⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 440
        247⤵
        Program crash
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 440
        246⤵
        Program crash
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 440
        246⤵
        Program crash
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 440
        245⤵
        Program crash
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 440
        245⤵
        Program crash
        
        PID:396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 440
        244⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 440
        244⤵
        Program crash
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 440
        205⤵
        Program crash
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 440
        205⤵
        Program crash
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 440
        204⤵
        Program crash
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 440
        204⤵
        Program crash
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 440
        203⤵
        Program crash
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 460
        203⤵
        Program crash
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 452
        172⤵
        Program crash
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 472
        172⤵
        Program crash
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 452
        170⤵
        Program crash
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 132
        167⤵
        Program crash
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 456
        166⤵
        Program crash
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 456
        166⤵
        Program crash
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 448
        165⤵
        Program crash
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 448
        165⤵
        Program crash
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 404
        160⤵
        Program crash
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 384
        160⤵
        Program crash
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 440
        153⤵
        Program crash
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 432
        112⤵
        Program crash
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 452
        93⤵
        Program crash
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 428
        91⤵
        Program crash
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 436
        90⤵
        Program crash
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 444
        69⤵
        Program crash
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 444
        69⤵
        Program crash
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 440
        67⤵
        Program crash
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 440
        67⤵
        Program crash
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 440
        63⤵
        Program crash
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 440
        63⤵
        Program crash
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 432
        59⤵
        Program crash
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 432
        59⤵
        Program crash
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 436
        51⤵
        Program crash
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 436
        51⤵
        Program crash
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 444
        50⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 448
        39⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 436
        37⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 436
        37⤵
        Program crash
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 436
        34⤵
        Program crash
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 476
        28⤵
        Program crash
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 436
        20⤵
        
        PID:9832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 468
  2⤵
  PID:9584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 468
  2⤵
  PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1096 -ip 1096
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1096 -ip 1096
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2900 -ip 2900
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2900 -ip 2900
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1100 -ip 1100
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1100 -ip 1100
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4628 -ip 4628
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4628 -ip 4628
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7404 -ip 7404
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7404 -ip 7404
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7416 -ip 7416
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7416 -ip 7416
1⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7436 -ip 7436
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7436 -ip 7436
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7452 -ip 7452
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7452 -ip 7452
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7772 -ip 7772
1⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7772 -ip 7772
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7796 -ip 7796
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7796 -ip 7796
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7500 -ip 7500
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7500 -ip 7500
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7736 -ip 7736
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7736 -ip 7736
1⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7720 -ip 7720
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5664 -ip 5664
1⤵
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6072 -ip 6072
1⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5640 -ip 5640
1⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5920 -ip 5920
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5980 -ip 5980
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5720 -ip 5720
1⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6192 -ip 6192
1⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5808 -ip 5808
1⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6176 -ip 6176
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6112 -ip 6112
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5720 -ip 5720
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6192 -ip 6192
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5808 -ip 5808
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6176 -ip 6176
1⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6112 -ip 6112
1⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4364 -ip 4364
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3864 -ip 3864
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2256 -ip 2256
1⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5980 -ip 5980
1⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2240 -ip 2240
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3376 -ip 3376
1⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3020 -ip 3020
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2760 -ip 2760
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 532 -ip 532
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3212 -ip 3212
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2672 -ip 2672
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4528 -ip 4528
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2688 -ip 2688
1⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4400 -ip 4400
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2160 -ip 2160
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3012 -ip 3012
1⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3864 -ip 3864
1⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2280 -ip 2280
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2660 -ip 2660
1⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 840 -ip 840
1⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2236 -ip 2236
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3184 -ip 3184
1⤵
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4408 -ip 4408
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2256 -ip 2256
1⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3740 -ip 3740
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4364 -ip 4364
1⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3020 -ip 3020
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4964 -ip 4964
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4848 -ip 4848
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2240 -ip 2240
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3376 -ip 3376
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1444 -ip 1444
1⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 532 -ip 532
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3212 -ip 3212
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2760 -ip 2760
1⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2160 -ip 2160
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4528 -ip 4528
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2672 -ip 2672
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4400 -ip 4400
1⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2280 -ip 2280
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2688 -ip 2688
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3012 -ip 3012
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2660 -ip 2660
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 840 -ip 840
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3184 -ip 3184
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4408 -ip 4408
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3740 -ip 3740
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4964 -ip 4964
1⤵
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4848 -ip 4848
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1444 -ip 1444
1⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5920 -ip 5920
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5640 -ip 5640
1⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6072 -ip 6072
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7720 -ip 7720
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5664 -ip 5664
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5900 -ip 5900
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2236 -ip 2236
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5860 -ip 5860
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6160 -ip 6160
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5768 -ip 5768
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5744 -ip 5744
1⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6236 -ip 6236
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6032 -ip 6032
1⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6100 -ip 6100
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6236 -ip 6236
1⤵
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5768 -ip 5768
1⤵
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6032 -ip 6032
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5744 -ip 5744
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6100 -ip 6100
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5900 -ip 5900
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5860 -ip 5860
1⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6160 -ip 6160
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6992 -ip 6992
1⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 9172 -ip 9172
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6992 -ip 6992
1⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9172 -ip 9172
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6976 -ip 6976
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6976 -ip 6976
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3392 -ip 3392
1⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6956 -ip 6956
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3392 -ip 3392
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6956 -ip 6956
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4052 -ip 4052
1⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2200 -ip 2200
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4776 -ip 4776
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2016 -ip 2016
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4036 -ip 4036
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 752 -ip 752
1⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1864 -ip 1864
1⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1840 -ip 1840
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4816 -ip 4816
1⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2488 -ip 2488
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4288 -ip 4288
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1616 -ip 1616
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3192 -ip 3192
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3964 -ip 3964
1⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2016 -ip 2016
1⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 8916 -ip 8916
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 752 -ip 752
1⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 768 -ip 768
1⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1864 -ip 1864
1⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4036 -ip 4036
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 740 -ip 740
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3984 -ip 3984
1⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1840 -ip 1840
1⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2332 -ip 2332
1⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 8692 -ip 8692
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8792 -ip 8792
1⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4024 -ip 4024
1⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5008 -ip 5008
1⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4080 -ip 4080
1⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 8592 -ip 8592
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4864 -ip 4864
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5756 -ip 5756
1⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4816 -ip 4816
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2488 -ip 2488
1⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4344 -ip 4344
1⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2984 -ip 2984
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4284 -ip 4284
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4288 -ip 4288
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3756 -ip 3756
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 8520 -ip 8520
1⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6248 -ip 6248
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 8700 -ip 8700
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3720 -ip 3720
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3348 -ip 3348
1⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2228 -ip 2228
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2760 -ip 2760
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3192 -ip 3192
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7676 -ip 7676
1⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 8468 -ip 8468
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 768 -ip 768
1⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1616 -ip 1616
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 8916 -ip 8916
1⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3964 -ip 3964
1⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6044 -ip 6044
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4616 -ip 4616
1⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 740 -ip 740
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3984 -ip 3984
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8792 -ip 8792
1⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5008 -ip 5008
1⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2332 -ip 2332
1⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 8692 -ip 8692
1⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4024 -ip 4024
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4080 -ip 4080
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4864 -ip 4864
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 8592 -ip 8592
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5756 -ip 5756
1⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4344 -ip 4344
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 2984 -ip 2984
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4284 -ip 4284
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 3756 -ip 3756
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6248 -ip 6248
1⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 8520 -ip 8520
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3720 -ip 3720
1⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 8700 -ip 8700
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3348 -ip 3348
1⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2760 -ip 2760
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2228 -ip 2228
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 8468 -ip 8468
1⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7676 -ip 7676
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6044 -ip 6044
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4616 -ip 4616
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4052 -ip 4052
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2200 -ip 2200
1⤵
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4776 -ip 4776
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7956 -ip 7956
1⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7988 -ip 7988
1⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 8004 -ip 8004
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 8036 -ip 8036
1⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8024 -ip 8024
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 8076 -ip 8076
1⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 8052 -ip 8052
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 10888 -ip 10888
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 10436 -ip 10436
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7956 -ip 7956
1⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 8004 -ip 8004
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7988 -ip 7988
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 9676 -ip 9676
1⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 11088 -ip 11088
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 11000 -ip 11000
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2524 -ip 2524
1⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 9292 -ip 9292
1⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 8024 -ip 8024
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 9824 -ip 9824
1⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9720 -ip 9720
1⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 8052 -ip 8052
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8036 -ip 8036
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 8076 -ip 8076
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 10888 -ip 10888
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 10436 -ip 10436
1⤵
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 10408 -ip 10408
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 10664 -ip 10664
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 10820 -ip 10820
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 9676 -ip 9676
1⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 11088 -ip 11088
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 11000 -ip 11000
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2524 -ip 2524
1⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 9292 -ip 9292
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 9532 -ip 9532
1⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2532 -ip 2532
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 9824 -ip 9824
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 9472 -ip 9472
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 9720 -ip 9720
1⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10500 -ip 10500
1⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 10408 -ip 10408
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 10864 -ip 10864
1⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 10664 -ip 10664
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 9532 -ip 9532
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 9472 -ip 9472
1⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2532 -ip 2532
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 10500 -ip 10500
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 10864 -ip 10864
1⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 10820 -ip 10820
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7528 -ip 7528
1⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9020 -ip 9020
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 8096 -ip 8096
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8136 -ip 8136
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7528 -ip 7528
1⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 9020 -ip 9020
1⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 8096 -ip 8096
1⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 8136 -ip 8136
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2564 -ip 2564
1⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2564 -ip 2564
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2648 -ip 2648
1⤵
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2704 -ip 2704
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2032 -ip 2032
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3196 -ip 3196
1⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 512 -ip 512
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2704 -ip 2704
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2032 -ip 2032
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4056 -ip 4056
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 400 -ip 400
1⤵
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1968 -ip 1968
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7484 -ip 7484
1⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7544 -ip 7544
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 8092 -ip 8092
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 8444 -ip 8444
1⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 8600 -ip 8600
1⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1772 -ip 1772
1⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2256 -ip 2256
1⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1936 -ip 1936
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 8172 -ip 8172
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4580 -ip 4580
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 8296 -ip 8296
1⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6992 -ip 6992
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4056 -ip 4056
1⤵
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7576 -ip 7576
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 9220 -ip 9220
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 9416 -ip 9416
1⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 9316 -ip 9316
1⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 9256 -ip 9256
1⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 400 -ip 400
1⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1968 -ip 1968
1⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 9240 -ip 9240
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7484 -ip 7484
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 9836 -ip 9836
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 9760 -ip 9760
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 9492 -ip 9492
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7544 -ip 7544
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 8092 -ip 8092
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 10112 -ip 10112
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2648 -ip 2648
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8600 -ip 8600
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1772 -ip 1772
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 8172 -ip 8172
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2256 -ip 2256
1⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4580 -ip 4580
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 9220 -ip 9220
1⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 9416 -ip 9416
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1936 -ip 1936
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8296 -ip 8296
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7576 -ip 7576
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 9316 -ip 9316
1⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9256 -ip 9256
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6992 -ip 6992
1⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 512 -ip 512
1⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 9240 -ip 9240
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 9836 -ip 9836
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3196 -ip 3196
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 9492 -ip 9492
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 10112 -ip 10112
1⤵
PID:10904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zG.exe

Filesize
1.3MB

MD5
7a0904bc25f277a7cc46337444031865

SHA1
9d99587a72bae1615d54054ae978d64807158e28

SHA256
6d8fe7103797e58d325b11f7d9652cd4137d82281d5de6b11b223f225e55c2ee

SHA512
5946935813ea7cff7a65a93664fd52bed51a6830f594c1722cbbf0185748d1ea6a5f6c9f78098f5b2e5702f5eed08f14d9e875c830b5227308fe7fcecbbe7c47

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
684KB

MD5
bb0d6493eba5078705ef1ba98b4bbc7e

SHA1
80d004a3560482ee7ada8cdf824519fe6da3316e

SHA256
db230293dabd631c4ebd4786ea5e0b78b2600301959ecb4ad1f09a200879e447

SHA512
c5b911bc385c72587cf1decd3871600c46bf779ae3c3923e78794037d3442289a11301509e4614c66021ca15bfdd009f74e497fd0fa4d3eeb4c382c0ae423e36

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.8MB

MD5
cc41b3bb341edfb147fa9d7d8d79a82f

SHA1
406b8698cc6f2fa63ace9a8db32f7f30b16d833b

SHA256
165666aba84b4e8b366d38c72d3a242ad07c35e212bfa1e00edcf6a5655c8c22

SHA512
7623ceb7315a1eca068b2125d7a868b914065a080729e131a81ae1145eb880183ccbf9e3226c309f46ffc7e5849a9f92cf374b60f58a908bf462d8f8cce936ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXADE7.tmp

Filesize
1.6MB

MD5
32292abde81c4bca06ad26728fa227db

SHA1
5c21d95c038f13888eeb47af28162afa601a9e4e

SHA256
f85cffc4f67b7d3d46980e549d818aebbf5d5430a5ad882dfcb902236d978e25

SHA512
4109543d563ed1f08c726d3d0c68cc42c998d6f1a213c6040da5dc0f8a163bd633578f1ae8ac96a118cfd2d2b9cb39a723da27e505001d792afcc28e45138942

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXFC82.tmp

Filesize
3.1MB

MD5
9dab0570c8974d79ab1e8037e14f17bc

SHA1
2e2d42504651fe0ef102567bcd0af88dd7ff2c5c

SHA256
a0b06c9ceae2f51f59188497e350e0a5f0f914a07acc02a5694d0cbc6dfc7299

SHA512
0b9e941e3769c96bd6b2693d051e2351ee2178844adc72e691099de2c8e3e1f7d8c119b4c9d6f2db085858ecffbc6e47b7431c36ae674668863e793e583c4d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA152.tmp

Filesize
3.2MB

MD5
caa260aea481ab01c250da052ec5ea00

SHA1
7118228a5cf719e93b6fe96063e3f6808e522e88

SHA256
40060444b1a413f50a3d08a37ee51c799af94f314a189a57d9c3fb4b579b9885

SHA512
7831fd962c9833896341b16af980dc6d898617c76f751fe69c21a66b5770bd353239c467865c9e6a3f3496be3b6706842359bc4bc3eefc2d5ffafb0f3139a861

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA75D.tmp

Filesize
3.1MB

MD5
d3987e79f550a07cba62d8f62cfb57f2

SHA1
6491fa486c0f8ab830de04700c49504d02c1bf19

SHA256
834b005c63633cb3350b77c3de3c42ffb4df38a6130513e45377f2c727b98989

SHA512
d718c50b394399864979c516b690a80aa5b443170735aee7479f6f4a3adbaa37c3a66178861456cba719888756b10bfb3dc8037e8bee2dc305eb3166cbcecfda

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcAB16.tmp

Filesize
676KB

MD5
2a413ab0421a06ddba281ef0538cf4f3

SHA1
cc261be3704fcf7dd903f0a0b8a58d5af516ab82

SHA256
767ca2fb1e07672d5de86358f6700a6230e48bf2045b898495cf2e869a41e989

SHA512
f8a794f9d1c5adfd6c4c8ff00e8bc6d68db1da3a466c4085dcad3aa4d4b9bd3e2bc08f1250e950fac81eae4c9e4ba3f0f071ad720c4efcb031f90f236e6ad7df

Download Submit
memory/404-451-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/440-244-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/544-443-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/888-233-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/940-241-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1060-237-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1096-94-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1100-171-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1172-450-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1184-231-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1252-449-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1432-440-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1468-435-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1584-240-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/1812-235-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2056-220-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2208-243-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2240-456-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2264-234-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2280-458-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2396-249-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2564-431-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2576-217-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2608-437-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2648-453-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2884-444-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2900-134-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2912-221-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/2924-245-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3016-219-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3020-459-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3044-215-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3116-232-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3160-433-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3228-218-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3376-455-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3428-239-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3500-442-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3576-445-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3864-457-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3920-439-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4020-216-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4116-432-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4216-247-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4220-248-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4340-434-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4364-454-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4380-238-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4520-436-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4580-242-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4616-236-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4628-222-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4772-214-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4796-438-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4824-441-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/4932-246-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7404-263-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7416-284-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7436-305-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7452-326-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7500-389-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7736-410-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7772-347-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/7796-368-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download