1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Size

2.7MB
MD5

d59e9bb6f95ae207a53f23ed26248580
SHA1

00fe8a9e553df61b5ed54eb2408bc846bd739513
SHA256

1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882
SHA512

db02a5393629dde88ff6848a848f0160b13b9dd7b2c5dc580a1d3474cffd0243d263b7a8558a42212791e2d4c3a2ca6a0da911d91742e6a82fb891d47f275296
SSDEEP

49152:p282dv9JzLmV91XzYRGfYJPtqpigqCxRJM:of+t0RGetqplVx

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
13252	9032	WerFault.exe	442
13548	5604	WerFault.exe	224
12936	5688	WerFault.exe	229
14144	5588	WerFault.exe	223
13088	5588	WerFault.exe	223
14064	5688	WerFault.exe	229
12048	5604	WerFault.exe	224
13280	9032	WerFault.exe	442
432	6536	WerFault.exe	288
1564	6504	WerFault.exe	286
13496	7004	WerFault.exe	317
4980	6668	WerFault.exe	296
14196	13084	WerFault.exe	637
13096	14136	WerFault.exe	633
12724	7004	WerFault.exe	317
4816	1820	WerFault.exe	89
15124	9864	WerFault.exe	487
4856	10136	WerFault.exe	504
13140	9752	WerFault.exe	480
15324	9720	WerFault.exe	478
13084	9752	WerFault.exe	480
12072	10136	WerFault.exe	504
14436	6844	WerFault.exe	307
12268	9864	WerFault.exe	487
12932	7728	WerFault.exe	362
12704	7584	WerFault.exe	353
15072	4276	WerFault.exe	766
10200	12168	WerFault.exe	776
7180	5064	WerFault.exe	85
10512	10276	WerFault.exe	513
14900	11536	Process not Found	592
5012	2700	Process not Found	103
8496	1548	Process not Found	179
10500	5704	Process not Found	230
7884	9112	Process not Found	447
14644	5896	Process not Found	242
4904	6796	Process not Found	304
2932	10324	Process not Found	516
9168	6812	Process not Found	305
9108	1548	Process not Found	179
14320	3496	Process not Found	809
8124	6796	Process not Found	304
14212	13676	Process not Found	815
11796	12748	Process not Found	724
13484	392	Process not Found	728
2648	4124	Process not Found	731
9492	12748	Process not Found	724
7164	4772	Process not Found	737
14900	14056	Process not Found	739
11616	4892	Process not Found	746
3692	8920	Process not Found	435
11524	5556	Process not Found	221
10464	4772	Process not Found	737
10148	5928	Process not Found	244
7260	13724	Process not Found	960
1052	5556	Process not Found	221
10224	12608	Process not Found	962
6804	14064	Process not Found	995
7684	1672	Process not Found	1007
14308	7264	Process not Found	1534
12848	2784	Process not Found	1528
392	14168	Process not Found	1543
11580	12084	Process not Found	722
9188	13884	Process not Found	720

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
736	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
736	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
5064	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
5064	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4472	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4472	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3616	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3616	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1820	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1820	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3060	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3060	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1516	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1516	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3084	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3084	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2908	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2908	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3608	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3608	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3748	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3748	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4932	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4932	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4856	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4856	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4376	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4376	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2312	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2312	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1056	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1056	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2700	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2700	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2916	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2916	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1012	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1012	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3432	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3432	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
708	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
708	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4860	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4860	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
232	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
232	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2936	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
2936	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3464	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3464	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3264	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
3264	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4104	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4104	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4996	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
4996	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
216	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
216	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1268	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
1268	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 5064	736	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	85
PID 736 wrote to memory of 5064	736	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	85
PID 736 wrote to memory of 5064	736	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	85
PID 5064 wrote to memory of 4472	5064	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	86
PID 5064 wrote to memory of 4472	5064	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	86
PID 5064 wrote to memory of 4472	5064	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	86
PID 4472 wrote to memory of 3616	4472	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	87
PID 4472 wrote to memory of 3616	4472	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	87
PID 4472 wrote to memory of 3616	4472	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	87
PID 3616 wrote to memory of 1300	3616	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	88
PID 3616 wrote to memory of 1300	3616	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	88
PID 3616 wrote to memory of 1300	3616	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	88
PID 1300 wrote to memory of 1820	1300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	89
PID 1300 wrote to memory of 1820	1300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	89
PID 1300 wrote to memory of 1820	1300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	89
PID 1820 wrote to memory of 3060	1820	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	90
PID 1820 wrote to memory of 3060	1820	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	90
PID 1820 wrote to memory of 3060	1820	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	90
PID 3060 wrote to memory of 1516	3060	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	91
PID 3060 wrote to memory of 1516	3060	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	91
PID 3060 wrote to memory of 1516	3060	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	91
PID 1516 wrote to memory of 3084	1516	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	92
PID 1516 wrote to memory of 3084	1516	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	92
PID 1516 wrote to memory of 3084	1516	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	92
PID 3084 wrote to memory of 2908	3084	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	93
PID 3084 wrote to memory of 2908	3084	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	93
PID 3084 wrote to memory of 2908	3084	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	93
PID 2908 wrote to memory of 3608	2908	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	94
PID 2908 wrote to memory of 3608	2908	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	94
PID 2908 wrote to memory of 3608	2908	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	94
PID 3608 wrote to memory of 3748	3608	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	95
PID 3608 wrote to memory of 3748	3608	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	95
PID 3608 wrote to memory of 3748	3608	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	95
PID 3748 wrote to memory of 4932	3748	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	96
PID 3748 wrote to memory of 4932	3748	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	96
PID 3748 wrote to memory of 4932	3748	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	96
PID 4932 wrote to memory of 4856	4932	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	97
PID 4932 wrote to memory of 4856	4932	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	97
PID 4932 wrote to memory of 4856	4932	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	97
PID 4856 wrote to memory of 4376	4856	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	98
PID 4856 wrote to memory of 4376	4856	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	98
PID 4856 wrote to memory of 4376	4856	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	98
PID 4376 wrote to memory of 2312	4376	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	99
PID 4376 wrote to memory of 2312	4376	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	99
PID 4376 wrote to memory of 2312	4376	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	99
PID 2312 wrote to memory of 2300	2312	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	100
PID 2312 wrote to memory of 2300	2312	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	100
PID 2312 wrote to memory of 2300	2312	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	100
PID 2300 wrote to memory of 1056	2300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	101
PID 2300 wrote to memory of 1056	2300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	101
PID 2300 wrote to memory of 1056	2300	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	101
PID 1056 wrote to memory of 2700	1056	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	103
PID 1056 wrote to memory of 2700	1056	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	103
PID 1056 wrote to memory of 2700	1056	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	103
PID 2700 wrote to memory of 2916	2700	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	104
PID 2700 wrote to memory of 2916	2700	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	104
PID 2700 wrote to memory of 2916	2700	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	104
PID 2916 wrote to memory of 1012	2916	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	105
PID 2916 wrote to memory of 1012	2916	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	105
PID 2916 wrote to memory of 1012	2916	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	105
PID 1012 wrote to memory of 3432	1012	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	106
PID 1012 wrote to memory of 3432	1012	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	106
PID 1012 wrote to memory of 3432	1012	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	106
PID 3432 wrote to memory of 708	3432	1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe	107

C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
"C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:736
- C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
    3⤵
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        6⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        7⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        9⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        11⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        12⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        14⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        15⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        17⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        18⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        21⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        22⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        23⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        24⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        26⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        30⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        32⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        33⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        34⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        35⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        36⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        37⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        38⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        39⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        40⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        41⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        42⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        43⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        44⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        45⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        46⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        47⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        48⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        49⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        50⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        51⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        52⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        53⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        54⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        55⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        56⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        57⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        58⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        59⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        61⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        62⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        63⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        64⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        65⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        66⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        67⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        68⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        69⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        70⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        71⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        72⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        73⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        74⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        78⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        79⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        80⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        81⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        82⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        83⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        85⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        86⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        87⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        88⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        89⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        90⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        91⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        92⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        94⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        95⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        96⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        97⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        98⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        99⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        102⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        103⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        104⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        105⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        106⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        107⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        108⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        110⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        111⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        112⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        115⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        116⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        117⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        118⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        119⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        120⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        121⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        122⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        123⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        124⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        125⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        126⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        127⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        128⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        129⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        130⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        131⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        132⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        134⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        135⤵
        Drops file in Program Files directory
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        136⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        137⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        138⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        139⤵
        Drops file in Program Files directory
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        140⤵
        Drops file in Program Files directory
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        141⤵
        Drops file in Program Files directory
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        142⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        143⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        144⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        145⤵
        Drops file in Program Files directory
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        146⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        149⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        150⤵
        Drops file in Program Files directory
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        151⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        152⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        153⤵
        Drops file in Program Files directory
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        154⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        155⤵
        Drops file in Program Files directory
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        156⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        157⤵
        Drops file in Program Files directory
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        158⤵
        Drops file in Program Files directory
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        159⤵
        Drops file in Program Files directory
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        160⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        161⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        162⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        163⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        164⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        165⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        166⤵
        Drops file in Program Files directory
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        167⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        168⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        169⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        170⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        171⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        172⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        173⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        174⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        175⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        176⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        177⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        178⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        179⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        180⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        181⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        182⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        183⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        185⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        186⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        187⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        188⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        189⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        190⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        191⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        192⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        195⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        196⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        197⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        198⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        199⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        200⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        201⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        202⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        203⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        204⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        205⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        206⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        207⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        208⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        209⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        210⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        211⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        212⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        213⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        214⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        215⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        216⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        217⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        218⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        220⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        221⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        222⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        223⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        224⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        225⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        226⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        227⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        228⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        229⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        230⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        231⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        232⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        233⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        234⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        235⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        236⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        237⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        238⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        239⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        240⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        241⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        242⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        243⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        244⤵
        System Location Discovery: System Language Discovery
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        245⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        246⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        247⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        248⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        249⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        250⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        251⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        252⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        253⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        254⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        255⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        256⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        257⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        258⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        259⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        260⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        261⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        262⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        263⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        264⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        265⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        266⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        267⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        268⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        269⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        270⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        271⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        272⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        273⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        274⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        275⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        276⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        277⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        278⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        279⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        280⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        281⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        282⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        283⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        284⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        285⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        286⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        287⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        288⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        289⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        290⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        291⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        292⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        293⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        294⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        295⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        296⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        297⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        298⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        299⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        300⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        301⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        302⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        303⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        304⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        305⤵
        System Location Discovery: System Language Discovery
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        306⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        307⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        308⤵
        System Location Discovery: System Language Discovery
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        309⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        310⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        311⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        312⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        313⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        314⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        315⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        316⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        317⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        318⤵
        System Location Discovery: System Language Discovery
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        319⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        320⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        321⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        322⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        323⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        324⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        325⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        326⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        327⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        328⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        329⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        330⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        331⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        332⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        333⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        334⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        335⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        336⤵
        System Location Discovery: System Language Discovery
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        337⤵
        System Location Discovery: System Language Discovery
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        338⤵
        Drops file in Program Files directory
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        339⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        340⤵
        Drops file in Program Files directory
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        341⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        342⤵
        Drops file in Program Files directory
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        343⤵
        Drops file in Program Files directory
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        344⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        345⤵
        Drops file in Program Files directory
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        346⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        347⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        348⤵
        Drops file in Program Files directory
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        349⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        350⤵
        Drops file in Program Files directory
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        351⤵
        Drops file in Program Files directory
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        352⤵
        Drops file in Program Files directory
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        353⤵
        Drops file in Program Files directory
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        354⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        355⤵
        Drops file in Program Files directory
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        356⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        357⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        358⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        359⤵
        Drops file in Program Files directory
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        360⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        361⤵
        Drops file in Program Files directory
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        362⤵
        Drops file in Program Files directory
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        363⤵
        Drops file in Program Files directory
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        364⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        365⤵
        Drops file in Program Files directory
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        366⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        367⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        368⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        369⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        370⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        371⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        372⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        373⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        374⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        375⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        376⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        377⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        378⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        379⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        380⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        381⤵
        System Location Discovery: System Language Discovery
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        382⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        383⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        384⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        385⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        386⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        387⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        388⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        389⤵
        System Location Discovery: System Language Discovery
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        390⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        391⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        392⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        393⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        394⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        395⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        396⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        397⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        398⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        399⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        400⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        401⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        402⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        403⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        404⤵
        System Location Discovery: System Language Discovery
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        405⤵
        System Location Discovery: System Language Discovery
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        406⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        407⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        408⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        409⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        410⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        411⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        412⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        413⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        414⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        415⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        416⤵
        System Location Discovery: System Language Discovery
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        417⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        418⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        419⤵
        System Location Discovery: System Language Discovery
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        420⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        421⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        422⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        423⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        424⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        425⤵
        System Location Discovery: System Language Discovery
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        426⤵
        System Location Discovery: System Language Discovery
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        427⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        428⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        429⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        430⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        431⤵
        System Location Discovery: System Language Discovery
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        432⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        433⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        434⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        435⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        436⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        437⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        438⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        439⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        440⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        441⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        442⤵
        System Location Discovery: System Language Discovery
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        443⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        444⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        445⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        446⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        447⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        448⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        449⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        450⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        451⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        452⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        453⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        454⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        455⤵
        System Location Discovery: System Language Discovery
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        456⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        457⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        458⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        459⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        460⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        461⤵
        System Location Discovery: System Language Discovery
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        462⤵
        System Location Discovery: System Language Discovery
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        463⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        464⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        465⤵
        System Location Discovery: System Language Discovery
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        466⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        467⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        468⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        469⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        470⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        471⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        472⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        473⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        474⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        475⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        476⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        477⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        478⤵
        System Location Discovery: System Language Discovery
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        479⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        480⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        481⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        482⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        483⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        484⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        485⤵
        System Location Discovery: System Language Discovery
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        486⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        487⤵
        System Location Discovery: System Language Discovery
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        488⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        489⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        490⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        491⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        492⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        493⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        494⤵
        System Location Discovery: System Language Discovery
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        495⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        496⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        497⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        498⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        499⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        500⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        501⤵
        System Location Discovery: System Language Discovery
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        502⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        503⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        504⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        505⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        506⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        507⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        508⤵
        System Location Discovery: System Language Discovery
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        509⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        510⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        511⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        512⤵
        System Location Discovery: System Language Discovery
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        513⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        514⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        515⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        516⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        517⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        518⤵
        System Location Discovery: System Language Discovery
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        519⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        520⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        521⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        522⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        523⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        524⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        525⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        526⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        527⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        528⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        529⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        530⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        531⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        532⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        533⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        534⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        535⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        536⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        537⤵
        System Location Discovery: System Language Discovery
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        538⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        539⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        540⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        541⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        542⤵
        System Location Discovery: System Language Discovery
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        543⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        544⤵
        System Location Discovery: System Language Discovery
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        545⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        546⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        547⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        548⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        549⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        550⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        551⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        552⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        553⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        554⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        555⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        556⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        557⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        558⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        559⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        560⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        561⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        562⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        563⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        564⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        565⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        566⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        567⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        568⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        569⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        570⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        571⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        572⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        573⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        574⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        575⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        576⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        577⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        578⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        579⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        580⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        581⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        582⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        583⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        584⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        585⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        586⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        587⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        588⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        589⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        590⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        591⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        592⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        593⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        594⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        595⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        596⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        597⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        598⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        599⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        600⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        601⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        602⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        603⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        604⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        605⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        606⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        607⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        608⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        609⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        610⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        611⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        612⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        613⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        614⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        615⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        616⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        617⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        618⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        619⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        620⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        621⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        622⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        623⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        624⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        625⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        626⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        627⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        628⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        629⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        630⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        631⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        632⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        633⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        634⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        635⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        636⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        637⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        638⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        639⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        640⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        641⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        642⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        643⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        644⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        645⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        646⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        647⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        648⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        649⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        650⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        651⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        652⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        653⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        654⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        655⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        656⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        657⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        658⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        659⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        660⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        661⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        662⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        663⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        664⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        665⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        666⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        667⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        668⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        669⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        670⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        671⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        672⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        673⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        674⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        675⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        676⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        677⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        678⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        679⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        680⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        681⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        682⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        683⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        684⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        685⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882N.exe"
        686⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12168 -s 388
        584⤵
        Program crash
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 428
        580⤵
        Program crash
        
        PID:15072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13084 -s 396
        544⤵
        Program crash
        
        PID:14196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14136 -s 432
        543⤵
        Program crash
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 396
        430⤵
        Program crash
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 384
        421⤵
        Program crash
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 384
        421⤵
        Program crash
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 436
        404⤵
        Program crash
        
        PID:15124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 436
        404⤵
        Program crash
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 436
        397⤵
        Program crash
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 476
        397⤵
        Program crash
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 440
        395⤵
        Program crash
        
        PID:15324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 392
        359⤵
        Program crash
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 468
        359⤵
        Program crash
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 192
        279⤵
        Program crash
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 368
        270⤵
        Program crash
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 432
        234⤵
        Program crash
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 432
        234⤵
        Program crash
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 432
        224⤵
        Program crash
        
        PID:14436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 448
        213⤵
        Program crash
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 444
        205⤵
        Program crash
        
        PID:432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 444
        203⤵
        Program crash
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 440
        146⤵
        Program crash
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 428
        146⤵
        Program crash
        
        PID:14064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 428
        141⤵
        Program crash
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 428
        141⤵
        Program crash
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 452
        140⤵
        Program crash
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 452
        140⤵
        Program crash
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 432
        7⤵
        Program crash
        
        PID:4816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 428
    3⤵
    - Program crash
    PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 9032 -ip 9032
1⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5688 -ip 5688
1⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5604 -ip 5604
1⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5588 -ip 5588
1⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5636 -ip 5636
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5524 -ip 5524
1⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 13932 -ip 13932
1⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5572 -ip 5572
1⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5636 -ip 5636
1⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5768 -ip 5768
1⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5976 -ip 5976
1⤵
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5784 -ip 5784
1⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5880 -ip 5880
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5524 -ip 5524
1⤵
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5768 -ip 5768
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5976 -ip 5976
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 13932 -ip 13932
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5784 -ip 5784
1⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5880 -ip 5880
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 9148 -ip 9148
1⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 9164 -ip 9164
1⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 9084 -ip 9084
1⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 8984 -ip 8984
1⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 9052 -ip 9052
1⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 736 -ip 736
1⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 9132 -ip 9132
1⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2300 -ip 2300
1⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4376 -ip 4376
1⤵
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 8932 -ip 8932
1⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 9148 -ip 9148
1⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5572 -ip 5572
1⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2916 -ip 2916
1⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 8984 -ip 8984
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3084 -ip 3084
1⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3608 -ip 3608
1⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4932 -ip 4932
1⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1012 -ip 1012
1⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4860 -ip 4860
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 9084 -ip 9084
1⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3432 -ip 3432
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9132 -ip 9132
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 9164 -ip 9164
1⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 8932 -ip 8932
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 9052 -ip 9052
1⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2916 -ip 2916
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4376 -ip 4376
1⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2300 -ip 2300
1⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 736 -ip 736
1⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4932 -ip 4932
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3084 -ip 3084
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3608 -ip 3608
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4860 -ip 4860
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1012 -ip 1012
1⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3432 -ip 3432
1⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5604 -ip 5604
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5688 -ip 5688
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5588 -ip 5588
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 9032 -ip 9032
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6504 -ip 6504
1⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6520 -ip 6520
1⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6552 -ip 6552
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6588 -ip 6588
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6536 -ip 6536
1⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6732 -ip 6732
1⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6620 -ip 6620
1⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6668 -ip 6668
1⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6572 -ip 6572
1⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6924 -ip 6924
1⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6636 -ip 6636
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6716 -ip 6716
1⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6552 -ip 6552
1⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6520 -ip 6520
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6536 -ip 6536
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6504 -ip 6504
1⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6828 -ip 6828
1⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4856 -ip 4856
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6588 -ip 6588
1⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6956 -ip 6956
1⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6620 -ip 6620
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6892 -ip 6892
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7004 -ip 7004
1⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6972 -ip 6972
1⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6988 -ip 6988
1⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6668 -ip 6668
1⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6732 -ip 6732
1⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6572 -ip 6572
1⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6924 -ip 6924
1⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6636 -ip 6636
1⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 14136 -ip 14136
1⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 13084 -ip 13084
1⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6716 -ip 6716
1⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4856 -ip 4856
1⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6828 -ip 6828
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6892 -ip 6892
1⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6956 -ip 6956
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6988 -ip 6988
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2312 -ip 2312
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6972 -ip 6972
1⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 13084 -ip 13084
1⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 14136 -ip 14136
1⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2312 -ip 2312
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 7004 -ip 7004
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1820 -ip 1820
1⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1300 -ip 1300
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3616 -ip 3616
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1300 -ip 1300
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3616 -ip 3616
1⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 9752 -ip 9752
1⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 9736 -ip 9736
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 10040 -ip 10040
1⤵
PID:14488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 9864 -ip 9864
1⤵
PID:14496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 9800 -ip 9800
1⤵
PID:14932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 10136 -ip 10136
1⤵
PID:14952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 10216 -ip 10216
1⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 9944 -ip 9944
1⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 10308 -ip 10308
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 9976 -ip 9976
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 10008 -ip 10008
1⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10232 -ip 10232
1⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10484 -ip 10484
1⤵
PID:15084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 10184 -ip 10184
1⤵
PID:15228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 10040 -ip 10040
1⤵
PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 9736 -ip 9736
1⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 8776 -ip 8776
1⤵
PID:15044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 10516 -ip 10516
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 9768 -ip 9768
1⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10500 -ip 10500
1⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 10468 -ip 10468
1⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 9720 -ip 9720
1⤵
PID:14364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 10356 -ip 10356
1⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 9896 -ip 9896
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 10232 -ip 10232
1⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 10216 -ip 10216
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1524 -ip 1524
1⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10308 -ip 10308
1⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8856 -ip 8856
1⤵
PID:15228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2412 -ip 2412
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 10200 -ip 10200
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4644 -ip 4644
1⤵
PID:15240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 9800 -ip 9800
1⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 10184 -ip 10184
1⤵
PID:14972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3052 -ip 3052
1⤵
PID:14980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 10484 -ip 10484
1⤵
PID:15148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 9944 -ip 9944
1⤵
PID:15152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 400 -ip 400
1⤵
PID:15160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 8888 -ip 8888
1⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2744 -ip 2744
1⤵
PID:14492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4788 -ip 4788
1⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 10008 -ip 10008
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1572 -ip 1572
1⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2116 -ip 2116
1⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 8712 -ip 8712
1⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10436 -ip 10436
1⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 9896 -ip 9896
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 10500 -ip 10500
1⤵
PID:14444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10516 -ip 10516
1⤵
PID:14948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9976 -ip 9976
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1524 -ip 1524
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4348 -ip 4348
1⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 9720 -ip 9720
1⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 10468 -ip 10468
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 8776 -ip 8776
1⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 13384 -ip 13384
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 10356 -ip 10356
1⤵
PID:15008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 8856 -ip 8856
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 9768 -ip 9768
1⤵
PID:15172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 10200 -ip 10200
1⤵
PID:14952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4644 -ip 4644
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2412 -ip 2412
1⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3052 -ip 3052
1⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 8888 -ip 8888
1⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 400 -ip 400
1⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2116 -ip 2116
1⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2744 -ip 2744
1⤵
PID:14488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 10436 -ip 10436
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 8712 -ip 8712
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4788 -ip 4788
1⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1572 -ip 1572
1⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4348 -ip 4348
1⤵
PID:14364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1820 -ip 1820
1⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 13384 -ip 13384
1⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 10136 -ip 10136
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 9752 -ip 9752
1⤵
PID:15272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6844 -ip 6844
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 9864 -ip 9864
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7552 -ip 7552
1⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7568 -ip 7568
1⤵
PID:14720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4804 -ip 4804
1⤵
PID:14928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7584 -ip 7584
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7616 -ip 7616
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7600 -ip 7600
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7632 -ip 7632
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 7568 -ip 7568
1⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7680 -ip 7680
1⤵
PID:15040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7552 -ip 7552
1⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7648 -ip 7648
1⤵
PID:14368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7728 -ip 7728
1⤵
PID:15252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5944 -ip 5944
1⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7696 -ip 7696
1⤵
PID:13368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7712 -ip 7712
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 9348 -ip 9348
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7776 -ip 7776
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 13456 -ip 13456
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7808 -ip 7808
1⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7760 -ip 7760
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 7744 -ip 7744
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7792 -ip 7792
1⤵
PID:14872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7664 -ip 7664
1⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5832 -ip 5832
1⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4276 -ip 4276
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7856 -ip 7856
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7872 -ip 7872
1⤵
PID:13832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 7840 -ip 7840
1⤵
PID:14460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7824 -ip 7824
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7696 -ip 7696
1⤵
PID:14976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7584 -ip 7584
1⤵
PID:14100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7956 -ip 7956
1⤵
PID:14348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 13512 -ip 13512
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 12652 -ip 12652
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 12168 -ip 12168
1⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7924 -ip 7924
1⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7908 -ip 7908
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7972 -ip 7972
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7940 -ip 7940
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7892 -ip 7892
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 12560 -ip 12560
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 8004 -ip 8004
1⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7616 -ip 7616
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4804 -ip 4804
1⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 12368 -ip 12368
1⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 8020 -ip 8020
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 13540 -ip 13540
1⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 7600 -ip 7600
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 8052 -ip 8052
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 8036 -ip 8036
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 7680 -ip 7680
1⤵
PID:14484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7632 -ip 7632
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 7648 -ip 7648
1⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 9348 -ip 9348
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7712 -ip 7712
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5944 -ip 5944
1⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7776 -ip 7776
1⤵
PID:15188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 13964 -ip 13964
1⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 13456 -ip 13456
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7808 -ip 7808
1⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7988 -ip 7988
1⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 12744 -ip 12744
1⤵
PID:14852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 14044 -ip 14044
1⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 8068 -ip 8068
1⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 13256 -ip 13256
1⤵
PID:14892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 13416 -ip 13416
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5720 -ip 5720
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 12164 -ip 12164
1⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 12960 -ip 12960
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7792 -ip 7792
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7760 -ip 7760
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 7664 -ip 7664
1⤵
PID:14556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 13056 -ip 13056
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7744 -ip 7744
1⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 5832 -ip 5832
1⤵
PID:14568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4276 -ip 4276
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7856 -ip 7856
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6844 -ip 6844
1⤵
PID:14400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7872 -ip 7872
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7840 -ip 7840
1⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 12652 -ip 12652
1⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 7956 -ip 7956
1⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 12168 -ip 12168
1⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 7824 -ip 7824
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 13512 -ip 13512
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 7924 -ip 7924
1⤵
PID:15292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7908 -ip 7908
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7972 -ip 7972
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7940 -ip 7940
1⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 8004 -ip 8004
1⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 12560 -ip 12560
1⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7892 -ip 7892
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 13540 -ip 13540
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 8020 -ip 8020
1⤵
PID:14604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 12368 -ip 12368
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 8052 -ip 8052
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 8036 -ip 8036
1⤵
PID:14508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6684 -ip 6684
1⤵
PID:15172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 13964 -ip 13964
1⤵
PID:184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7988 -ip 7988
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 14044 -ip 14044
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 12744 -ip 12744
1⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8068 -ip 8068
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 13256 -ip 13256
1⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 13416 -ip 13416
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 12960 -ip 12960
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5720 -ip 5720
1⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 12164 -ip 12164
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 13056 -ip 13056
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 10276 -ip 10276
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5064 -ip 5064
1⤵
PID:14680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2700 -ip 2700
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6684 -ip 6684
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 11392 -ip 11392
1⤵
PID:15244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 11408 -ip 11408
1⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 11424 -ip 11424
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 11440 -ip 11440
1⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 11456 -ip 11456
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 11472 -ip 11472
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 11488 -ip 11488
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 11520 -ip 11520
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 11600 -ip 11600
1⤵
PID:14704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7728 -ip 7728
1⤵
PID:7600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RCXC2F4.tmp

Filesize
2.7MB

MD5
d776c4d8afe7d9741cd9c64ee968164c

SHA1
e0f3e353f023f93c017222e6cc5f0174eff971c7

SHA256
787664423af8c84fca80b9b841831852133186ba837cdbbefdf99a797ea2a253

SHA512
632c979cba230f8462ac9a4cbc99af54dd018ed5406df246206f38f6b9e3c6de58eb997405253d77381246b807163c8a9a6034b0c96803077208e8fedadcd649

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXC325.tmp

Filesize
2.7MB

MD5
7820e83c1acd3f631f9bb32b06f28330

SHA1
4cf618997feecd433d00b6f81bd3fe650658cc75

SHA256
af85bbddcabb877dc5852d42e2292fe8b7ec8fbb01a7f047ca7f1d27aba1da10

SHA512
9b0450fbe1925151ceb068cb4ea3dac0e7ed499d9935ca4f80a7569c88d5be7be5f15f6d7609945ea826a01d4a1e33d7b5f066ac885f241988bc434ec23f85c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXC356.tmp

Filesize
2.7MB

MD5
f58b8b92cac949f3b120d0ce949c8470

SHA1
bad6b4371a94bb3f5023128361a37d89fc5a3c51

SHA256
a7627351f8433a30132fbb48123c9a54a8a9380487a3045b201b09b0d7e11281

SHA512
0f7500cbfeb1fcd9fe4fbd9d3f641cdc1d9ac0fecf69da7d273887afbbe1db7213ffbee99d69f364ee280f83d449a60c2f02126ce188aae7ac4f7fef957e26db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXC791.tmp

Filesize
2.8MB

MD5
8dafe35e134ab05c27e1e59db02ff35c

SHA1
225f64556caa09ed6a06caee4a1a115bb55b80d4

SHA256
9524ff26a50b9e45795c78b3e1ea8e3ded655488c5264997038d8348f22ebc17

SHA512
c08c9f0a2fb9aa1afb8c3719b9623fd1a42ba9b483fb24d4ea9090bca6f278783ee5c12e60dca1deb671888af468494a561b1ef4a50e96ceeeb22bd404779e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXD4B.tmp

Filesize
2.7MB

MD5
9a0fefc3e2efe5a25ba4d1cae5c48d35

SHA1
a93c62277799f100dbbdd328dcda3173cefbe645

SHA256
cab147cb07178b5258387011ffb9624ad7f41c2fb462f98f892c9ef34ccbefb9

SHA512
17ba787b8f18500c423b4bb374fc6916ffcbf76bc60714c5dde2c627099ca9ca3e6d262ee2729348bb85cfc141fab44fc2b2a78f54ac36959e9c732e2b244cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXE16A.tmp

Filesize
318KB

MD5
c205406b80fb84bc5e9ad132e8835eac

SHA1
d8a5a7ad33b3c7b85e45bf270c803877163cae7f

SHA256
d13e540bdc1dd3853b8215b2e67f15db63d8cc7a4d3771a6a820500d9f45780c

SHA512
27ec7296312b6ad0523e186d52ce541e18f127a5eb96048fa3add6d5115bd53beb1915b0646edc21b2b89190324e01e0b748e8f1592e20e12041f5dba4bc3499

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXE17B.tmp

Filesize
1.2MB

MD5
4c773c400934ba3a623d74a9a03c7081

SHA1
508a61585687bab7eed5848ca6eb78a371799d82

SHA256
61bf0695765e18125f1b6b21c155ee7308e45101fcb2e1e2a2381e18fbbdc988

SHA512
bbbe0e57382d7f0a05d503f7ac5597cc0bd1da7eae2a68ac351990fe6486c52487a0a7b45117ecf2c30444c6e1f1e87208c124a5a65a7e16570e4fbb9c6be2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcC1E8.tmp

Filesize
2.7MB

MD5
d59e9bb6f95ae207a53f23ed26248580

SHA1
00fe8a9e553df61b5ed54eb2408bc846bd739513

SHA256
1ddae5bd8f7055944ff867a5d6f0057d620d520e8e317b8cb802ff49822f1882

SHA512
db02a5393629dde88ff6848a848f0160b13b9dd7b2c5dc580a1d3474cffd0243d263b7a8558a42212791e2d4c3a2ca6a0da911d91742e6a82fb891d47f275296

Download Submit
memory/216-34-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/232-28-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/616-1435-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/624-1251-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/708-26-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/736-4-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1012-24-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1056-21-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1072-1252-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1268-35-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1300-8-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1336-1265-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1508-1249-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1516-11-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1596-1266-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1668-1433-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1820-9-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1916-1247-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1928-1264-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/1936-1257-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2224-1253-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2232-1254-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2300-20-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2312-19-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2648-1245-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2660-1258-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2700-22-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2748-1430-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2908-13-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2916-23-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2936-29-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/2992-1246-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3000-1103-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3060-10-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3084-12-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3108-1434-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3116-1431-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3264-31-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3432-25-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3464-30-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3608-14-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3616-7-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3748-15-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3920-1250-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/3968-1255-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4104-32-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4192-1432-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4204-1248-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4376-18-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4472-6-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4612-1105-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4856-17-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4860-27-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4932-16-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4980-1104-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/4996-33-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download
memory/5064-5-0x0000000000400000-0x00000000006C3000-memory.dmp

Filesize
2.8MB

Download